last executing test programs:

10.124809391s ago: executing program 3 (id=965):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x80800)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd28940000000000000109022400010000000009040100010300000009210000000122070009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000001400)={0x2c, &(0x7f0000000480)=ANY=[@ANYBLOB="400707000000070b7ccbdabe205f4edfa2a8720680e27b"], 0x0, 0x0, 0x0, 0x0}, 0x0)
write$vga_arbiter(0xffffffffffffffff, 0x0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095000000000000002d55715f11e961d1fde85cda4c8aae3a0c64e30cd8655910b3eb2d1451a6bf4b04dc0af703f4c87963ba1424815f140290fb3f659193ae297fdcd50b6dc8d41d9568a55e58cc6514e272e53a081168e74d7189f0e655f66e08f0e108968d80ea3cac636aa60bea16f5e27d5761f66d99ca89ad8cf4e13a2013988c4222d7cf1ff8682043d3d6f16b20de6f1ea6691dcee8e86fa2109aa7898fe15f2c973463c482db5da9926d158ee55592221796e273ccf22a74e8dd3674739087015098b80e9842e82aa484b0047773b358f02338ba5950707984fb201d101bfd1f78b0ea4f397c22d94b5a34491cf3f671af9dacdf409cc1f8d960358d99d506f9b3f52ce15d0cf72083819b4a3a6dfe62b510150dfe25ef1caf21e26954118b0c2dea8b744bed8de035a056fa2d0f7370b9df062c204e070015c5c544f5c74625ea73c563000000c1fcb5a25271"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x44)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2600, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0003c0eb420c0000000c034d82c77c862ed0"], 0x0, 0x0, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
openat$nvram(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000300), 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r4, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)
pipe(0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
close(r3)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000800)={r6, 0x0, 0xb, 0x0, &(0x7f0000000380)="61df7106000000f044a7a9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x50)

9.552475054s ago: executing program 1 (id=966):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f00000001c0)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000000)={r3, 0x800}, 0x8)
fcntl$setlease(r0, 0x400, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', 0x180)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32], 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xe4}}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x2)

8.947051658s ago: executing program 1 (id=968):
socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x400000000000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c", 0x68, 0xfffffffffffffffe)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/28, 0x1c}], 0x1}}], 0x90}, 0x0)

7.987943655s ago: executing program 1 (id=971):
syz_usb_connect(0x3, 0x3d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x72, 0x91, 0x58, 0x8, 0x1163, 0x200, 0xb892, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x2, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xa9, 0x0, 0x2, 0x20, 0xe2, 0xc7, 0x0, [], [{{0x9, 0x5, 0x80, 0x10, 0x3ff, 0x7f, 0x79, 0x2}}, {{0x9, 0x5, 0xe, 0x3, 0x20, 0x9, 0x80, 0x9b, [@generic={0x7, 0x5, "ab0b78eb81"}]}}]}}]}}]}}, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x46, 0x141181)
ioctl$I2C_FUNCS(r0, 0x705, &(0x7f00000000c0)=0xfe3a)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='memory.swap.events\x00', 0x275a, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x27, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x60)

7.688588705s ago: executing program 4 (id=973):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000380), 0xffffffffffffffff)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), 0xffffffffffffffff)
syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x80, 0x0, 0x40000333}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f0000005f40)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_RENAMEAT={0x23, 0x40, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', &(0x7f00000004c0)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ff8000/0x6000)=nil, 0x6000, 0x2, 0x100010, 0xffffffffffffffff, 0x10000000)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000280)=@IORING_OP_WRITE={0x17, 0x1, 0x0, @fd=r0, 0x10, &(0x7f0000000180)="314baa7f2836772ed2c1dea2d0e446756e6ccbd4115edf7716b99e4386c4aee841223e14362f656916bd549344b4dff750c5a9939ec7d6a770b2da7fb5edb6dcf16fedb901406c339ab06f9373e1e016cd8ebe21216019c07c3cbcba22e804749664cfee0153130f4361edc454ea11384b1d419945341669d167730ddac7c1f96771c2e21327a148ee0e7f49fe46746696fadd28120bd1d64dc32fc443d4c8b4fa7038f41d532167a1857380ea8e8bef9f64cdac64f6ef5a4a12eb6fce64110c641117421364c7ed2fdcf016e18dd74406bdf13eca4e36c588c6cd0f86491301824382352f4fe133d344662df285", 0xee, 0x2b, 0x1, {0x0, r4}})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan0\x00'})
sendto$netrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={{0x6, @rose}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null]}, 0x48)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
close(r5)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r7, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2, 0x0, 0x0, 0x3}}, 0x2e)
r8 = socket$inet6(0xa, 0x40000080806, 0x0)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r9, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2, 0xfffffffc}, 0x5, 0xfffffffc, &(0x7f0000000040)={{0x0, 0x2, 0x80, 0xfffffffe}}, 0x0, 0x0, 0x1}})
connect$netrom(r0, &(0x7f0000000440)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x8}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
bind$inet6(r8, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback, 0xfffffffc}, 0x1c)
listen(r8, 0x20000005)
r10 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r10, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @empty}, 0x1c)
r11 = accept4(r8, 0x0, 0x0, 0x800)
setsockopt$SO_BINDTODEVICE(r11, 0x1, 0x19, &(0x7f0000000000)='netpci0\x00', 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, 0x0)

6.997261438s ago: executing program 4 (id=975):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="c3"}, @crypto_settings=[@NL80211_ATTR_SAE_PASSWORD={0x4}]]}, 0x28}}, 0x48010)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e40)=ANY=[@ANYBLOB=',\x00\x00\x00*\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\b'], 0x2c}}, 0x0)
syz_usb_connect(0x6, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb10000000010200090502"], 0x0)

6.895042464s ago: executing program 0 (id=976):
r0 = syz_clone(0x0, 0x0, 0xfffffffffffffe7b, 0x0, 0x0, 0x0)
ptrace(0x4206, r0)
ptrace(0x8, r0)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ptrace(0x4207, r0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x7040, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, 0x0, 0x0)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0)
getsockname$netlink(r3, &(0x7f0000000180), &(0x7f0000000240)=0xc)
ioctl$SIOCGETMIFCNT_IN6(r1, 0x89e0, &(0x7f00000000c0)={0x1})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="01f8ffff00"})
ioctl$FBIOGET_CON2FBMAP(r6, 0x460f, &(0x7f0000000080)={0x21, 0x1})
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507005c", @ANYRES32, @ANYBLOB="0000000000000000280012000c0001"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x40)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00d9d16070e8cb3cbe71fe54b225c268049f8dc7b8b4298626f42b"])
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_access\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000004340)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r8, &(0x7f0000000200)={0x10, 0xffffffffffffffda, r9}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000005140)=@newchain={0x24, 0x64, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0x0, 0x9}}}, 0x24}}, 0x20040001)

6.652539252s ago: executing program 3 (id=977):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x23, &(0x7f0000000340)={0x0, 0x5}, 0x8)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
r8 = syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f00000008c0))
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={<r9=>0x0, 0x7}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f0000000080)={r9, @in={{0x2, 0x4e22, @private=0xa010100}}}, 0x84)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r10, 0x0, 0x42}, 0x18)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x22000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r11 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r11, 0x40045402, &(0x7f0000000040)=0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r11, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r11, 0x40505412, &(0x7f0000000140)={0x0, 0x3, 0x3ff})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x48, &(0x7f0000000440)=[@in6={0xa, 0x4e24, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}, @in6={0xa, 0x4e24, 0x5, @local}, @in={0x2, 0x4e22, @remote}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r12=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000001240)={r12, 0x6}, &(0x7f0000001280)=0x8)
getsockopt$inet_sctp_SCTP_CONTEXT(r8, 0x84, 0x11, &(0x7f0000000200)={r12, 0x10001}, &(0x7f0000000240)=0x8)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r11, 0x40505412, &(0x7f0000000080)={0x0, 0x5, 0x400})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)={0x48, r1, 0x4, 0x0, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x2c, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "403a050c5baee2004ef2b6d713459a7a"}, @NL802154_KEY_ATTR_ID={0xc, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}]}]}, 0x48}}, 0x0)

6.348879009s ago: executing program 4 (id=978):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=@updpolicy={0xc4, 0x19, 0x1, 0x300, 0x0, {{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x2}}]}, 0xc4}}, 0x0)

6.337903148s ago: executing program 4 (id=979):
r0 = syz_open_dev$radio(&(0x7f0000000100), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, &(0x7f0000000200)={0x668dbf8f3193f0fc, 0x0, {0x1, 0x2, 0x3014, 0x7, 0x8, 0x7, 0x0, 0x2}})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
syz_open_dev$video4linux(0x0, 0x200000000000, 0x80000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x0)
sendmsg$nl_route_sched_retired(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0)
recvmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}, 0xffff51c4}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000300)=""/222, 0xde}], 0x1}}], 0x2, 0x22, 0x0)
socket$inet(0x2, 0x3, 0x2)
syz_emit_ethernet(0x10c, &(0x7f0000000840)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa04810c44000800410600fa00650000e2219078e0000001e000000186190000000100045453000f1ac9a197ddc64a2d15abca12834411e0a4b39b80694dbb2b0f91de2755a9940443d700004e214e20046190780486270166074ffb5c7f571059ca7883051e24eab09c0b54eb9e77c76e6441600dc0350aaca1b897ef15889d3560c3db030d5b84dc9ab0fadaad4ac19742cb962d33d4547ffceef1a38a2af1b115ddb5bab0ed199e493240704c6456fdef702fe3319bd1a310d5ede24cae4cf373cdfc7be81916df64e878a46ad47e6c35e31a9f35210d9e8fbc74191ded7ac2849f5714043a650736e3c00e8427356154d5450f"], 0x0)
syz_emit_ethernet(0x1c, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000100)={@empty}, 0x14)
syz_emit_ethernet(0x4e, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0186dd602abe0000181100fe8000000000002284e8398c386a4c230000000000000000000000000000000000004e1d0018907804000000c0ff0000070000000000ddffc17c3a6bd3eaa024fd6c766db63876d36f3d39382232197bd79d30ea179d72b16da4dc0e1d7264fcbd665d69a6ead916908e61d2dd3a9d1a937901f37b9f9bebb27538c90572655567cf755546060d4ef2a411c61be1e50fd287500510420b54fef0d509860d480593843025da46628c8b6943a4fb1af03c4092e20f6ae87f77049a9c7570aacfebca39e8610f83cf7bc3ff01fcdb22440ce8413614fe1ff09074807663b98342aad78f6a494edcc9c5fca3b9398f157fec23b15dc1813d45fc8d38a51d12b508a0323cf8003b42975efb0661ca012e39237c5d0f38ac6e094640c534013fa63c68328e"], 0x0)

5.985573153s ago: executing program 0 (id=980):
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_pedit={0x30, 0x16, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x805}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000640)=""/4096, 0x1000, 0x2000, &(0x7f0000000380)=@generic={0x11, "d71d9c1bf36be386b8195be2f96732daece168ab8c4756fcaaaaa57ab4d9fa9c5e136c872457faea878081b25c7ac9863e328325d3608f7b92b91789fb2322981d60e78ecebc51a8a848ac66a135cbf9adb555f5fff1d2552ce4b120288f1c606bebc17e3b75c547a1c41ac89d1be3f0e179d586d665ef8397dfdbdaa865"}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$pvfs2(&(0x7f00000001c0), 0x0, &(0x7f0000000300), 0x20, &(0x7f0000000340)={[{'#$'}, {'rng\x00'}, {'\x00'}, {'#'}, {'/dev/vim2m\x00'}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@smackfsfloor}]})
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0)
ioctl$RTC_IRQP_READ(r2, 0x8008700b, &(0x7f0000000180))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbef3, 0x8031, 0xffffffffffffffff, 0x0)

5.51095312s ago: executing program 3 (id=981):
socket(0x10, 0x3, 0x0)
r0 = syz_open_dev$sndctrl(0x0, 0x2, 0x80800)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x639)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000400)=""/147, 0x93}], 0x1)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"e58b0f5f9483b6623103130250df2c17", 0x0, 0x0, {0xfffffffffffffffa, 0xf}, {0x2, 0x9}, 0xf, [0x3ff, 0x5, 0x0, 0x7, 0xc15, 0x7, 0xdca, 0x7470, 0xc8df, 0x5, 0x2, 0x40, 0x8e, 0xff, 0x5, 0x4]})
ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f0000000100)=r4, 0x4)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={0x0})
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

5.110781764s ago: executing program 1 (id=982):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x101005)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000040)="aa1d484e240003000000f7c08b0e278ad10ab08ba900b9389657ec55e44478b9bedc926c0ddc2d276d720984d211fb", 0x2f}], 0x1)

4.916554692s ago: executing program 2 (id=983):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
newfstatat(0xffffffffffffff9c, &(0x7f00000005c0)='./file1/file3\x00', &(0x7f0000000100), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYRES64=r0], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110)
r2 = socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, 0x0, 0x0)
landlock_restrict_self(r4, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="6d2c1ee2959b1bb47ff93282c9c5f6ad901b", @ANYRES32=0x0, @ANYBLOB="0800010002000000"], 0x20}}, 0x24008002)
r5 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r5, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r6 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r3, &(0x7f0000000700)=@abs={0x0, 0x0, 0x4e21}, 0x27)
sendmmsg(r6, &(0x7f0000000300)=[{{&(0x7f00000004c0)=@llc={0x1a, 0x305, 0x0, 0x0, 0x7, 0x0, @multicast}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000540)="cd674a2153705ed89e19a79d48b62166cb10443dab5f1d66fc2f4e1d6d7280d29527a1ab6d2c845e38e82b93c02cb958d028bff7b7aefff011542c4d220fb59fb9032bc82fd30b20918fbf3d2d81d8658966e86c3914d824eaced5cd79870563031b4c6c75b3817c", 0x68}, {0x0}, {&(0x7f0000000a80)="7bda06330045fab061d887adaf8557ba4c5c875fe6412f2b756b388711252a0b575756d40002d795fc8be0e20b7254f666e4ac9e707a3a872dbccad8fc0e2165177faeecc8d0133bcb07e16a565986a086f277e998b646ba8d011446fc2afb6b7bbb784709714489d0ce8991874a32de25009503296c855e474e8820398046b9037a0763102567a30914fbd0002fe96278ff1af21be22d35e6195870671ca70be4e47532f6cde111c1615e62ea453fdb4850e96e694c1ce7f70f83c3e6e8c7656575bbad9410ddc799c9938323a5e51f881aa5a933ab8f3b573dc7d73e26c2bddcad041f03923ec3e271e386618c1590a10b37d9ccff6e49d1454880dadbc5ae83bc27be53736690763063db4ff1179f0dcefc89882f752611b568acce3ff2b96453ce3fc7b4a87a4dc9db965fb03ed1a99f0e783bcc131bd3a7ebfd4908a2a214d4572c7006a1db339be84e3735f74cf8d7ab684499f9d23382b6e15a68adb2eda9012d8951b97282bcd520668db9baa8a93d50ac93d72df60ae262b5711808ab9e889a672c87d2cabd020a9da4a7126c9d06bbfbc70a125846910c19e17d8d8bad2cd39c7324eef33d73671d7f85f93b92008154597977933460315637e7079fdee3e46e01b13de5f91c562c8b89c862561d8f211c7faefd16f7a66635b04faa4f63404c305a2c0403b790b5a74bc9848d515f8e4df3f814b97d129104be32acbf353f9fd37342bfd130b77c9a121f61e9616a591c258a6b3cb7f62895028e94c704f460caf4dcde7df4d1d5fa93917964f0e59dc4bad9d93f910ab677c3df12c21e82641e3a4ca64ec0eed6937813658e6baf1dadf54eec663dba2893bf7227ff0bacad3f4a5aaaba306566b222fa0f7508e86eb97d2eddbb44e64591991012ff7d3d538328d4b9d6eceed409687fec583cf815a1b4b58e9495fe19be09bf921b89ce8c0e02d6193ab1e865a08103800396c589e32eb1ef08836f9219eb00b5b3d90af399e34a451cc5e77b89150c0834e20c51f45ff98c6d1a56d772458c4369ba2eb489bf89c2f8e6f7d55098284ec4427f23796541455c741fac5db32fadfac0482d6f5fb55a721c6758d0e00783962e9f8bbbba6a514294179f440077951d97f67b37e4bf53ffc0da9c0db58aa83971389ff0054c19a55432f897b8703e7d83f377dc889c4abcc5f396cb0865ea4a9ceb82d3680b91efce9ac99b41fccf8c4dbf22833e6c7f50428dab3f32cd41238894db22665b0f1266ffa5596b864ddeb4cf9c1734cbf8b952a497836242b02077b90a669efb7ba4d336f777ab7d534484adffb67de75077e3cc34100b02973d83cd6885e13558cf1b0c5113526eac823020164355b16ec529eafd4bd394aaf204869dcbc6d954277f7b599491c1ab90cf4939d8c729b68e77b8fa7f85b1294925b6f5bf9b17cf540500d852de23d57b98def34867597eb8c4929f3157eec2ae7c14a2a6e6f2e9baa4729e40d87fe5667a9da03df99f646e99c0a3290c62ceb2acb812fbe5e1d54aa626104c5c5fd90c7abd69fa1c094fd1350ada43613dfe90dd11416bd49c55c7ce57f755feb5251f8a3cbef51528dcc2a64b34dbbba3e631f7a6db480eaaa836476a23adcec7954617e85ed0fe44d803e43cfa39ebe5ea3dc3529457f00d0a8ac3081b5b627505cfa3dcd844b3454a3c92a9c96f8a110bbff3a25af404694d8e310b5ff3833201a3ea300db2df8bef893582be730d62e4b46a9fda9472336cb2ac6e7c975ce693282f5709c69f7fb041165484c2147e19e789e4eaed8e56be4c8d9076033e18ccb218b1c4f895b552803d6ba05a565e276c4021c221fa5762022856ab8a320ca19cb86fad86f02b0fafa220fcb44ce0b3c773cb91ff37850d7fc47033e8b54fcc89e16141d184a8dabb427b77a875ab231b8b9e36cf3b6166c4f1e2688d730f37bed90a81a0202f0e712f2727d85c814b53be15f77860676a71da4690345350c07d2772ddc00762aa6811e377d8387601067fb7d8641c18ea2d36dcd4b2a92a636e313b2e1cf33bc9d07d5ad423c04dc0a1ba25af404f443419d65c450b6c5a9d587e1626986083ba901bdd4b92c0c4558937c552730def9e5689dbdb29fa5b40988407b60e5f6aecbe5743f2ded90d060be13abea8c11b2483770dcb303f68c39e95889a67d5decda119c1a18205d5554f808036a52dee856d8c8e7ef2c903e0578d576418d2681c8bed26a27f1edcfea622553a746044538e2bfbb48e76f8708211aca45929ed148437bfefb99adf99f13fd620dde954fce0bb1bce55cc4a26bbfa7ee79e28ba1a2a569013bf7b35bdb3d37cb167930aeab2e4ce67005742e8c5f15f53f117c4d504317d6f9c9721036d36396dc3a1dcac508f2230d33811837bc3e8b1f56e6ce92038102035efa7ba407f73a603b84802982775afd3d8e56c4ade781ac4682c07da640b3800ae528b95ff5a5f344309ba01fa3f8b1959550b6d72969551b8e6f283938314c60fe59904ea195fa71b6af4b0c7729e5554dedcaae7b97e71ed0c57b72d417d56414b27b641ef7c9fd1236cffad79b524b407793f808e3216311d77bbef4b028c55adb84bf767ecd64b3f1bc8fa69bdff65b2042efd2c1bd9f4108569e2b0bec90c90dff967fb9a32afe83aa115aec22ed16792b1a304ceb5933bd5394b5b7525b3f3b767ddbca0e1f58bbc4281021a45cb1dd175238002a293a3ba8cd2e083b4e00b0a5b91835e8a7724449974656625ec63abe4ce770af26b7c98efcb06caa57f5c2d0e1afab8ed56d431da02a09d94442766944b0014c632c7ba32bf4f4d0c5523392b60d6f17a2cd39de120f5408b516fcfb307dd1a6696ed71cce57118c3905a5c8a254bfab269a31328606736bdf07253cb3f183552e2e53b720a9c965ea2148097cf97faceb622252d13724ce9b0dfa3a5cd6788dd238cb388ddf80b75e90a91b005d3013f05d0740196cb74fde895453c53ae764c4138fe720bec48960c6cbde568bcd4ddf41893fd77aee0fd32cf2f748101636f117d8a5363b730c80427b71231d9aafca318a962c8ca4e3e28944b44bf42d4734a1216aa6824813922c9c3f4ca5df562e7e732e588876ef9ac518e1b0736dc88788ba97b59641e01048554eabbee55f446685c530a9a5b97f0a618288d0198e0a771ff876a165f18c901db3910fd68a7d11c7a9e00264fa54e3de92a8ab4c7093f01d7cf5e9091d7ad55dc05ec75a0bc43433d00ee154550d513d61f73d741691e53c34c38809d2665abb3d33ee51bee9be57d63e7ba706e440f5e5e10ea5c63fbbdfc8a394c73fb3b3c74a3ff2c9ccbe6dd8dadc7681264cbf57704479a24ba26f7530784aa9284e281993055b25592b636e9c6e5aa419c75e916a59fe72ec2e94ccfc13ef404224859867064fea035937d7c37cc18dce4cf7d6737a164f0dc1a1bd398adca56a4ece0e043acab1920b366da10132523e7eb26f7c120e637e9726d51159546517b898c4bf517a2698b70b22cbf2a1b92f0689636f7ef8aa4e8301ca2a8af80bf0f8ba70df5e42ee28e6c64b3818a855c2b359b77feb9129ffb4b8ba94d7f83da30b159987baee93e3e2e849b4c34c5b57e3a5839ab7df7670b38db320906b9bac5ac0222f01a2bc4983e4f2dc6ecd514e24dcb40ffd452ac4eb655173db235c6c5927d3abf3401658837999f1d7f79d7c56a0aef7c801a9332b857aa731fe02ba2bf27809d4f424d8e5e3920b36fba6883f6364cd9488b053877f2a8f3627b09e3b0f680e63c99b6e4e40e79e3348addb502ecff53d8ecdcc3c146065930d78ec5ef612e6c0aa3a4f5ac8e1c696422c73f39311d34f122f75a58b1d8e6fd5bbc3053a90c607df5c32c01066ac8c37644834ab900cdf77a117a08fa068f775be4971720a968d19a874801d97e6a72febfe8a3d7eccd38b9a12ca0820e1ca50cbf7ef4f98f425cae7586e27d7031d5ed7d87813f74a0b18a72b7c9d800f4b053c6b9038f43f59ad3ecae73952f3da36250aa6bc42aaff2b20c6c093dd798dd4ceedee4290450fc3cfa7d6b31f3186402da15027ca8c573fc0ba58a0e69fdad1150851a4710dcf120d6d776f6589888653000b59547f37491ab6ce1218659340ce1cd2faa0a8bbf647aa01df55590add3ea4df20f5491d199fdb2a2e199b32fa78619f17690ff8074b8c2a14ff4cdc2423c5aba666575072f5dcaedff96a114f6a6aac0d36273e746b4ae904277be913ef832196a4eac47acb7ad78d1c7a9bcc7988cddd12965cb98b0a5f88531d2a85340b4147f574accc276a164d4712b34c9a2abc8841a987851da54937a932242c9f3aba5ecbaaf289498e7f33392057726690713cc358c421a15e26af6982a1043432e503a87337f3fbb1cca153ddfbd6371dc5279ba0fddd44078d0bcbe621e397824795b28be639c384509147e729c3f328b6e9bf756afb23a3929255b9ec3628f8bdd54f38ed3592c0fb2a8ff5f51432add03d786611f3929e9bc0fe8732f49ee2e986fa9dede6bb330f5353208c574987dcb2dce89923721344b41fe182c076cf023e1f3101a14a6711a4bc214adede4fc823b04b4b755bebb040db3055c7c799de10dacaaffec7e2ca03935da3a9a22a8289a518a46fe909cbcf2b5fb339a7c9a79dd250152a85c71ebfedf62aa36182f1542eb62ed70b72230813ed64efc08dcdde6b80bbb70ab33066c61907efef94754b14c38a4ecc199ee5efc557cbcaab4c0149a2d0754951edd71860f85f4da5b4ef9a359cd0787bdf54880afde7d4b15b33e46f2c97f01e0fbdfd8646eddb76c1d099d856dd8221ac37946546019c6b4cbe33ca8e121690411291a0bf1891c921a21498d61bf079fa4e2e6a3c1a2ed95a12e8778142ca5322793a8c5bf1d27d2589dc0a51ad8e91e61e94d970ba0899bf974f341869ddcab43b43fac297d8c863834bde430f0eb1c6772e44a79deee9a91c92f784562c1a0dd8a67e7123d4aa847eb996b0f798d9c21f6c9e3ad25e815b77d2b222343b0337d55a5e5a3b9b36e1109dda5750a6afdc0e0cca1a4e791d3967ab7f3924b3ba422c62253ccf5a7c9b03f59a0516f1e3c757d2af2cf763013b1a25d94e45c9a3a6bb507b91d14488885ea7966c5b7f98ea40f432e62c6a9efdaa644701b43a8eb916774b47881281499cdd7bf43a3d4945b8f021a2d61895d59d8b9c61905c0164e557fbe7bc921d981016f7ec3f704d4faa9542a4f35b86ccda254c9cc1ddbd1b5e1c2a406337e400f5c3d654d55a576eee6f5c6ff3742a12e805b2342521ef333e05cead63e2cf737f1cba3f3c0d705d19e52020fb8086ada2bc2913e5dff9dc567d2368ea4bbf172182b4eb16f4c7dafc6fd9631006ce318f0ca77d7c3aa83d254ff8e5846a2b4428507be594577fc757c6dd2ec0faad74f041af7b91c7c854983f57a8f89e3130f9a2f6f4850073fb2d6cc7ed0469288d75dea588cd09bbf75ab58648df11f59ae022da49275f8562d20b13b539aafc266aaeccb0e2128e58c8371ee657bf5be31c60932e0d266d86cd03dc3b1815e05fa52d8932fefd6da01bc1f801927a8dd0ea6115db3db9fae744aabfb7a257de1ed1b2e76d25915e24580b8da1f2a91076670fb21d054dad11a3591a0215148317f554e07e44f36a056c74a63a4b7a460abcc05c8fc646de16c7934bd049cf2f8da739aacc55dc5e92febaa448c2b4b238b24b9235145fca480ac0a94d97b395d1ffa", 0xfe0}], 0x3, &(0x7f0000001b80)=ANY=[], 0xd0}}], 0x1, 0x3ec0)
close(r5)
recvmsg(r6, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x12161)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

4.482358635s ago: executing program 1 (id=984):
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000105804530100000000000109022d00010000500009040002010300000009210000030122f80409058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socket$igmp(0x2, 0x3, 0x2)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
unshare(0x22020400)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x69c780})
io_uring_enter(r4, 0x3516, 0x4, 0x0, 0x0, 0x0)
r7 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x40, 0x9, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x7, 0x1, 0x2, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x9, 0x99, 0xfb}}, [{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x7, 0xc0, 0x1}}]}}}]}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x0, 0x9, 0xc, 0x4, 0xff, 0x7}, 0xb2, &(0x7f00000000c0)={0x5, 0xf, 0xb2, 0x6, [@ptm_cap={0x3}, @ssp_cap={0x1c, 0x10, 0xa, 0x2, 0x4, 0x7f, 0x0, 0x6, [0x68b11f1421f8c5e7, 0x140c0, 0xc0, 0xffc000]}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "45fe15044a6e8988e340533dc36993bb"}, @generic={0x52, 0x10, 0x1, "d4f954c2d9924e53945bfdbcd5a4fa4afc0a85e68f1b6d0f383c4496f490307abe20758153d01b99f9e0240966483f62e34c0dd6b2a07e41cc6471581d1a8681da21afd718a74682b3b3c4a531c18b"}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "d9a5f123affdffccade38af006dfc08c"}, @ss_container_id={0x14, 0x10, 0x4, 0x20, "fba061e9f91fcf16eee538b87c7c30ac"}]}, 0x5, [{0x6, &(0x7f0000000180)=@string={0x6, 0x3, "6a142492"}}, {0x60, &(0x7f0000000240)=@string={0x60, 0x3, "c9d7c9cf00b3a1077ea772fdf5071d36661a4692932605659fbd8bd87af6e5e5ee442d03a467718268611b0b802722eb3b0aabb56dc1a4779aa3e0e8fc8075d2d99af7291cc6b4d6839f37779c37c23d6a89c79b43bff2f082da8220188d"}}, {0xe4, &(0x7f0000000380)=@string={0xe4, 0x3, "aa7fdec2f89da01488d5bccc875efd440b3318702cc08284cf94e9f3c3a151769c07ba9b9735882e018cb7a4c627a5957b1d74aba9580a065f3a4ffa46e0537cba0a5daf0bc7e464a951fde47a6b728baa2b34aca339d30c1ed27ed0f9318bd374d9a049982e1c94cad46095b18e97ba7d49326bc9ab2b1c63c2cc60041980ea72fbfce3b90d6cd43ddb8264034a359ec16c0c90a2b7b24b9b45f4d6f1de1dd32cdfe044cc7b34d8a85bb446cbf82029386aa6104ebb530cd0150587d8c9ec20973e5db1c07078adbb5451ca8dafe2187f1767699b94b8da4b9393ebeb995573d4cf"}}, {0x7f, &(0x7f00000002c0)=@string={0x7f, 0x3, "6cd9dd077787c57a110458a6a0d1ce6ea5777d6be16b8a13a76dce7e2a871787344e20da281f3c8de2adbdc4d244b296860dd345c31c681eb55c11a1f818f11c56b359e33a61f23efd7a15bc80a4d0e33b1fb0bc9677614c47367ee4db5e77f0c3589acb175b51a7dddf7a7a9a20bb50c5fa68f4bf876c5eabc6c96e94"}}, {0xd0, &(0x7f0000000480)=@string={0xd0, 0x3, "0ecc103db65dcd2ae0964d6cee9d2d8a1a509f795be0ad991ca10c649f7a02e770b25853fddac239f66cc6cb187cb3ee91dda323c1c6e7974374740d8ad26f1b23a4b95f7a57cbffccab458627c7802ef97dda1c3f7593f57f1eab5454e9f3ac76bbce15d134bb54dd2677feead83f311d522c929ecff6d6e31320785063bb64cfc831cb4b6767ca0262bd43fcad86a1916c9827c4c18e52dad4585a42d94c1617757272ffa2f02dee0061a52fecb644bf269bd10e052bd210b1612c43c71af8a219546ce507a32961127f639d90"}}]})
syz_usb_control_io$printer(r7, &(0x7f0000000780)={0x14, &(0x7f0000000600)={0x40, 0xb, 0xcc, {0xcc, 0x30, "c25c22885f583d92be5c654ed025c146e669a3b6f9e2dec088eb00dda2b5040157af43c7e750e90323265c8ca7074440828542143a15b70df8840847aa025399dd2e3ff400c975d6e0611797e2da879e2c3972426ea920b0c4a67b3af6228958ace29f73a64b8e1f55e315f8cdde70cdce0c4d72c951161eff14101039882e1aeab5a6c6d8235ab8f745136ff9d59096e80595984f20b01b081507ff14bc07bc2a843bf6e142021078e15e4aec20dff2bce1b88b447b68a8fd2c58e72d7af94bc88e10c52c5d1365a065"}}, &(0x7f0000000700)={0x0, 0x3, 0x53, @string={0x53, 0x3, "5fbee743522718cbc8d87ff44335ad3f587f5c16fd31398f7f2afc669d3f14dd2a2945d0319b430351a320cb00de78b87e6c5c39a48dfc49bb558348eb20a2d395c4a50ae04d319def2944693893934129"}}}, &(0x7f00000009c0)={0x34, &(0x7f00000007c0)={0x40, 0x15, 0x11, "dc17f73f5529598367f5bae75e450c483d"}, &(0x7f0000000800)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000840)={0x0, 0x8, 0x1, 0x23}, &(0x7f0000000880)={0x20, 0x0, 0x85, {0x83, "bb0db96e9aea3027a65b808ca262f4fcd7ff3cb00371892cd2b4484b34d9e726d6c235c1123a2b4cdffe66984739507b6729ee7e2df09020e785c2698c8509dc24ab138ca43cd76be5d7f1121d96577d8048090c5dab838a2439abb974375f882951e73b6869c990a7dadc2409605486b161d73699d0519caaa314b5424c2e071d6c37"}}, &(0x7f0000000940)={0x20, 0x1, 0x1, 0xc3}, &(0x7f0000000980)={0x20, 0x0, 0x1, 0x7}})

4.384490387s ago: executing program 2 (id=985):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f0000000240))
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x6a802, 0x0)
dup(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4e, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bond0\x00'})

4.064969119s ago: executing program 2 (id=986):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x8, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xc, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5775}}, 0x0, 0x8, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r1, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket(0x10, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', <r4=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', <r5=>r4, 0x0, 0x0, 0x9, 0x0, 0x0, @private0, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x7800, 0x78a0}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', r5, 0x0, 0x80, 0x0, 0xcb, 0x0, @dev={0xfe, 0x80, '\x00', 0xfc}, @rand_addr=' \x01\x00'}})

3.992891713s ago: executing program 3 (id=987):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0003003d0007010000000000000000047c0000040012801400018006000600800a0000080011"], 0x2c}}, 0x0)

3.940431206s ago: executing program 2 (id=988):
syz_open_dev$usbfs(&(0x7f0000000000), 0x4, 0x4000)
socket$inet(0xa, 0x80c, 0x40000084)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_QBUF(r0, 0xc058560f, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x80047441, 0x20000000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
memfd_create(0x0, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ptype\x00')
pread64(r2, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f00000002c0)=[r4], &(0x7f0000000140), 0x0, 0x0, 0x0, 0x400000000})

3.902680935s ago: executing program 3 (id=989):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000006c0000006c0000000b00000076e3722400000008040000000f000000070000040800000009000000000000000800000009000000540800000d0000000200000026fc00000c00000005000000020000000c000000010300000d000000ffffffff0400000081000000005f616100ee5f2e003000"], &(0x7f0000000440)=""/33, 0x8f, 0x21, 0x1, 0x1, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$netlink(r0, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000300)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x5, 0x1, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000002003000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x17, 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r6, r7, 0x12}, 0x10)
r8 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
sendfile(r8, r8, 0x0, 0x8)

3.772218014s ago: executing program 4 (id=990):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
syz_emit_ethernet(0x54, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0x8, 0x6, "4b38c3", 0x1e, 0x29, 0x1, @local, @mcast2, {[], "59132926ac841b11e80c0220c53c3f58b562ec28bf6593d32e44221b2e45"}}}}}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0x20, &(0x7f0000000580)={&(0x7f0000000840)=""/4096, 0x1000, <r2=>0x0, &(0x7f0000000440)=""/119, 0x77}}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000008500000029000000180100002020782500000000002020207b1af8ff00000000bfa1000000000000"], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0xb, 0x0, &(0x7f0000000400)="e4e647c9e0b8e9a2f2ab30", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r4 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r4, 0x400442c8, &(0x7f00000001c0)={r1, 0x1, 0x2})
r5 = semget$private(0x0, 0x207, 0x0)
semctl$SETALL(r5, 0x0, 0x11, &(0x7f0000000140))
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fd2, 0x6007, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
syz_usb_control_io(r6, 0x0, 0x0)
syz_open_dev$mouse(0x0, 0x80, 0x100)
syz_usb_control_io(r6, &(0x7f0000000e00)={0x2c, &(0x7f0000000300)={0x0, 0x21, 0x39, {0x39, 0x8, "820027fe57e363090216e3be4bc82ab8b493e932d29762338726e42331c1741ce7cde4dad348f453b6d7fba86ef7594a35bbca111fcf18"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, 0x0, 0xc000)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00001001500000029bd7000000000006469676573745f6e756c6c6d67656e6572696300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005cb42b0a0000000000000069eb1ece9e69b210000000000000000000000000000000000000000000000000000000000024000000000000"], 0xe0}}, 0x0)
sendmsg$nl_crypto(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xf0}}, 0x800)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), r8)

3.706509533s ago: executing program 0 (id=991):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000006c0000006c0000000b00000076e3722400000008040000000f000000070000040800000009000000000000000800000009000000540800000d0000000200000026fc00000c00000005000000020000000c000000010300000d000000ffffffff0400000081000000005f616100ee5f2e003000"], &(0x7f0000000440)=""/33, 0x8f, 0x21, 0x1, 0x1, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$netlink(r0, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r0, &(0x7f0000000300)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x5, 0x1, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000002003000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x17, 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r6, r7, 0x12}, 0x10)
r8 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
sendfile(r8, r8, 0x0, 0x8)

3.202879882s ago: executing program 2 (id=992):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000280)={0x3, 0xffffffffffffffff, 0x4})
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ppoll(&(0x7f0000000240)=[{r0, 0x400}, {0xffffffffffffffff, 0x102}, {r2, 0x408}, {r0, 0x1000}, {r3, 0x1284}, {r4, 0x170d}, {r0, 0x200}, {r0, 0x1}, {r0, 0xe084}, {0xffffffffffffffff, 0x204}], 0xa, &(0x7f00000002c0), &(0x7f0000000300)={[0x8]}, 0x8)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
fsopen(&(0x7f0000000000)='befs\x00', 0x1)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x4, 0x7, 0xfffffffffffffffe, 0x1, 0x7fff, 0x0, 0x5], 0xeeef0000})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket(0x11, 0x800000003, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800, 0x0, 0x8001, 0x8000000, 0xfffffffffffffffe, 0x0, 0x4}, 0x0)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
r11 = openat$audio(0xffffffffffffff9c, 0x0, 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r11, 0xc0045005, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001980)={0xb, {"a2e3ad214fc752f9182909094bf70e0dd038e7ff7fc6e5539b324c078b089b32353b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d074c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600))
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000440)={0xdc, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@nested={0xc8, 0x11, 0x0, 0x1, [@nested={0xc2, 0x76, 0x0, 0x1, [@nested={0x10, 0x116, 0x0, 0x1, [@typed={0xa, 0x13c, 0x0, 0x0, @str='*-:--\x00'}]}, @nested={0x0, 0x12f}, @typed={0x0, 0x63, 0x0, 0x0, @u32=0xa0000000}, @typed={0x14, 0xbc, 0x0, 0x0, @ipv6=@mcast2}, @typed={0xffffffffffffff44, 0x124, 0x0, 0x0, @uid=0xffffffffffffffff}]}, @generic]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x8}, 0x20000094)
sendmsg$nl_xfrm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)=@flushpolicy={0x40, 0x12, 0x105, 0x0, 0x0, "", [@proto={0x5, 0x19, 0xff}, @address_filter={0x28, 0x1a, {@in=@private=0xa010102, @in6=@rand_addr=' \x01\x00', 0xa, 0x6, 0x9}}]}, 0x40}}, 0x20040810)

1.91881835s ago: executing program 0 (id=993):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f00000001c0)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000000)={r3, 0x800}, 0x8)
mkdirat(0xffffffffffffffff, &(0x7f0000000300)='./file1\x00', 0x180)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32], 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xe4}}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x2)

1.770574454s ago: executing program 0 (id=994):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socket(0x1d, 0x2, 0x6) (async)
r1 = socket(0x1d, 0x2, 0x6)
mprotect(&(0x7f00002a1000/0x3000)=nil, 0x3000, 0x0)
bind$can_j1939(r1, &(0x7f0000000040)={0x1d, 0x0, 0x3}, 0x18)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r2, &(0x7f0000000140), 0x0, 0xf, 0x430c29dd)

1.134066757s ago: executing program 3 (id=995):
socket(0x11, 0x800000003, 0x0)
socketpair$unix(0x1, 0x6, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c00000010000100002500"/20, @ANYRES32=r4, @ANYBLOB="00000000000000002c001280110001006272696467655f736c617665000000001400058005001c"], 0x4c}}, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0x3018, &(0x7f0000000680)={0x0, 0x4083f4, 0x10000, 0x1, 0xfffffffd}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000340)=<r7=>0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000640)={@remote, @private0, @empty, 0x40000, 0x40, 0x300, 0x100, 0x0, 0x40180043})
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffffff, 0x0, 0x3)
bind$alg(r8, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
accept4(r8, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x108, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r10, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000200)=ANY=[@ANYBLOB="70000000000905030000000000000000000000000900010073797a31000000000c00048004000140000000003c0002000c00028005000100000000002c000180140003000000000000000000000000000000000014000400fe8000000000000000000000000000bb0800054000000000168eefbef296135656b1d3622cea803586dbf1e1d11613476228cf35dcfc1e3f8a0a3bbd0387fe83336da6c5c7b9287da55ada4d6abf3856776c7632642085f24b6e6f5ce06861df76f64d36"], 0x70}}, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x7ff, 0x1000})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)

862.004536ms ago: executing program 1 (id=996):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
recvmsg(r1, 0x0, 0x100)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
listen(r2, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000240)={0x0, {0x2, 0x4e03, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x4e22, @multicast2}, {0x2, 0x4e20, @private=0xa010101}, 0x74, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x6, 0xc9, 0xf22})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
write$nbd(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="67448dbed0af00000400030002000012"], 0x10)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0xa)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x20, r6, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)
connect$packet(r1, &(0x7f0000000000)={0x1f, 0xf8, 0x0, 0x1, 0x2, 0x6, @broadcast}, 0x14)

191.817027ms ago: executing program 4 (id=997):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000b7"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
tkill(r0, 0x2c)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r3, 0xc0481273, 0x0)
openat$binfmt_format(0xffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
ioctl$BLKTRACESTART(r3, 0x1274, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r5, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x1f, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="740000000a0a0101000000eaffffff00020000080c0010400000030800064000000000080007400000003a08000440000000020900020073797a3000000000300011800d00010073796e70726f7879400000001c000280060001400001000005000200ff0000"], 0x74}, 0x1, 0x0, 0x0, 0x4010}, 0x200000d0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x1d, &(0x7f0000000100)=0x2, 0x4)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket(0x10, 0x3, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)

104.697799ms ago: executing program 0 (id=998):
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000003c0)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[], 0x1c}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$vcsu(0x0, 0x8001, 0x400)
r2 = socket$kcm(0x10, 0x2, 0x0)
ioctl$SNDCTL_SEQ_THRESHOLD(r1, 0x4004510d, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

0s ago: executing program 2 (id=999):
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x17, 0xe2, 0xdd, 0x8, 0x763, 0x2080, 0xd940, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xe4, 0x60}}]}}]}}, 0x0)
syz_usb_connect(0x3, 0x272, &(0x7f0000000200)={{0x12, 0x1, 0x201, 0x63, 0x7a, 0x60, 0x10, 0x19d2, 0xffc3, 0xc7c2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x260, 0x2, 0x2, 0x3, 0xd0, 0x0, [{{0x9, 0x4, 0x48, 0x3, 0x7, 0xff, 0xff, 0xff, 0x94, [], [{{0x9, 0x5, 0x6, 0x8, 0x8, 0x3, 0x1}}, {{0x9, 0x5, 0x1, 0x4, 0x20, 0x8, 0x3, 0x4c, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1d, 0x649a}]}}, {{0x9, 0x5, 0x9, 0x1, 0x200, 0x6, 0xa, 0x3}}, {{0x9, 0x5, 0xb, 0x1, 0x10, 0x0, 0x4, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0xfffb}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x7, 0x6, 0x7b, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xff, 0x10}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x40, 0xfffd}]}}, {{0x9, 0x5, 0x8, 0x10, 0x3ff, 0x3, 0x5}}, {{0x9, 0x5, 0x2, 0x0, 0x20, 0x8, 0xc3, 0xdc, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x4, 0x8}]}}]}}, {{0x9, 0x4, 0xd3, 0x7, 0x4, 0x9c, 0x69, 0xfc, 0x7, [@uac_control={{0xa, 0x24, 0x1, 0x5, 0x8}, [@input_terminal={0xc, 0x24, 0x2, 0x2, 0x100, 0x5, 0x9, 0x1, 0x1, 0x1}, @mixer_unit={0x8, 0x24, 0x4, 0x6, 0x9, "5a417f"}, @selector_unit={0x7, 0x24, 0x5, 0x5, 0x3, 'X['}, @extension_unit={0xc, 0x24, 0x8, 0x6, 0xfff7, 0xfe, "f93e5c3a39"}, @feature_unit={0xf, 0x24, 0x6, 0x2, 0x1, 0x4, [0x6, 0x8, 0x9, 0x3], 0x10}]}], [{{0x9, 0x5, 0x8, 0x0, 0x400, 0x2, 0x4, 0x3, [@generic={0x42, 0xd, "e633527ba3aa6c92a21aae001c2d2c80be1a0ec2e8437dbfe96781bf40336d66f1f15bb62d752af761af1fefd0286fb49234e3e61919953a15916ecade3cd661"}]}}, {{0x9, 0x5, 0x7, 0x2, 0x40, 0x3, 0x0, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x5}]}}, {{0x9, 0x5, 0x5, 0x10, 0x3ff, 0x8, 0x1, 0x5, [@generic={0xce, 0x21, "d85fc6efc4be363a7534dd69a395cc77c7d0cca388ef3b316b7774d05519b9b54da70dd75fe255961b8a64406faa4f6a1ccff2015e62c736e425612e084b3ad3e7bd1b3185448b7bfd78ec7958fb53e6a6256c8e5dfb3087b662a5218eb9f1591d101014030ffb071254e872d81237f6f3da2bdbbc42055223ebb1819a2c151cd06ea51af6cf45c6a65cb045cc21909dfdf9f09f619dd97f6d28bfe2705955eb8570e98614f7ed22add5b7bfdfd865e306c2ba6597be5f6e2ebc1e0a04f9e34927a480f0f3b5e468ab19a346"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x8, 0xdd, 0x0, 0x2, [@generic={0x69, 0x31, "e27e9b50f4d0196013da08cf8a2191d7a72f4715b718fbb868ee7b8efe340fc7a9e8233b32c0b33c4bfb1b948db49292bd541aff6d702434ce018020d0cae4110d25f008e3d3232323502ad10b8658b899c3d5b59c312f3c4480a3adeaee95ec0dd42a32f84064"}]}}]}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x310, 0xdd, 0x5, 0x0, 0x20, 0xe}, 0x4b, &(0x7f0000000040)={0x5, 0xf, 0x4b, 0x4, [@ssp_cap={0x1c, 0x10, 0xa, 0x7, 0x4, 0x27c, 0xff00, 0x6, [0xf54883c0fbb23aaa, 0xff01bf, 0xff00c0, 0xffc000]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x5, 0x43, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "596ca5b4551b73b96eaf1ed39809de9f"}, @ssp_cap={0xc, 0x10, 0xa, 0x8, 0x0, 0x7, 0xf000, 0x100}]}, 0x1, [{0xe9, &(0x7f00000000c0)=@string={0xe9, 0x3, "f070e16187f28906d9783668fcfb66321acc79979533ae6f88e09c5bb18dc985231675e09a2b472a27e8c55c1b25fabebd9c3aa56d90e8fe9e9aa7f1c7f4b2fc98e96832b699adcc1df614392f7c0f3a25583805899dfe76d1394786ecc42ac77e483559fc7faab0fecc3c4d5031a944664b620347f4cde932347266435dbf1134ef73f35f9fd99586775d78d98520813bf7f1e0e86c2b2b4c1e09351dcbeeae9ca40b362a853c5fac9f6cb2b68fc0b2b76776eff157c6ecf237ca4faa1028a26b101bedafbcbc9c525678857c170641cf21a6ca358aa92d89d0330b541843f2baab433e208f25"}}]})

kernel console output (not intermixed with test programs):

port 1-1:162.251: required endpoints missing
[  187.600459][ T7361] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  187.609280][ T7361] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  187.690945][    T8] io_edgeport 1-1:162.209: Edgeport 2 port adapter converter detected
[  187.711458][   T29] audit: type=1400 audit(1738115975.597:572): avc:  denied  { getopt } for  pid=7359 comm="syz.3.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  187.814167][ T5828] Bluetooth: hci4: command 0x0405 tx timeout
[  187.877504][ T5828] Bluetooth: hci2: Malformed MSFT vendor event: 0x02
[  188.093896][    T8] usb 1-1: у  detected
[  188.239988][ T5928] usb 5-1: USB disconnect, device number 9
[  188.307258][    T8] usb 1-1: Edgeport 2 port adapter converter now attached to ttyUSB0
[  188.345665][   T29] audit: type=1400 audit(1738115976.227:573): avc:  denied  { bind } for  pid=7369 comm="syz.3.428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  188.354894][ T7371] input: syz0 as /devices/virtual/input/input20
[  188.373438][    T8] usb 1-1: Edgeport 2 port adapter converter now attached to ttyUSB1
[  188.389261][   T29] audit: type=1400 audit(1738115976.227:574): avc:  denied  { listen } for  pid=7369 comm="syz.3.428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  188.423288][   T29] audit: type=1400 audit(1738115976.227:575): avc:  denied  { ioctl } for  pid=7369 comm="syz.3.428" path="socket:[14141]" dev="sockfs" ino=14141 ioctlcmd=0x8934 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  188.433497][ T7375] netlink: 4 bytes leftover after parsing attributes in process `syz.2.430'.
[  188.453957][   T29] audit: type=1400 audit(1738115976.327:576): avc:  denied  { ioctl } for  pid=7374 comm="syz.2.430" path="socket:[14149]" dev="sockfs" ino=14149 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  188.592071][   T29] audit: type=1400 audit(1738115976.327:577): avc:  denied  { connect } for  pid=7374 comm="syz.2.430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  188.941587][ T5928] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  189.951257][ T5928] usb 4-1: Using ep0 maxpacket: 8
[  189.970614][ T5928] usb 4-1: config 2 has an invalid interface number: 169 but max is 0
[  189.983528][ T5928] usb 4-1: config 2 has no interface number 0
[  189.988826][ T5869] usb 1-1: USB disconnect, device number 10
[  189.989732][    C0] usb 1-1: edge_interrupt_callback - Error -19 submitting control urb
[  190.484088][ T5928] usb 4-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  190.495114][ T5928] usb 4-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  190.504530][ T5869] edgeport_2 ttyUSB0: Edgeport 2 port adapter converter now disconnected from ttyUSB0
[  190.506816][ T5928] usb 4-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  190.527730][ T5928] usb 4-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  190.539461][ T5928] usb 4-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  190.578535][ T5928] usb 4-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  190.581547][ T5869] edgeport_2 ttyUSB1: Edgeport 2 port adapter converter now disconnected from ttyUSB1
[  190.619393][ T5869] io_edgeport 1-1:162.209: device disconnected
[  190.635474][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.775381][ T5828] Bluetooth: hci1: Malformed MSFT vendor event: 0x02
[  190.805358][ T7403] bridge0: port 3(syz_tun) entered blocking state
[  190.831508][ T7403] bridge0: port 3(syz_tun) entered disabled state
[  190.847049][ T7403] syz_tun: entered allmulticast mode
[  190.874927][ T7403] syz_tun: entered promiscuous mode
[  190.896528][   T29] audit: type=1400 audit(1738115978.777:578): avc:  denied  { mount } for  pid=7401 comm="syz.1.439" name="/" dev="pstore" ino=4158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  190.930714][ T7403] bridge0: port 3(syz_tun) entered blocking state
[  190.937609][ T7403] bridge0: port 3(syz_tun) entered forwarding state
[  190.974507][   T29] audit: type=1400 audit(1738115978.817:579): avc:  denied  { connect } for  pid=7401 comm="syz.1.439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  191.097187][ T5928] cypress_m8 4-1:2.169: DeLorme Earthmate USB converter detected
[  191.138005][   T29] audit: type=1400 audit(1738115979.027:580): avc:  denied  { read write } for  pid=7401 comm="syz.1.439" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  191.276163][   T29] audit: type=1400 audit(1738115979.057:581): avc:  denied  { open } for  pid=7401 comm="syz.1.439" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  191.312670][   T29] audit: type=1400 audit(1738115979.057:582): avc:  denied  { ioctl } for  pid=7401 comm="syz.1.439" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  191.340046][ T7418] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  191.362891][ T7418] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  191.395232][ T7418] overlayfs: fs on './file0' does not support file handles, falling back to xino=off.
[  191.429240][ T5928] usb 4-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  192.236882][ T5928] usb 4-1: USB disconnect, device number 10
[  192.247056][ T5928] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  192.258154][ T5928] cypress_m8 4-1:2.169: device disconnected
[  192.433307][ T7423] netlink: 16 bytes leftover after parsing attributes in process `syz.0.443'.
[  192.484860][ T7427] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  192.771527][ T5828] Bluetooth: hci3: Malformed MSFT vendor event: 0x02
[  192.809783][ T7446] openvswitch: netlink: Multiple metadata blocks provided
[  192.821720][ T7445] openvswitch: netlink: Multiple metadata blocks provided
[  192.830584][ T7445] team_slave_0: entered promiscuous mode
[  192.841529][ T7445] team_slave_0: entered allmulticast mode
[  193.598934][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  193.598952][   T29] audit: type=1400 audit(1738115981.487:588): avc:  denied  { ioctl } for  pid=7451 comm="syz.0.453" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=14837 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  193.746332][ T7457] binder: BINDER_SET_CONTEXT_MGR already set
[  193.752469][ T7457] binder: 7455:7457 ioctl 4018620d 20000040 returned -16
[  193.790058][   T29] audit: type=1400 audit(1738115981.667:589): avc:  denied  { ioctl } for  pid=7450 comm="syz.4.452" path="socket:[14852]" dev="sockfs" ino=14852 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  193.828805][ T7453] kvm: kvm [7450]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000
[  193.841132][ T7459] netlink: 48 bytes leftover after parsing attributes in process `syz.2.455'.
[  193.854308][ T7453] kvm: kvm [7450]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  193.878893][ T7464] input: syz0 as /devices/virtual/input/input21
[  195.068650][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  195.075057][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  195.350626][   T29] audit: type=1400 audit(1738115983.237:590): avc:  denied  { create } for  pid=7476 comm="syz.1.463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  195.587755][ T7487] ipvlan0: entered allmulticast mode
[  195.593152][ T7487] veth0_vlan: entered allmulticast mode
[  196.277072][ T7488] overlayfs: failed to resolve './file1': -2
[  196.615038][ T7489] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input22
[  196.988565][ T7502] openvswitch: netlink: Key type 3757 is out of range max 32
[  197.012642][ T7502] netlink: 80 bytes leftover after parsing attributes in process `syz.3.467'.
[  197.028077][ T7504] netlink: 'syz.1.468': attribute type 1 has an invalid length.
[  197.058096][ T7504] netlink: 'syz.1.468': attribute type 2 has an invalid length.
[  198.444976][ T7529] team0: Device gtp0 is of different type
[  198.477428][ T7541] team0: Device gtp0 is of different type
[  198.990704][   T29] audit: type=1800 audit(1738115986.857:591): pid=7542 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.483" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  199.949297][   T29] audit: type=1400 audit(1738115987.837:592): avc:  denied  { bind } for  pid=7567 comm="syz.0.492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  200.146890][ T7566]  nullb0: AHDI p1
[  201.271372][   T29] audit: type=1400 audit(1738115989.107:593): avc:  denied  { checkpoint_restore } for  pid=7565 comm="syz.4.491" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  201.701683][ T7586] netlink: 16 bytes leftover after parsing attributes in process `syz.3.498'.
[  201.765966][ T7589] team0: Device gtp0 is of different type
[  201.880534][ T7596] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input23
[  202.171380][ T5928] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  202.373040][ T5928] usb 5-1: Using ep0 maxpacket: 8
[  202.396363][ T5928] usb 5-1: config 2 has an invalid interface number: 169 but max is 0
[  202.405807][ T5928] usb 5-1: config 2 has no interface number 0
[  202.421361][ T5928] usb 5-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  202.441225][ T5928] usb 5-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  202.479890][ T5928] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  202.584505][ T5928] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  202.667832][ T5928] usb 5-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  202.707694][ T5928] usb 5-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  203.059243][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.073972][ T5928] cypress_m8 5-1:2.169: DeLorme Earthmate USB converter detected
[  203.507473][ T5928] usb 5-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  203.529259][ T5928] usb 5-1: USB disconnect, device number 10
[  203.569158][ T5928] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  203.618070][ T5928] cypress_m8 5-1:2.169: device disconnected
[  203.803499][ T5828] Bluetooth: hci1: Malformed MSFT vendor event: 0x02
[  204.771470][ T5898] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  205.106977][ T7636] FAULT_INJECTION: forcing a failure.
[  205.106977][ T7636] name failslab, interval 1, probability 0, space 0, times 0
[  205.489912][ T7640] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input24
[  205.508285][ T7636] CPU: 0 UID: 0 PID: 7636 Comm: syz.2.514 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  205.508312][ T7636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  205.508323][ T7636] Call Trace:
[  205.508329][ T7636]  <TASK>
[  205.508336][ T7636]  dump_stack_lvl+0x16c/0x1f0
[  205.508368][ T7636]  should_fail_ex+0x50a/0x650
[  205.508393][ T7636]  ? fs_reclaim_acquire+0xae/0x150
[  205.508420][ T7636]  should_failslab+0xc2/0x120
[  205.508441][ T7636]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  205.508461][ T7636]  ? skb_clone+0x190/0x3f0
[  205.508484][ T7636]  skb_clone+0x190/0x3f0
[  205.508504][ T7636]  nfnetlink_rcv_batch+0x1d9/0x24e0
[  205.508530][ T7636]  ? find_held_lock+0x2d/0x110
[  205.508555][ T7636]  ? __pfx_lock_release+0x10/0x10
[  205.508579][ T7636]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  205.508611][ T7636]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  205.508636][ T7636]  ? lockdep_hardirqs_on+0x7c/0x110
[  205.508661][ T7636]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  205.508698][ T7636]  ? avc_has_perm_noaudit+0x143/0x3a0
[  205.508728][ T7636]  ? __asan_memset+0x23/0x50
[  205.508753][ T7636]  ? __nla_validate_parse+0x601/0x2880
[  205.508775][ T7636]  ? rcu_is_watching+0x12/0xc0
[  205.508795][ T7636]  ? __pfx___nla_validate_parse+0x10/0x10
[  205.508815][ T7636]  ? cap_capable+0xb3/0x250
[  205.508839][ T7636]  ? __nla_parse+0x40/0x60
[  205.508859][ T7636]  nfnetlink_rcv+0x3c3/0x430
[  205.508878][ T7636]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  205.508905][ T7636]  netlink_unicast+0x53c/0x7f0
[  205.508926][ T7636]  ? __pfx_netlink_unicast+0x10/0x10
[  205.508950][ T7636]  netlink_sendmsg+0x8b8/0xd70
[  205.508969][ T7636]  ? __pfx_netlink_sendmsg+0x10/0x10
[  205.508989][ T7636]  ? ____sys_sendmsg+0x7f8/0xc90
[  205.509016][ T7636]  ____sys_sendmsg+0xaaf/0xc90
[  205.509040][ T7636]  ? copy_msghdr_from_user+0x10b/0x160
[  205.509059][ T7636]  ? __pfx_____sys_sendmsg+0x10/0x10
[  205.509093][ T7636]  ___sys_sendmsg+0x135/0x1e0
[  205.509115][ T7636]  ? __pfx____sys_sendmsg+0x10/0x10
[  205.509153][ T7636]  ? __fget_files+0x206/0x3a0
[  205.509176][ T7636]  __sys_sendmsg+0x16e/0x220
[  205.509194][ T7636]  ? __pfx___sys_sendmsg+0x10/0x10
[  205.509227][ T7636]  do_syscall_64+0xcd/0x250
[  205.509243][ T7636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.509266][ T7636] RIP: 0033:0x7fa7d4d8cda9
[  205.509280][ T7636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.509297][ T7636] RSP: 002b:00007fa7d5beb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  205.509313][ T7636] RAX: ffffffffffffffda RBX: 00007fa7d4fa5fa0 RCX: 00007fa7d4d8cda9
[  205.509324][ T7636] RDX: 0000000004004000 RSI: 0000000020000680 RDI: 0000000000000003
[  205.509334][ T7636] RBP: 00007fa7d5beb090 R08: 0000000000000000 R09: 0000000000000000
[  205.509344][ T7636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  205.509353][ T7636] R13: 0000000000000000 R14: 00007fa7d4fa5fa0 R15: 00007ffe8eeb30a8
[  205.509376][ T7636]  </TASK>
[  205.891545][ T5898] usb 1-1: Using ep0 maxpacket: 32
[  205.963669][   T29] audit: type=1400 audit(1738115993.817:594): avc:  denied  { map } for  pid=7643 comm="syz.2.518" path="/proc/sys/net/ipv4/vs/sync_version" dev="proc" ino=16419 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_net_t tclass=file permissive=1
[  206.011923][ T5898] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  206.019941][ T5898] usb 1-1: config 0 has no interface number 0
[  206.026164][ T5898] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.037065][ T5898] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.046847][ T5898] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  206.055936][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.103265][ T5898] usb 1-1: config 0 descriptor??
[  206.359712][ T7651] netlink: 100 bytes leftover after parsing attributes in process `syz.2.521'.
[  206.723523][ T5898] uclogic 0003:28BD:0094.0006: pen parameters not found
[  206.759846][ T5898] uclogic 0003:28BD:0094.0006: interface is invalid, ignoring
[  206.927463][   T29] audit: type=1326 audit(1738115994.807:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  206.982917][   T46] usb 1-1: USB disconnect, device number 11
[  207.008067][   T29] audit: type=1326 audit(1738115994.807:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  207.079135][   T29] audit: type=1326 audit(1738115994.807:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  207.177932][   T29] audit: type=1326 audit(1738115994.807:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  207.180492][ T7661] netlink: 'syz.4.524': attribute type 2 has an invalid length.
[  207.221690][ T7662] netlink: 8 bytes leftover after parsing attributes in process `syz.4.524'.
[  207.269595][   T29] audit: type=1326 audit(1738115994.807:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  207.343343][   T29] audit: type=1326 audit(1738115994.807:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  207.365582][ T7661] netlink: 'syz.4.524': attribute type 2 has an invalid length.
[  207.403456][   T29] audit: type=1326 audit(1738115994.807:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  207.427043][ T7661] netlink: 'syz.4.524': attribute type 1 has an invalid length.
[  207.511691][   T29] audit: type=1326 audit(1738115994.817:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  207.683706][   T29] audit: type=1326 audit(1738115994.817:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7646 comm="syz.4.519" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcab8cda9 code=0x7fc00000
[  209.088560][ T7680] (syz.2.529,7680,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  209.097627][ T7680] (syz.2.529,7680,0):ocfs2_fill_super:1177 ERROR: status = -22
[  209.751269][ T5866] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  210.100841][ T5866] usb 2-1: Using ep0 maxpacket: 16
[  210.117350][ T7695] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input25
[  210.144026][ T5866] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  210.317262][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.338393][ T5866] usb 2-1: Product: syz
[  210.348026][ T5866] usb 2-1: Manufacturer: syz
[  210.356284][ T7692] bond0: entered promiscuous mode
[  210.361401][ T5866] usb 2-1: SerialNumber: syz
[  210.366461][ T7692] bond_slave_0: entered promiscuous mode
[  210.373214][ T5866] usb 2-1: config 0 descriptor??
[  210.380133][ T7692] bond_slave_1: entered promiscuous mode
[  210.389251][ T7692] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
[  210.651897][ T5866] speedtch 2-1:0.0: speedtch_bind: data interface not found!
[  210.659337][ T5866] speedtch 2-1:0.0: usbatm_usb_probe: bind failed: -19!
[  211.955498][   T29] kauditd_printk_skb: 44 callbacks suppressed
[  211.955515][   T29] audit: type=1400 audit(1738115999.847:648): avc:  denied  { accept } for  pid=7719 comm="syz.4.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  212.057523][    T8] usb 2-1: USB disconnect, device number 16
[  212.154876][ T7726] lo speed is unknown, defaulting to 1000
[  212.194980][ T7733] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input26
[  212.516042][   T29] audit: type=1400 audit(1738116000.407:649): avc:  denied  { watch_mount } for  pid=7737 comm="syz.4.548" path="/106" dev="tmpfs" ino=576 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  212.698625][   T29] audit: type=1400 audit(1738116000.587:650): avc:  denied  { setopt } for  pid=7742 comm="syz.1.549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  213.550883][ T7749] netlink: 48 bytes leftover after parsing attributes in process `syz.1.549'.
[  213.601815][ T7751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.549'.
[  213.763002][ T7751] syz_tun: left allmulticast mode
[  213.768136][ T7751] syz_tun: left promiscuous mode
[  213.775269][ T7751] bridge0: port 3(syz_tun) entered disabled state
[  213.880951][ T7759] FAULT_INJECTION: forcing a failure.
[  213.880951][ T7759] name failslab, interval 1, probability 0, space 0, times 0
[  213.925455][ T7759] CPU: 0 UID: 0 PID: 7759 Comm: syz.4.553 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  213.925488][ T7759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  213.925500][ T7759] Call Trace:
[  213.925506][ T7759]  <TASK>
[  213.925513][ T7759]  dump_stack_lvl+0x16c/0x1f0
[  213.925547][ T7759]  should_fail_ex+0x50a/0x650
[  213.925577][ T7759]  should_failslab+0xc2/0x120
[  213.925598][ T7759]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  213.925628][ T7759]  ? skb_clone+0x190/0x3f0
[  213.925653][ T7759]  skb_clone+0x190/0x3f0
[  213.925674][ T7759]  netlink_deliver_tap+0xabd/0xd30
[  213.925715][ T7759]  netlink_unicast+0x5e1/0x7f0
[  213.925738][ T7759]  ? __pfx_netlink_unicast+0x10/0x10
[  213.925768][ T7759]  netlink_sendmsg+0x8b8/0xd70
[  213.925791][ T7759]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.925821][ T7759]  ____sys_sendmsg+0xaaf/0xc90
[  213.925846][ T7759]  ? copy_msghdr_from_user+0x10b/0x160
[  213.925870][ T7759]  ? __pfx_____sys_sendmsg+0x10/0x10
[  213.925909][ T7759]  ___sys_sendmsg+0x135/0x1e0
[  213.925931][ T7759]  ? __pfx____sys_sendmsg+0x10/0x10
[  213.925964][ T7759]  ? __pfx_lock_release+0x10/0x10
[  213.925989][ T7759]  ? trace_lock_acquire+0x14e/0x1f0
[  213.926020][ T7759]  ? __fget_files+0x206/0x3a0
[  213.926046][ T7759]  __sys_sendmsg+0x16e/0x220
[  213.926066][ T7759]  ? __pfx___sys_sendmsg+0x10/0x10
[  213.926105][ T7759]  do_syscall_64+0xcd/0x250
[  213.926126][ T7759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.926151][ T7759] RIP: 0033:0x7f4bcab8cda9
[  213.926167][ T7759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.926185][ T7759] RSP: 002b:00007f4bcba1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.926203][ T7759] RAX: ffffffffffffffda RBX: 00007f4bcada5fa0 RCX: 00007f4bcab8cda9
[  213.926216][ T7759] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  213.926227][ T7759] RBP: 00007f4bcba1e090 R08: 0000000000000000 R09: 0000000000000000
[  213.926238][ T7759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.926249][ T7759] R13: 0000000000000000 R14: 00007f4bcada5fa0 R15: 00007ffc827e7d18
[  213.926275][ T7759]  </TASK>
[  214.227258][ T7751] bridge_slave_1: left allmulticast mode
[  214.234416][ T7751] bridge_slave_1: left promiscuous mode
[  214.240162][ T7751] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.266037][ T7751] bridge_slave_0: left allmulticast mode
[  214.271913][ T7751] bridge_slave_0: left promiscuous mode
[  214.277754][ T7751] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.912520][ T7773] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input27
[  215.064093][ T7775] netlink: 8 bytes leftover after parsing attributes in process `syz.4.558'.
[  215.227713][ T7781] netlink: 'syz.4.558': attribute type 2 has an invalid length.
[  215.242185][ T7786] netlink: 'syz.0.559': attribute type 10 has an invalid length.
[  215.260437][ T7781] netlink: 'syz.4.558': attribute type 1 has an invalid length.
[  215.302935][ T7781] netlink: 'syz.4.558': attribute type 1 has an invalid length.
[  215.308755][ T7786] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode
[  215.331656][   T29] audit: type=1400 audit(1738116003.217:651): avc:  denied  { getopt } for  pid=7784 comm="syz.2.560" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  215.370387][ T7786] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  215.631378][ T5866] usb 3-1: new low-speed USB device number 12 using dummy_hcd
[  215.763961][ T5866] usb 3-1: device descriptor read/64, error -71
[  216.061268][ T5866] usb 3-1: new low-speed USB device number 13 using dummy_hcd
[  216.137469][ T7801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.563'.
[  216.150321][ T7801] netlink: 12 bytes leftover after parsing attributes in process `syz.3.563'.
[  216.192148][   T29] audit: type=1400 audit(1738116004.067:652): avc:  denied  { block_suspend } for  pid=7796 comm="syz.1.564" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  216.251452][ T5866] usb 3-1: device descriptor read/64, error -71
[  216.288796][ T7799] can0: slcan on ptm0.
[  216.348992][ T7799] loop6: detected capacity change from 0 to 524287999
[  216.359164][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.368591][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.368667][   T29] audit: type=1400 audit(1738116004.237:653): avc:  denied  { append } for  pid=7796 comm="syz.1.564" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  216.384094][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.409258][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.417934][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.427118][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.437303][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.446576][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.457354][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.466685][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.474890][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.484067][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.492374][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.501566][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.511139][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.520395][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.528337][ T7799] ldm_validate_partition_table(): Disk read failed.
[  216.535975][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.545391][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.553636][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  216.562849][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  216.577514][ T7799] Dev loop6: unable to read RDB block 0
[  216.584900][ T5866] usb usb3-port1: attempt power cycle
[  216.591651][ T7799]  loop6: unable to read partition table
[  216.597383][ T7799] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  216.941136][   T29] audit: type=1400 audit(1738116004.827:654): avc:  denied  { write } for  pid=7809 comm="syz.0.568" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  216.951295][ T5866] usb 3-1: new low-speed USB device number 14 using dummy_hcd
[  217.038856][ T5866] usb 3-1: device descriptor read/8, error -71
[  217.065214][ T7810] netlink: 256 bytes leftover after parsing attributes in process `syz.0.568'.
[  217.103383][   T29] audit: type=1400 audit(1738116004.997:655): avc:  denied  { write } for  pid=7809 comm="syz.0.568" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  217.126654][ T7810] random: crng reseeded on system resumption
[  217.291382][ T5866] usb 3-1: new low-speed USB device number 15 using dummy_hcd
[  217.314528][ T5191] ldm_validate_partition_table(): Disk read failed.
[  217.358057][ T5191] Dev loop6: unable to read RDB block 0
[  217.680976][ T5866] usb 3-1: device descriptor read/8, error -71
[  218.012964][ T5191]  loop6: unable to read partition table
[  218.114871][ T5866] usb usb3-port1: unable to enumerate USB device
[  218.181828][ T7796] can0 (unregistered): slcan off ptm0.
[  218.389022][   T29] audit: type=1400 audit(1738116006.217:656): avc:  denied  { write } for  pid=7824 comm="syz.4.570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  219.521399][ T5913] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  219.826411][ T5913] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.948661][ T7847] lo speed is unknown, defaulting to 1000
[  220.517936][ T5913] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  220.564105][ T5913] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  220.586396][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.614810][ T5913] usb 4-1: config 0 descriptor??
[  220.709633][   T29] audit: type=1400 audit(1738116008.597:657): avc:  denied  { write } for  pid=7850 comm="syz.0.575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  220.927365][   T29] audit: type=1400 audit(1738116008.597:658): avc:  denied  { ioctl } for  pid=7850 comm="syz.0.575" path="socket:[16992]" dev="sockfs" ino=16992 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  220.941386][ T7854] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  221.231252][ T5866] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  221.441088][ T5866] usb 3-1: Using ep0 maxpacket: 16
[  221.458005][ T5866] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  221.513209][ T5866] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.538212][ T5866] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.572140][ T5866] usb 3-1: config 0 interface 0 has no altsetting 0
[  221.598531][ T5866] usb 3-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  221.628313][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.647024][ T5866] usb 3-1: config 0 descriptor??
[  221.741394][ T5869] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  221.827449][   T29] audit: type=1400 audit(1738116009.717:659): avc:  denied  { listen } for  pid=7874 comm="syz.4.580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  221.847935][   T29] audit: type=1400 audit(1738116009.737:660): avc:  denied  { accept } for  pid=7874 comm="syz.4.580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  221.891483][    T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  221.914324][ T5869] usb 1-1: Using ep0 maxpacket: 32
[  221.932808][ T5869] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  221.944129][ T5913] uclogic 0003:256C:006D.0007: failed retrieving Huion firmware version: -71
[  221.956261][ T5913] uclogic 0003:256C:006D.0007: failed probing parameters: -71
[  221.963888][ T5869] usb 1-1: config 0 has no interface number 0
[  221.970044][ T5869] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.981475][ T5913] uclogic 0003:256C:006D.0007: probe with driver uclogic failed with error -71
[  221.992746][ T5869] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  222.003092][ T7877] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  222.009614][ T7877] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  222.018915][ T7877] vhci_hcd vhci_hcd.0: Device attached
[  222.028861][ T5913] usb 4-1: USB disconnect, device number 11
[  222.037859][ T5869] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  222.066149][    T8] usb 2-1: Using ep0 maxpacket: 32
[  222.156016][ T5869] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.281594][   T46] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  222.318630][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  222.323690][ T5869] usb 1-1: config 0 descriptor??
[  222.352482][ T5866] kye 0003:0458:0153.0008: unexpected long global item
[  222.418779][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  222.429109][ T5866] kye 0003:0458:0153.0008: parse failed
[  222.439975][ T5866] kye 0003:0458:0153.0008: probe with driver kye failed with error -22
[  222.448734][    T8] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 5.00
[  223.059739][ T7884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.069839][ T7884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.195074][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.239014][    T8] usb 2-1: config 0 descriptor??
[  223.317159][ T7878] vhci_hcd: connection reset by peer
[  223.330966][ T7755] vhci_hcd: stop threads
[  223.335712][ T7755] vhci_hcd: release socket
[  223.340367][ T7755] vhci_hcd: disconnect device
[  223.956233][    T8] ft260 0003:0403:6030.000A: unknown main item tag 0x0
[  223.975068][ T5869] uclogic 0003:28BD:0094.0009: pen parameters not found
[  223.982264][ T5869] uclogic 0003:28BD:0094.0009: interface is invalid, ignoring
[  224.145636][    T8] ft260 0003:0403:6030.000A: chip code: 0000 0000
[  224.356816][    T8] ft260 0003:0403:6030.000A: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0
[  224.368259][ T5869] usb 3-1: USB disconnect, device number 16
[  224.407923][ T5866] usb 1-1: USB disconnect, device number 12
[  224.558281][    T8] ft260 0003:0403:6030.000A: failed to retrieve status: -32, no wakeup
[  224.876428][ T5869] usb 2-1: USB disconnect, device number 17
[  224.983661][ T7897] nvme_fabrics: unknown parameter or missing value 'gD��Я' in ctrl creation request
[  225.616956][ T7897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.585'.
[  225.652035][ T7897] netlink: 16 bytes leftover after parsing attributes in process `syz.3.585'.
[  225.696067][ T7897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.585'.
[  225.707840][ T7909] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input28
[  225.726722][ T7897] netlink: 36 bytes leftover after parsing attributes in process `syz.3.585'.
[  225.777841][ T7913] netlink: 16 bytes leftover after parsing attributes in process `syz.1.589'.
[  226.088436][ T7921] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  226.094977][ T7921] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  226.102605][ T7921] vhci_hcd vhci_hcd.0: Device attached
[  226.313334][ T5869] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  226.376106][ T5913] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  226.541714][ T5869] usb 3-1: Using ep0 maxpacket: 16
[  226.605016][ T5869] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  226.633070][ T5869] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  226.668356][ T5869] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  226.696027][ T5869] usb 3-1: config 0 interface 0 has no altsetting 0
[  226.718385][ T5869] usb 3-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  226.743984][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.770026][ T5869] usb 3-1: config 0 descriptor??
[  226.898649][ T7925] vhci_hcd: connection reset by peer
[  226.913611][ T6010] vhci_hcd: stop threads
[  226.931406][ T6010] vhci_hcd: release socket
[  226.946557][ T6010] vhci_hcd: disconnect device
[  227.303252][ T5869] kye 0003:0458:0153.000B: unexpected long global item
[  227.315416][ T5869] kye 0003:0458:0153.000B: parse failed
[  227.321054][ T5869] kye 0003:0458:0153.000B: probe with driver kye failed with error -22
[  227.412530][   T46] vhci_hcd: vhci_device speed not set
[  228.033852][ T7944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.043592][ T7944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.688831][ T7955] FAULT_INJECTION: forcing a failure.
[  228.688831][ T7955] name failslab, interval 1, probability 0, space 0, times 0
[  228.703630][ T7952] overlayfs: failed to resolve './file1': -2
[  228.709510][ T7955] CPU: 1 UID: 0 PID: 7955 Comm: syz.1.602 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  228.709536][ T7955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  228.709546][ T7955] Call Trace:
[  228.709552][ T7955]  <TASK>
[  228.709559][ T7955]  dump_stack_lvl+0x16c/0x1f0
[  228.709591][ T7955]  should_fail_ex+0x50a/0x650
[  228.709614][ T7955]  ? fs_reclaim_acquire+0xae/0x150
[  228.709639][ T7955]  should_failslab+0xc2/0x120
[  228.709659][ T7955]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  228.709677][ T7955]  ? vma_merge_new_range+0x40a/0xbb0
[  228.709694][ T7955]  ? vm_area_alloc+0x134/0x230
[  228.709724][ T7955]  vm_area_alloc+0x134/0x230
[  228.709748][ T7955]  __mmap_region+0x108d/0x2760
[  228.709770][ T7955]  ? __pfx___mmap_region+0x10/0x10
[  228.709796][ T7955]  ? hlock_class+0x4e/0x130
[  228.709814][ T7955]  ? mark_lock+0xb5/0xc60
[  228.709847][ T7955]  ? lock_acquire+0x2f/0xb0
[  228.709869][ T7955]  ? avc_has_perm_noaudit+0x61/0x3a0
[  228.709925][ T7955]  ? mm_get_unmapped_area+0x95/0xe0
[  228.709958][ T7955]  mmap_region+0x1ab/0x3f0
[  228.709990][ T7955]  do_mmap+0xd8d/0x11b0
[  228.710020][ T7955]  ? __pfx_do_mmap+0x10/0x10
[  228.710045][ T7955]  ? __pfx_down_write_killable+0x10/0x10
[  228.710070][ T7955]  vm_mmap_pgoff+0x203/0x3a0
[  228.710102][ T7955]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  228.710131][ T7955]  ? __fget_files+0x206/0x3a0
[  228.710153][ T7955]  ksys_mmap_pgoff+0x32c/0x5c0
[  228.710177][ T7955]  ? __pfx_ksys_write+0x10/0x10
[  228.710206][ T7955]  __x64_sys_mmap+0x125/0x190
[  228.710234][ T7955]  do_syscall_64+0xcd/0x250
[  228.710252][ T7955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.710277][ T7955] RIP: 0033:0x7fa79898cda9
[  228.710292][ T7955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.710309][ T7955] RSP: 002b:00007fa79985e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  228.710325][ T7955] RAX: ffffffffffffffda RBX: 00007fa798ba5fa0 RCX: 00007fa79898cda9
[  228.710337][ T7955] RDX: 0000000002000001 RSI: 0000000000004000 RDI: 0000000020ffc000
[  228.710348][ T7955] RBP: 00007fa79985e090 R08: 0000000000000006 R09: 0000000000000000
[  228.710359][ T7955] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[  228.710370][ T7955] R13: 0000000000000000 R14: 00007fa798ba5fa0 R15: 00007ffdcccaa448
[  228.710394][ T7955]  </TASK>
[  229.398254][ T7964] capability: warning: `syz.4.601' uses 32-bit capabilities (legacy support in use)
[  229.435009][   T46] usb 3-1: USB disconnect, device number 17
[  230.470801][ T7972] netlink: 'syz.2.605': attribute type 10 has an invalid length.
[  230.546535][ T7972] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  230.554146][ T7972] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  230.571369][ T5868] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  230.661732][ T7985] sg_write: data in/out 196608/5 bytes for SCSI command 0xd-- guessing data in;
[  230.661732][ T7985]    program syz.1.607 not setting count and/or reply_len properly
[  230.735062][ T5868] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  230.782042][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.825244][ T5868] usb 4-1: Product: syz
[  230.837673][ T5868] usb 4-1: Manufacturer: syz
[  230.850173][ T5868] usb 4-1: SerialNumber: syz
[  230.859034][ T5868] usb 4-1: config 0 descriptor??
[  230.864135][   T46] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  230.877149][ T5868] ch341 4-1:0.0: ch341-uart converter detected
[  231.398671][   T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.455559][   T46] usb 1-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00
[  231.487599][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.496527][ T5913] vhci_hcd: vhci_device speed not set
[  231.520854][   T46] usb 1-1: config 0 descriptor??
[  231.730730][ T7995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.613'.
[  231.829603][ T7992] netlink: 'syz.1.612': attribute type 2 has an invalid length.
[  231.837424][ T7992] netlink: 'syz.1.612': attribute type 1 has an invalid length.
[  231.845271][ T7992] netlink: 'syz.1.612': attribute type 1 has an invalid length.
[  231.986025][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.041010][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.077343][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.105827][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.119655][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.149655][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.175242][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.217352][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.247330][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.268269][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.283632][   T46] chicony 0003:04F2:1421.000C: unknown main item tag 0x0
[  232.370809][ T5868] ch341-uart ttyUSB0: failed to read break control: -121
[  232.405280][   T46] chicony 0003:04F2:1421.000C: hidraw0: USB HID v0.00 Device [HID 04f2:1421] on usb-dummy_hcd.0-1/input0
[  232.416715][ T5868] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121
[  232.656027][ T5868] usb 4-1: USB disconnect, device number 12
[  232.749925][ T5868] ch341 4-1:0.0: device disconnected
[  233.715527][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.616'.
[  233.726375][    T8] usb 1-1: USB disconnect, device number 13
[  233.798498][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.616'.
[  233.858379][ T8013] netlink: 'syz.1.616': attribute type 11 has an invalid length.
[  234.084303][ T8027] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input29
[  234.991295][    T8] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  235.183100][    T8] usb 1-1: Using ep0 maxpacket: 32
[  235.202782][    T8] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  235.221317][    T8] usb 1-1: config 0 has no interface number 0
[  235.227454][    T8] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  235.278002][    T8] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  235.339127][    T8] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  235.411709][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.422335][    T8] usb 1-1: config 0 descriptor??
[  236.241593][ T5928] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  236.592777][ T5928] usb 2-1: Using ep0 maxpacket: 32
[  236.709961][    T8] uclogic 0003:28BD:0094.000D: pen parameters not found
[  236.717676][    T8] uclogic 0003:28BD:0094.000D: interface is invalid, ignoring
[  236.737470][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  236.763031][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  236.787926][ T5928] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  236.831304][ T5928] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  236.849690][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.867126][   T29] audit: type=1400 audit(1738116024.757:661): avc:  denied  { name_connect } for  pid=8037 comm="syz.4.628" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  236.889640][ T5928] usb 2-1: config 0 descriptor??
[  236.928473][    T8] usb 1-1: USB disconnect, device number 14
[  236.979702][   T29] audit: type=1326 audit(1738116024.867:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8052 comm="syz.2.632" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7d4d8cda9 code=0x0
[  237.120402][ T8055] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  237.545813][ T5928] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.000E/input/input30
[  237.628330][ T8051] netlink: 'syz.3.630': attribute type 10 has an invalid length.
[  237.674453][ T8070] futex_wake_op: syz.2.634 tries to shift op by -1; fix this program
[  237.953005][ T5928] input: HID 0458:5011 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5011.000E/input/input31
[  237.964498][   T29] audit: type=1400 audit(1738116025.737:663): avc:  denied  { bind } for  pid=8068 comm="syz.4.635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  237.964667][   T29] audit: type=1400 audit(1738116025.767:664): avc:  denied  { write } for  pid=8068 comm="syz.4.635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  238.184619][ T8069] netlink: 'syz.4.635': attribute type 3 has an invalid length.
[  238.195469][ T8076] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  238.201988][ T8076] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  238.209574][ T8076] vhci_hcd vhci_hcd.0: Device attached
[  238.448364][   T29] audit: type=1326 audit(1738116026.337:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8066 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d4d8cda9 code=0x7fc00000
[  238.579058][   T29] audit: type=1326 audit(1738116026.377:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8066 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa7d4d8cda9 code=0x7fc00000
[  238.602738][ T5868] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  238.702124][   T29] audit: type=1326 audit(1738116026.427:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8066 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d4d8cda9 code=0x7fc00000
[  238.707210][ T5928] kye 0003:0458:5011.000E: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.1-1/input0
[  238.730003][   T29] audit: type=1326 audit(1738116026.427:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8066 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d4d8cda9 code=0x7fc00000
[  239.078303][   T29] audit: type=1326 audit(1738116026.427:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8066 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d4d8cda9 code=0x7fc00000
[  239.102475][   T29] audit: type=1326 audit(1738116026.427:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8066 comm="syz.2.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d4d8cda9 code=0x7fc00000
[  240.552140][ T8078] vhci_hcd: connection reset by peer
[  240.572510][   T12] vhci_hcd: stop threads
[  240.587903][   T12] vhci_hcd: release socket
[  240.594849][   T12] vhci_hcd: disconnect device
[  240.657190][ T5928] usb 2-1: USB disconnect, device number 18
[  240.671414][ T3069] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  241.354954][ T3069] usb 5-1: Using ep0 maxpacket: 32
[  241.407201][ T3069] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  242.041365][ T3069] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.200747][ T3069] usb 5-1: config 0 descriptor??
[  242.259999][ T3069] gspca_main: sunplus-2.14.0 probing 041e:400b
[  242.360212][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[  242.903038][    T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  243.051282][    T8] usb 3-1: device descriptor read/64, error -71
[  243.240111][ T8100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  243.280591][ T8100] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  243.301329][    T8] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  243.390827][ T3069] gspca_sunplus: reg_w_riv err -71
[  243.405824][ T3069] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  243.443839][    T8] usb 3-1: device descriptor read/64, error -71
[  243.444953][ T3069] usb 5-1: USB disconnect, device number 11
[  243.553681][ T5898] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  243.562374][    T8] usb usb3-port1: attempt power cycle
[  243.751309][ T5868] vhci_hcd: vhci_device speed not set
[  243.918402][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  243.928826][ T5898] usb 4-1: config 2 has an invalid interface number: 169 but max is 0
[  243.939289][ T5898] usb 4-1: config 2 has no interface number 0
[  243.957028][ T5898] usb 4-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  244.123592][ T5898] usb 4-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  244.144633][    T8] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  244.174389][ T5898] usb 4-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  244.184319][ T8142] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input32
[  244.207751][    T8] usb 3-1: device descriptor read/8, error -71
[  244.220453][ T5898] usb 4-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  244.235607][ T5898] usb 4-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  244.249107][ T5898] usb 4-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  244.265882][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.370151][ T5898] cypress_m8 4-1:2.169: DeLorme Earthmate USB converter detected
[  244.604936][    T8] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  244.631892][    T8] usb 3-1: device descriptor read/8, error -71
[  244.671793][ T5898] usb 4-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  244.701005][ T5898] usb 4-1: USB disconnect, device number 13
[  244.772430][ T8151] netlink: 76 bytes leftover after parsing attributes in process `syz.0.655'.
[  244.810953][    T8] usb usb3-port1: unable to enumerate USB device
[  245.376034][ T5898] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  245.391353][   T29] kauditd_printk_skb: 10 callbacks suppressed
[  245.391370][   T29] audit: type=1400 audit(1738116033.267:681): avc:  denied  { shutdown } for  pid=8146 comm="syz.1.656" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  245.445366][ T5898] cypress_m8 4-1:2.169: device disconnected
[  245.627395][ T8157] netlink: 36 bytes leftover after parsing attributes in process `syz.4.657'.
[  245.671025][   T29] audit: type=1400 audit(1738116033.557:682): avc:  denied  { write } for  pid=8159 comm="syz.2.659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  245.804270][ T8163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.661'.
[  245.995287][ T8166] netlink: 'syz.2.661': attribute type 2 has an invalid length.
[  246.008154][ T8166] netlink: 'syz.2.661': attribute type 1 has an invalid length.
[  246.016044][ T8166] netlink: 'syz.2.661': attribute type 1 has an invalid length.
[  246.476509][ T8171] netlink: 'syz.0.663': attribute type 10 has an invalid length.
[  248.284891][ T8193] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  248.291436][ T8193] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  248.300166][ T8193] vhci_hcd vhci_hcd.0: Device attached
[  248.937006][ T3069] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  249.101692][ T5868] usb 41-1: new low-speed USB device number 3 using vhci_hcd
[  249.201531][ T3069] usb 1-1: Using ep0 maxpacket: 32
[  249.369990][ T8194] vhci_hcd: connection reset by peer
[  249.377004][ T3069] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  249.385217][   T55] vhci_hcd: stop threads
[  249.390072][   T55] vhci_hcd: release socket
[  249.509122][   T55] vhci_hcd: disconnect device
[  249.528834][ T3069] usb 1-1: config 0 has no interface number 0
[  249.551254][ T3069] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.042023][ T3069] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.287794][ T3069] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  250.313505][ T3069] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.358929][ T3069] usb 1-1: config 0 descriptor??
[  250.773893][   T29] audit: type=1400 audit(1738116038.667:683): avc:  denied  { setopt } for  pid=8209 comm="syz.1.673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  253.670289][ T3069] uclogic 0003:28BD:0094.000F: pen parameters not found
[  253.677860][ T3069] uclogic 0003:28BD:0094.000F: interface is invalid, ignoring
[  253.733134][    T8] usb 1-1: USB disconnect, device number 15
[  254.201577][ T5868] vhci_hcd: vhci_device speed not set
[  255.451854][ T8236] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  255.458410][ T8236] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  256.083768][ T8236] vhci_hcd vhci_hcd.0: Device attached
[  256.090235][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  256.097732][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  256.181282][   T29] audit: type=1400 audit(1738116044.067:684): avc:  denied  { nlmsg_read } for  pid=8238 comm="syz.1.682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  257.087264][ T8254] sg_write: data in/out 196608/5 bytes for SCSI command 0xd-- guessing data in;
[  257.087264][ T8254]    program syz.1.686 not setting count and/or reply_len properly
[  257.219654][ T8240] vhci_hcd: connection closed
[  257.232182][  T192] vhci_hcd: stop threads
[  257.268365][  T192] vhci_hcd: release socket
[  257.281311][ T5869] usb 39-1: new low-speed USB device number 3 using vhci_hcd
[  257.290729][  T192] vhci_hcd: disconnect device
[  257.345504][ T8252]  nullb0: AHDI p1
[  257.591483][ T3069] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  257.761317][ T3069] usb 3-1: Using ep0 maxpacket: 32
[  257.802968][ T3069] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  257.819908][ T3069] usb 3-1: config 0 has no interface number 0
[  257.837638][ T3069] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.867759][ T3069] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.889939][ T3069] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  257.919693][ T3069] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.934984][ T3069] usb 3-1: config 0 descriptor??
[  258.027846][ T8264] nvme_fabrics: unknown parameter or missing value 'gD��Я' in ctrl creation request
[  258.129739][ T8264] netlink: 36 bytes leftover after parsing attributes in process `syz.0.689'.
[  258.155324][ T8264] netlink: 16 bytes leftover after parsing attributes in process `syz.0.689'.
[  258.179747][ T8264] netlink: 36 bytes leftover after parsing attributes in process `syz.0.689'.
[  258.205144][ T8264] netlink: 36 bytes leftover after parsing attributes in process `syz.0.689'.
[  259.583192][ T3069] uclogic 0003:28BD:0094.0010: pen parameters not found
[  259.590305][ T3069] uclogic 0003:28BD:0094.0010: interface is invalid, ignoring
[  259.608587][ T8294] sg_write: data in/out 196608/5 bytes for SCSI command 0xd-- guessing data in;
[  259.608587][ T8294]    program syz.1.699 not setting count and/or reply_len properly
[  259.631319][ T5937] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  259.769999][ T8296] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input33
[  259.811909][ T5937] usb 4-1: Using ep0 maxpacket: 16
[  259.833572][ T5898] usb 3-1: USB disconnect, device number 22
[  259.847239][ T5937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  259.860829][ T5937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  259.926457][ T5937] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  259.978198][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.035686][ T5937] usb 4-1: Product: syz
[  260.039911][ T5937] usb 4-1: Manufacturer: syz
[  260.047150][ T5937] usb 4-1: SerialNumber: syz
[  260.057998][ T5937] usb 4-1: config 0 descriptor??
[  260.720634][ T5937] hub 4-1:0.0: bad descriptor, ignoring hub
[  260.727566][ T5937] hub 4-1:0.0: probe with driver hub failed with error -5
[  260.747104][ T5937] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  260.931345][ T5132] Bluetooth: hci4: command 0x0405 tx timeout
[  260.985780][ T5937] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -12
[  261.042268][ T5898] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  261.116343][   T29] audit: type=1400 audit(1738116049.007:685): avc:  denied  { write } for  pid=8313 comm="syz.1.706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  261.834896][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  261.917831][ T5898] usb 5-1: config 129 descriptor has 1 excess byte, ignoring
[  262.046748][ T5898] usb 5-1: config 129 has 0 interfaces, different from the descriptor's value: 1
[  262.310643][ T5898] usb 5-1: New USB device found, idVendor=6b2a, idProduct=0014, bcdDevice=99.21
[  262.355018][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.441349][ T5869] vhci_hcd: vhci_device speed not set
[  262.518456][   T29] audit: type=1400 audit(1738116050.397:686): avc:  denied  { ioctl } for  pid=8326 comm="syz.2.710" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  262.611029][ T5898] usb 5-1: string descriptor 0 read error: -71
[  262.634164][ T5898] usb 5-1: USB disconnect, device number 12
[  262.653375][   T29] audit: type=1400 audit(1738116050.547:687): avc:  denied  { accept } for  pid=8326 comm="syz.2.710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  262.696725][ T5928] usb 4-1: USB disconnect, device number 14
[  262.897467][   T29] audit: type=1326 audit(1738116050.787:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8337 comm="syz.1.713" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa79898cda9 code=0x0
[  263.083108][ T8329] nvme_fabrics: unknown parameter or missing value 'gD��Я' in ctrl creation request
[  263.132669][ T8329] netlink: 36 bytes leftover after parsing attributes in process `syz.0.711'.
[  263.305006][ T8329] netlink: 16 bytes leftover after parsing attributes in process `syz.0.711'.
[  263.519846][ T8329] netlink: 36 bytes leftover after parsing attributes in process `syz.0.711'.
[  263.796503][ T8329] netlink: 36 bytes leftover after parsing attributes in process `syz.0.711'.
[  263.874575][ T8353] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input34
[  263.976942][   T29] audit: type=1400 audit(1738116051.867:689): avc:  denied  { ioctl } for  pid=8348 comm="syz.4.715" path="socket:[19582]" dev="sockfs" ino=19582 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  264.993034][ T8365] lo speed is unknown, defaulting to 1000
[  265.192977][ T8376] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input35
[  265.325271][ T8371]  nullb0: AHDI p1
[  266.833209][   T29] audit: type=1400 audit(1738116054.727:690): avc:  denied  { bind } for  pid=8398 comm="syz.2.732" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  266.865528][   T29] audit: type=1400 audit(1738116054.727:691): avc:  denied  { name_bind } for  pid=8398 comm="syz.2.732" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  267.012786][   T29] audit: type=1400 audit(1738116054.727:692): avc:  denied  { node_bind } for  pid=8398 comm="syz.2.732" saddr=::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[  267.515087][ T8405] netlink: 16 bytes leftover after parsing attributes in process `syz.0.733'.
[  267.630604][   T29] audit: type=1400 audit(1738116055.517:693): avc:  denied  { mount } for  pid=8398 comm="syz.2.732" name="/" dev="rpc_pipefs" ino=19387 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  267.700094][ T8407] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(226140261999403) <= P.seqno(0) <= S.SWH(226140261999477)) and (P.ackno exists or LAWL(189213870347314) <= P.ackno(189213870347315) <= S.AWH(189213870347315), sending SYNC...
[  267.712527][   T29] audit: type=1400 audit(1738116055.587:694): avc:  denied  { accept } for  pid=8398 comm="syz.2.732" laddr=::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  267.755389][   T29] audit: type=1400 audit(1738116055.587:695): avc:  denied  { write } for  pid=8398 comm="syz.2.732" laddr=::1 lport=20000 faddr=::1 fport=57172 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  268.767398][   T29] audit: type=1400 audit(1738116055.677:696): avc:  denied  { read } for  pid=8398 comm="syz.2.732" laddr=::1 lport=20000 faddr=::1 fport=57172 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  268.869607][   T29] audit: type=1400 audit(1738116056.757:697): avc:  denied  { read write } for  pid=8416 comm="syz.0.737" name="file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  268.937900][   T29] audit: type=1400 audit(1738116056.757:698): avc:  denied  { open } for  pid=8416 comm="syz.0.737" path="/133/file0/file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  269.191344][ T5913] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  269.241321][ T5868] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  269.511889][ T5913] usb 5-1: Using ep0 maxpacket: 16
[  269.971451][ T5913] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  269.982107][ T5913] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.993234][ T5913] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.003273][ T5913] usb 5-1: config 0 interface 0 has no altsetting 0
[  270.010139][ T5913] usb 5-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  270.021607][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.035736][ T5913] usb 5-1: config 0 descriptor??
[  270.049988][ T5868] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  270.061355][ T5868] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  270.071934][ T5868] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  270.081686][ T5868] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  270.093128][ T5868] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  270.106438][ T5868] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  270.106545][ T8435] sg_write: data in/out 196608/5 bytes for SCSI command 0xd-- guessing data in;
[  270.106545][ T8435]    program syz.2.743 not setting count and/or reply_len properly
[  270.139303][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  270.165384][ T5868] usb 1-1: Product: syz
[  270.186405][ T5868] usb 1-1: Manufacturer: syz
[  270.239362][ T5868] cdc_wdm 1-1:1.0: skipping garbage
[  270.259613][ T5868] cdc_wdm 1-1:1.0: skipping garbage
[  270.295436][ T5868] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  270.326019][ T5868] cdc_wdm 1-1:1.0: Unknown control protocol
[  270.458904][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  270.465796][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  270.475885][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  270.482528][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  270.484802][ T8441] FAULT_INJECTION: forcing a failure.
[  270.484802][ T8441] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  270.491265][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  270.508264][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  270.514992][ T5868] usb 1-1: USB disconnect, device number 16
[  270.521038][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  270.521070][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  270.521089][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  270.528000][ T8441] CPU: 0 UID: 0 PID: 8441 Comm: syz.2.746 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  270.528027][ T8441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  270.528038][ T8441] Call Trace:
[  270.528044][ T8441]  <TASK>
[  270.528051][ T8441]  dump_stack_lvl+0x16c/0x1f0
[  270.528084][ T8441]  should_fail_ex+0x50a/0x650
[  270.528111][ T8441]  _copy_to_user+0x32/0xd0
[  270.528138][ T8441]  simple_read_from_buffer+0xd0/0x160
[  270.528166][ T8441]  proc_fail_nth_read+0x198/0x270
[  270.528191][ T8441]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  270.528217][ T8441]  ? rw_verify_area+0xcf/0x680
[  270.528241][ T8441]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  270.528262][ T8441]  vfs_read+0x1df/0xbf0
[  270.528288][ T8441]  ? __fget_files+0x1fc/0x3a0
[  270.528305][ T8441]  ? __pfx___mutex_lock+0x10/0x10
[  270.528331][ T8441]  ? __pfx_vfs_read+0x10/0x10
[  270.528363][ T8441]  ? __fget_files+0x206/0x3a0
[  270.528387][ T8441]  ksys_read+0x12b/0x250
[  270.528412][ T8441]  ? __pfx_ksys_read+0x10/0x10
[  270.528443][ T8441]  do_syscall_64+0xcd/0x250
[  270.528462][ T8441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.528487][ T8441] RIP: 0033:0x7fa7d4d8b7bc
[  270.528501][ T8441] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  270.528518][ T8441] RSP: 002b:00007fa7d5beb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  270.528535][ T8441] RAX: ffffffffffffffda RBX: 00007fa7d4fa5fa0 RCX: 00007fa7d4d8b7bc
[  270.528547][ T8441] RDX: 000000000000000f RSI: 00007fa7d5beb0a0 RDI: 0000000000000005
[  270.528558][ T8441] RBP: 00007fa7d5beb090 R08: 0000000000000000 R09: 0000000000000000
[  270.528568][ T8441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  270.528578][ T8441] R13: 0000000000000000 R14: 00007fa7d4fa5fa0 R15: 00007ffe8eeb30a8
[  270.528602][ T8441]  </TASK>
[  272.032791][ T8424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.041419][ T8424] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.075844][ T5913] kye 0003:0458:0153.0011: unexpected long global item
[  272.087707][ T5913] kye 0003:0458:0153.0011: parse failed
[  272.093795][ T5913] kye 0003:0458:0153.0011: probe with driver kye failed with error -22
[  272.278418][ T8451] netlink: 36 bytes leftover after parsing attributes in process `syz.1.747'.
[  272.310814][ T8451] netlink: 16 bytes leftover after parsing attributes in process `syz.1.747'.
[  272.607505][ T8451] netlink: 36 bytes leftover after parsing attributes in process `syz.1.747'.
[  272.758368][ T8451] netlink: 36 bytes leftover after parsing attributes in process `syz.1.747'.
[  273.127049][ T5869] usb 5-1: USB disconnect, device number 13
[  273.135004][ T5868] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  273.338147][   T29] audit: type=1400 audit(1738116061.227:699): avc:  denied  { map } for  pid=8457 comm="syz.0.752" path="socket:[19887]" dev="sockfs" ino=19887 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  273.403871][   T29] audit: type=1400 audit(1738116061.227:700): avc:  denied  { read } for  pid=8457 comm="syz.0.752" path="socket:[19887]" dev="sockfs" ino=19887 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  273.470799][   T29] audit: type=1400 audit(1738116061.227:701): avc:  denied  { write } for  pid=8457 comm="syz.0.752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  273.548757][ T8467] binder: BINDER_SET_CONTEXT_MGR already set
[  273.555111][ T8467] binder: 8466:8467 ioctl 4018620d 20000040 returned -16
[  273.751298][ T5898] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  274.091529][ T5898] usb 5-1: Using ep0 maxpacket: 8
[  274.293021][ T5898] usb 5-1: config 2 has an invalid interface number: 169 but max is 0
[  274.301293][ T5898] usb 5-1: config 2 has no interface number 0
[  274.307405][ T5898] usb 5-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  274.339271][ T5898] usb 5-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  274.351491][ T5898] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  274.364212][ T5898] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  274.377385][ T5898] usb 5-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  274.493302][ T5898] usb 5-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  274.503057][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.517654][ T5898] cypress_m8 5-1:2.169: DeLorme Earthmate USB converter detected
[  274.554867][ T8479] nvme_fabrics: missing parameter 'transport=%s'
[  274.595205][ T8479] nvme_fabrics: missing parameter 'nqn=%s'
[  274.741853][ T5898] usb 5-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  274.756372][ T5898] usb 5-1: USB disconnect, device number 14
[  275.311597][ T5913] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  275.498984][ T5898] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  275.543891][ T5898] cypress_m8 5-1:2.169: device disconnected
[  275.631409][ T5913] usb 1-1: Using ep0 maxpacket: 16
[  275.665477][ T5913] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  275.707643][ T5913] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.730915][ T8499] netlink: 'syz.3.761': attribute type 10 has an invalid length.
[  275.745185][ T5913] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.938343][ T5913] usb 1-1: config 0 interface 0 has no altsetting 0
[  275.969971][ T5913] usb 1-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  276.030313][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.112470][ T5913] usb 1-1: config 0 descriptor??
[  276.247459][ T8509] binder: BINDER_SET_CONTEXT_MGR already set
[  276.253736][ T8509] binder: 8508:8509 ioctl 4018620d 20000040 returned -16
[  276.483977][ T5868] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  276.527187][ T5913] kye 0003:0458:0153.0012: unexpected long global item
[  276.541625][ T5913] kye 0003:0458:0153.0012: parse failed
[  276.547357][ T5913] kye 0003:0458:0153.0012: probe with driver kye failed with error -22
[  276.854643][ T5868] usb 3-1: Using ep0 maxpacket: 8
[  277.193120][ T8517] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  277.203140][ T8517] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  277.645794][ T5868] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  277.663423][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.681032][ T5868] usb 3-1: Product: syz
[  277.783897][ T5868] usb 3-1: Manufacturer: syz
[  277.807745][ T5868] usb 3-1: SerialNumber: syz
[  278.081280][ T5937] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  278.128364][ T5868] usb 3-1: config 0 descriptor??
[  278.183863][ T5868] gspca_main: sq930x-2.14.0 probing 2770:930c
[  278.282701][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  278.304389][ T5937] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  278.314937][ T5937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  278.329052][ T5937] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  278.376318][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.413261][ T5937] usb 2-1: config 0 descriptor??
[  278.458516][ T5937] hdpvr 2-1:0.0: Could not find bulk-in endpoint
[  278.468033][ T5937] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -12
[  279.157684][ T5928] usb 1-1: USB disconnect, device number 18
[  279.270946][ T5868] gspca_sq930x: reg_w 0305 fd00 failed -110
[  279.310934][ T8521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.323766][ T8521] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.335939][ T8521] binder: 8520:8521 ioctl c0306201 20000080 returned -22
[  279.377214][ T5937] usb 2-1: USB disconnect, device number 19
[  279.434245][ T8539] binder: BINDER_SET_CONTEXT_MGR already set
[  279.440295][ T8539] binder: 8537:8539 ioctl 4018620d 20000040 returned -16
[  279.491266][ T5869] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  279.501578][ T5868] gspca_sq930x: Sensor ov9630 not yet treated
[  279.507736][ T5868] sq930x 3-1:0.0: probe with driver sq930x failed with error -22
[  279.557296][ T5868] usb 3-1: USB disconnect, device number 23
[  279.681583][ T5869] usb 4-1: Using ep0 maxpacket: 8
[  279.930644][ T5869] usb 4-1: config 2 has an invalid interface number: 169 but max is 0
[  279.987582][ T5869] usb 4-1: config 2 has no interface number 0
[  280.043948][ T5869] usb 4-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  280.136051][ T5869] usb 4-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  280.236669][ T5869] usb 4-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  280.524961][ T5869] usb 4-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  281.132375][ T5869] usb 4-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  281.145645][ T5869] usb 4-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  281.154755][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.170753][ T5869] cypress_m8 4-1:2.169: DeLorme Earthmate USB converter detected
[  281.301519][ T8552] libceph: resolve '0' (ret=-3): failed
[  281.340582][   T29] audit: type=1400 audit(1738116069.207:702): avc:  denied  { setopt } for  pid=8550 comm="syz.2.781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  281.532176][ T5869] usb 4-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  281.651389][ T5937] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  281.664202][ T5869] usb 4-1: USB disconnect, device number 15
[  281.695494][ T5869] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  281.705906][ T5869] cypress_m8 4-1:2.169: device disconnected
[  281.862423][ T5937] usb 3-1: Using ep0 maxpacket: 16
[  281.887517][ T5937] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  281.915436][ T5937] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  281.928747][ T5937] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  281.941393][    T8] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  281.965617][ T5937] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.012145][ T5937] usb 3-1: config 0 descriptor??
[  282.130320][    T8] usb 2-1: not running at top speed; connect to a high speed hub
[  282.417110][    T8] usb 2-1: config 1 interface 0 has no altsetting 0
[  282.447085][    T8] usb 2-1: New USB device found, idVendor=09da, idProduct=022b, bcdDevice= 0.40
[  282.475087][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.484033][    T8] usb 2-1: Product: 䰂
[  282.488248][    T8] usb 2-1: Manufacturer: ӿ
[  282.493274][    T8] usb 2-1: SerialNumber: syz
[  282.633441][ T8553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.642268][ T8553] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.749756][ T8555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.769224][ T8555] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.851620][ T5868] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  282.914217][    T8] usbhid 2-1:1.0: can't add hid device: -71
[  282.936702][    T8] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  282.973037][    T8] usb 2-1: USB disconnect, device number 20
[  283.002673][ T8573] netlink: 112 bytes leftover after parsing attributes in process `syz.3.788'.
[  283.012105][ T5868] usb 5-1: Using ep0 maxpacket: 16
[  283.028750][ T5868] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  283.044091][ T8573] netlink: 112 bytes leftover after parsing attributes in process `syz.3.788'.
[  283.054763][ T5868] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  283.067759][ T5868] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  283.087930][ T5868] usb 5-1: config 0 interface 0 has no altsetting 0
[  283.101438][ T5868] usb 5-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  283.122749][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.143703][ T5868] usb 5-1: config 0 descriptor??
[  283.150288][ T8575] binder: BINDER_SET_CONTEXT_MGR already set
[  283.156460][ T8575] binder: 8574:8575 ioctl 4018620d 20000040 returned -16
[  283.543903][ T8582] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  283.550475][ T8582] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  283.558175][ T8582] vhci_hcd vhci_hcd.0: Device attached
[  284.281548][ T5937] usbhid 3-1:0.0: can't add hid device: -71
[  284.350154][ T5868] kye 0003:0458:0153.0013: unexpected long global item
[  284.360809][ T5868] kye 0003:0458:0153.0013: parse failed
[  284.366866][ T5868] kye 0003:0458:0153.0013: probe with driver kye failed with error -22
[  284.461300][ T3069] usb 39-1: new low-speed USB device number 4 using vhci_hcd
[  284.467227][ T5937] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  284.530770][ T5937] usb 3-1: USB disconnect, device number 24
[  285.041394][ T8569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  285.049886][ T8569] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.312307][ T8597] netlink: 'syz.0.793': attribute type 1 has an invalid length.
[  286.320001][ T8597] netlink: 'syz.0.793': attribute type 1 has an invalid length.
[  286.555851][ T5868] usb 5-1: USB disconnect, device number 15
[  287.415044][ T8608] nvme_fabrics: unknown parameter or missing value 'g' in ctrl creation request
[  287.994680][ T8584] vhci_hcd: connection reset by peer
[  288.014975][   T62] vhci_hcd: stop threads
[  288.037509][   T62] vhci_hcd: release socket
[  288.054986][   T62] vhci_hcd: disconnect device
[  288.098954][ T8614]  nullb0: AHDI p1
[  289.394834][ T8641] fuse: Bad value for 'fd'
[  290.673303][ T3069] vhci_hcd: vhci_device speed not set
[  293.307735][ T5898] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  293.531377][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  293.572184][ T5898] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  293.585317][ T8670] netlink: 12 bytes leftover after parsing attributes in process `syz.3.814'.
[  293.586676][ T5898] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.610329][ T5898] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.620707][ T5898] usb 2-1: config 0 interface 0 has no altsetting 0
[  293.635661][ T5898] usb 2-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  293.649333][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.042888][ T5898] usb 2-1: config 0 descriptor??
[  295.075182][ T5898] usbhid 2-1:0.0: can't add hid device: -71
[  295.081648][ T5898] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  295.121987][ T5898] usb 2-1: USB disconnect, device number 21
[  295.238176][ T8661] netlink: 'syz.0.811': attribute type 10 has an invalid length.
[  295.262118][ T8685] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input36
[  296.287356][ T8700] SELinux:  policydb magic number 0x7cff8c does not match expected magic number 0xf97cff8c
[  296.354764][   T29] audit: type=1400 audit(1738116084.177:703): avc:  denied  { bind } for  pid=8698 comm="syz.0.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  296.391557][ T8700] SELinux: failed to load policy
[  296.416596][   T29] audit: type=1400 audit(1738116084.177:704): avc:  denied  { load_policy } for  pid=8667 comm="syz.3.814" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  296.523636][   T29] audit: type=1400 audit(1738116084.197:705): avc:  denied  { listen } for  pid=8698 comm="syz.0.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  296.736815][   T29] audit: type=1400 audit(1738116084.627:706): avc:  denied  { mounton } for  pid=8706 comm="syz.2.824" path="/182/bus" dev="tmpfs" ino=989 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  296.776039][ T8707] syz.2.824: attempt to access beyond end of device
[  296.776039][ T8707] loop2: rw=0, sector=64, nr_sectors = 8 limit=0
[  296.837752][ T8707] syz.2.824: attempt to access beyond end of device
[  296.837752][ T8707] loop2: rw=0, sector=120, nr_sectors = 8 limit=0
[  296.851010][ T5898] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  296.902248][ T8707] Mount JFS Failure: -5
[  296.929146][ T8707] jfs_mount failed w/return code = -5
[  297.044023][ T5898] usb 1-1: config 0 has an invalid interface number: 242 but max is 0
[  297.055467][ T5898] usb 1-1: config 0 has no interface number 0
[  297.067917][ T5898] usb 1-1: config 0 interface 242 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  297.081420][ T5898] usb 1-1: config 0 interface 242 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  297.092140][ T5937] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  297.700961][ T5898] usb 1-1: config 0 interface 242 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  297.731550][ T5898] usb 1-1: New USB device found, idVendor=19d2, idProduct=fc9d, bcdDevice=4b.0e
[  297.762715][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.786962][ T5898] usb 1-1: Product: syz
[  297.797050][ T5898] usb 1-1: Manufacturer: syz
[  297.813445][ T5898] usb 1-1: SerialNumber: syz
[  297.839423][ T5898] usb 1-1: config 0 descriptor??
[  297.846583][ T5937] usb 3-1: config 0 has an invalid interface number: 113 but max is 0
[  297.855229][ T5937] usb 3-1: config 0 has no interface number 0
[  297.923478][ T5898] usb 1-1: bad CDC descriptors
[  297.932457][ T5937] usb 3-1: config 0 interface 113 has no altsetting 0
[  298.073556][ T5937] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  298.074144][ T8705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.084673][ T5937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.121839][ T5937] usb 3-1: Product: syz
[  298.177346][ T8705] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.200920][ T5898] usb 1-1: USB disconnect, device number 19
[  298.294972][ T5937] usb 3-1: Manufacturer: syz
[  298.359296][ T5937] usb 3-1: SerialNumber: syz
[  298.379899][ T5937] usb 3-1: config 0 descriptor??
[  298.425113][ T8726] FAULT_INJECTION: forcing a failure.
[  298.425113][ T8726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  298.439778][ T8726] CPU: 0 UID: 0 PID: 8726 Comm: syz.3.830 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  298.439802][ T8726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  298.439818][ T8726] Call Trace:
[  298.439823][ T8726]  <TASK>
[  298.439837][ T8726]  dump_stack_lvl+0x16c/0x1f0
[  298.439868][ T8726]  should_fail_ex+0x50a/0x650
[  298.439897][ T8726]  _copy_from_iter+0x2a1/0x1560
[  298.439923][ T8726]  ? trace_lock_acquire+0x14e/0x1f0
[  298.439947][ T8726]  ? __pfx__copy_from_iter+0x10/0x10
[  298.439969][ T8726]  ? __virt_addr_valid+0x1a4/0x590
[  298.439989][ T8726]  ? __virt_addr_valid+0x5e/0x590
[  298.440007][ T8726]  ? __phys_addr_symbol+0x30/0x80
[  298.440024][ T8726]  ? __check_object_size+0x488/0x710
[  298.440046][ T8726]  file_tty_write.constprop.0+0x48d/0x9a0
[  298.440071][ T8726]  vfs_write+0x5ae/0x1150
[  298.440097][ T8726]  ? __pfx_tty_write+0x10/0x10
[  298.440116][ T8726]  ? __pfx_vfs_write+0x10/0x10
[  298.440141][ T8726]  ? __fget_files+0x40/0x3a0
[  298.440170][ T8726]  ksys_write+0x12b/0x250
[  298.440196][ T8726]  ? __pfx_ksys_write+0x10/0x10
[  298.440228][ T8726]  do_syscall_64+0xcd/0x250
[  298.440246][ T8726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.440270][ T8726] RIP: 0033:0x7fb88218cda9
[  298.440283][ T8726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.440300][ T8726] RSP: 002b:00007fb882f21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  298.440317][ T8726] RAX: ffffffffffffffda RBX: 00007fb8823a5fa0 RCX: 00007fb88218cda9
[  298.440328][ T8726] RDX: 00000000fffffdef RSI: 0000000020001040 RDI: 0000000000000004
[  298.440339][ T8726] RBP: 00007fb882f21090 R08: 0000000000000000 R09: 0000000000000000
[  298.440348][ T8726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.440358][ T8726] R13: 0000000000000000 R14: 00007fb8823a5fa0 R15: 00007ffcae0b9428
[  298.440381][ T8726]  </TASK>
[  298.761466][ T3069] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  298.804518][    C0] usb 3-1: NFC: Urb failure (status -71)
[  298.951422][ T3069] usb 5-1: Using ep0 maxpacket: 8
[  298.965988][ T3069] usb 5-1: config 2 has an invalid interface number: 169 but max is 0
[  298.966946][    C0] usb 3-1: NFC: Urb failure (status -71)
[  299.042601][ T3069] usb 5-1: config 2 has no interface number 0
[  299.042815][ T5937] usb 3-1: NFC: Unable to get FW version
[  299.066617][ T5937] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -71
[  299.092660][ T5937] usb 3-1: USB disconnect, device number 25
[  299.114758][ T3069] usb 5-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  299.155551][ T3069] usb 5-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  299.195961][ T3069] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  299.223350][ T3069] usb 5-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  299.247939][ T8740] evm: overlay not supported
[  299.266457][   T29] audit: type=1804 audit(1738116087.157:707): pid=8740 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.836" name="/newroot/169/bus/bus" dev="overlay" ino=926 res=1 errno=0
[  299.268686][ T3069] usb 5-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  299.360560][ T3069] usb 5-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  299.380367][ T3069] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.389466][ T8743] netlink: 256 bytes leftover after parsing attributes in process `syz.3.836'.
[  299.403132][ T3069] cypress_m8 5-1:2.169: DeLorme Earthmate USB converter detected
[  299.540514][ T8749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.839'.
[  299.707801][ T3069] usb 5-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  300.536493][ T3069] usb 5-1: USB disconnect, device number 16
[  300.554454][ T3069] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  300.569662][ T3069] cypress_m8 5-1:2.169: device disconnected
[  301.362074][   T29] audit: type=1400 audit(1738116089.247:708): avc:  denied  { accept } for  pid=8754 comm="syz.0.842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  302.070883][ T5828] Bluetooth: hci4: unexpected event for opcode 0x2041
[  303.464526][   T29] audit: type=1400 audit(1738116091.357:709): avc:  denied  { append } for  pid=8777 comm="syz.0.850" name="001" dev="devtmpfs" ino=749 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  303.579354][ T8781] netlink: 'syz.3.846': attribute type 10 has an invalid length.
[  304.141329][   T29] audit: type=1400 audit(1738116092.017:710): avc:  denied  { setattr } for  pid=8786 comm="syz.4.852" path="/dev/mixer" dev="devtmpfs" ino=1286 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  304.170955][ T8792] netlink: 36 bytes leftover after parsing attributes in process `syz.1.853'.
[  305.267024][ T8801] syz.1.858: attempt to access beyond end of device
[  305.267024][ T8801] loop1: rw=0, sector=64, nr_sectors = 8 limit=0
[  305.292868][ T8801] syz.1.858: attempt to access beyond end of device
[  305.292868][ T8801] loop1: rw=0, sector=120, nr_sectors = 8 limit=0
[  305.292955][ T8804] netlink: 'syz.0.854': attribute type 10 has an invalid length.
[  305.309755][ T8801] Mount JFS Failure: -5
[  305.333751][ T8801] jfs_mount failed w/return code = -5
[  305.814097][   T29] audit: type=1400 audit(1738116093.627:711): avc:  denied  { name_bind } for  pid=8802 comm="syz.3.857" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  306.871329][ T5928] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  306.939302][ T8822]  nullb0: AHDI p1
[  307.143781][   T29] audit: type=1400 audit(1738116095.027:712): avc:  denied  { connect } for  pid=8825 comm="syz.2.864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  307.192328][ T5928] usb 2-1: Using ep0 maxpacket: 8
[  307.198720][ T5928] usb 2-1: config 2 has an invalid interface number: 169 but max is 0
[  307.221286][ T5928] usb 2-1: config 2 has no interface number 0
[  307.253722][ T5928] usb 2-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  307.311267][ T5928] usb 2-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  307.351316][ T5928] usb 2-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  307.427061][ T5928] usb 2-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  307.434156][ T8834] netlink: 24 bytes leftover after parsing attributes in process `syz.2.866'.
[  307.461487][ T5928] usb 2-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  307.864602][ T8836] netlink: 'syz.0.867': attribute type 10 has an invalid length.
[  308.161294][ T5928] usb 2-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  308.190745][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.232120][ T5928] cypress_m8 2-1:2.169: DeLorme Earthmate USB converter detected
[  308.458275][   T29] audit: type=1400 audit(1738116096.347:713): avc:  denied  { connect } for  pid=8814 comm="syz.1.862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  308.576490][ T5928] usb 2-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  308.597900][ T5928] usb 2-1: USB disconnect, device number 22
[  308.610934][ T5928] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  308.621141][ T5928] cypress_m8 2-1:2.169: device disconnected
[  308.628204][ T8845] netlink: 36 bytes leftover after parsing attributes in process `syz.0.869'.
[  309.951388][ T5937] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  310.026083][ T8856] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  310.027123][ T8854] IPVS: stopping master sync thread 8856 ...
[  310.111353][ T5937] usb 5-1: Using ep0 maxpacket: 8
[  310.117957][ T5937] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  310.126791][ T5937] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  310.139701][ T5937] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  310.157664][ T5937] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  310.195752][ T8859] lo speed is unknown, defaulting to 1000
[  310.393141][ T8862] lo speed is unknown, defaulting to 1000
[  310.418202][ T5937] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  310.433836][ T8865] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0
[  310.481306][ T5937] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  310.512546][ T5937] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.610687][ T8862] FAULT_INJECTION: forcing a failure.
[  310.610687][ T8862] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  310.624336][ T8862] CPU: 1 UID: 0 PID: 8862 Comm: syz.3.877 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  310.624359][ T8862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  310.624381][ T8862] Call Trace:
[  310.624387][ T8862]  <TASK>
[  310.624394][ T8862]  dump_stack_lvl+0x16c/0x1f0
[  310.624428][ T8862]  should_fail_ex+0x50a/0x650
[  310.624455][ T8862]  _copy_from_user+0x2e/0xd0
[  310.624482][ T8862]  do_ip_vs_set_ctl+0xe02/0x11c0
[  310.624508][ T8862]  ? __print_lock_name+0x200/0x260
[  310.624527][ T8862]  ? __pfx_do_ip_vs_set_ctl+0x10/0x10
[  310.624548][ T8862]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  310.624577][ T8862]  ? rcu_is_watching+0x12/0xc0
[  310.624606][ T8862]  ? __mutex_lock+0x1cc/0xb10
[  310.624636][ T8862]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  310.624684][ T8862]  ? nf_setsockopt+0x8a/0xf0
[  310.624708][ T8862]  nf_setsockopt+0x8a/0xf0
[  310.624737][ T8862]  ip_setsockopt+0xcb/0xf0
[  310.624761][ T8862]  raw_setsockopt+0xb8/0x290
[  310.624783][ T8862]  ? __pfx_raw_setsockopt+0x10/0x10
[  310.624806][ T8862]  ? selinux_socket_setsockopt+0x6a/0x80
[  310.624825][ T8862]  ? sock_common_setsockopt+0x2e/0xf0
[  310.624848][ T8862]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  310.624872][ T8862]  do_sock_setsockopt+0x222/0x480
[  310.624895][ T8862]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  310.624919][ T8862]  ? lock_acquire+0x2f/0xb0
[  310.624955][ T8862]  __sys_setsockopt+0x1a0/0x230
[  310.624978][ T8862]  __x64_sys_setsockopt+0xbd/0x160
[  310.624995][ T8862]  ? do_syscall_64+0x91/0x250
[  310.625012][ T8862]  ? lockdep_hardirqs_on+0x7c/0x110
[  310.625037][ T8862]  do_syscall_64+0xcd/0x250
[  310.625056][ T8862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.625081][ T8862] RIP: 0033:0x7fb88218cda9
[  310.625097][ T8862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.625114][ T8862] RSP: 002b:00007fb882f21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  310.625131][ T8862] RAX: ffffffffffffffda RBX: 00007fb8823a5fa0 RCX: 00007fb88218cda9
[  310.625143][ T8862] RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000004
[  310.625153][ T8862] RBP: 00007fb882f21090 R08: 0000000000000018 R09: 0000000000000000
[  310.625164][ T8862] R10: 0000000020002100 R11: 0000000000000246 R12: 0000000000000001
[  310.625174][ T8862] R13: 0000000000000000 R14: 00007fb8823a5fa0 R15: 00007ffcae0b9428
[  310.625198][ T8862]  </TASK>
[  310.868111][    C1] vkms_vblank_simulate: vblank timer overrun
[  310.920872][ T5937] usb 5-1: usb_control_msg returned -32
[  310.931332][ T5937] usbtmc 5-1:16.0: can't read capabilities
[  311.314882][ T8870] binder: BINDER_SET_CONTEXT_MGR already set
[  311.321042][ T8870] binder: 8869:8870 ioctl 4018620d 20000040 returned -16
[  311.434368][ T8868]  nullb0: AHDI p1
[  311.518440][ T8877] netlink: 'syz.2.880': attribute type 10 has an invalid length.
[  312.102283][ T8880] nvme_fabrics: unknown parameter or missing value 'gD��Я' in ctrl creation request
[  312.115087][ T8880] netlink: 36 bytes leftover after parsing attributes in process `syz.2.882'.
[  312.124572][ T8880] netlink: 16 bytes leftover after parsing attributes in process `syz.2.882'.
[  312.136342][ T8880] netlink: 36 bytes leftover after parsing attributes in process `syz.2.882'.
[  312.145647][ T8880] netlink: 36 bytes leftover after parsing attributes in process `syz.2.882'.
[  312.251664][   T29] audit: type=1800 audit(1738116100.137:714): pid=8884 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.883" name="bus" dev="overlay" ino=2 res=0 errno=0
[  312.273016][    C1] vkms_vblank_simulate: vblank timer overrun
[  312.333834][ T3069] usb 5-1: USB disconnect, device number 17
[  312.445966][   T29] audit: type=1400 audit(1738116100.337:715): avc:  denied  { read append } for  pid=8889 comm="syz.4.886" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  312.469443][    C1] vkms_vblank_simulate: vblank timer overrun
[  312.592412][ T8891] netlink: 36 bytes leftover after parsing attributes in process `syz.3.885'.
[  312.607879][   T29] audit: type=1400 audit(1738116100.337:716): avc:  denied  { open } for  pid=8889 comm="syz.4.886" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  312.651305][   T29] audit: type=1400 audit(1738116100.377:717): avc:  denied  { ioctl } for  pid=8889 comm="syz.4.886" path="/dev/input/mice" dev="devtmpfs" ino=916 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  312.676541][    C1] vkms_vblank_simulate: vblank timer overrun
[  313.528580][   T29] audit: type=1400 audit(1738116101.417:718): avc:  denied  { setopt } for  pid=8894 comm="syz.3.887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  313.602137][   T29] audit: type=1400 audit(1738116101.487:719): avc:  denied  { ioctl } for  pid=8901 comm="syz.2.888" path="socket:[21907]" dev="sockfs" ino=21907 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  313.623112][ T8903] 9pnet_fd: Insufficient options for proto=fd
[  313.663014][ T8903] netlink: 12 bytes leftover after parsing attributes in process `syz.2.888'.
[  313.671928][   T29] audit: type=1400 audit(1738116101.517:720): avc:  denied  { read } for  pid=8901 comm="syz.2.888" dev="sockfs" ino=21901 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  314.262076][ T5132] Bluetooth: hci4: command 0x0405 tx timeout
[  314.341241][ T5928] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  314.804788][   T29] audit: type=1400 audit(1738116102.697:721): avc:  denied  { read } for  pid=8914 comm="syz.3.895" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  314.851336][ T5928] usb 5-1: Using ep0 maxpacket: 8
[  314.868750][   T29] audit: type=1400 audit(1738116102.697:722): avc:  denied  { open } for  pid=8914 comm="syz.3.895" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  314.893072][ T5928] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  314.908806][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.918511][ T5928] usb 5-1: Product: syz
[  314.926618][ T5928] usb 5-1: Manufacturer: syz
[  314.933415][ T5928] usb 5-1: SerialNumber: syz
[  314.939956][ T5928] usb 5-1: config 0 descriptor??
[  315.091758][ T5937] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  315.168079][ T5928] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  315.176177][ T8924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.891'.
[  316.248774][ T5937] usb 4-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice= 8.8f
[  316.259416][ T8905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.272423][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.288367][ T8905] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.463061][ T8930] netlink: 36 bytes leftover after parsing attributes in process `syz.0.898'.
[  316.468979][ T5937] usb 4-1: config 0 descriptor??
[  316.731957][ T5937] gspca_main: pac7311-2.14.0 probing 093a:2601
[  316.898036][ T8915] overlayfs: missing 'lowerdir'
[  316.903489][ T8916] overlayfs: missing 'lowerdir'
[  316.909009][   T29] audit: type=1400 audit(1738116104.787:723): avc:  denied  { mount } for  pid=8914 comm="syz.3.895" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  316.930889][    C0] vkms_vblank_simulate: vblank timer overrun
[  316.941884][ T5937] gspca_pac7311: reg_w() failed index 0xff, value 0x01, error -71
[  316.954291][ T5937] pac7311 4-1:0.0: probe with driver pac7311 failed with error -71
[  316.978981][ T5937] usb 4-1: USB disconnect, device number 16
[  317.005808][ T8918] netlink: 'syz.2.896': attribute type 1 has an invalid length.
[  317.031452][ T8918] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.896'.
[  317.194489][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  317.201373][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  317.244178][ T5928] gspca_sunplus: reg_w_riv err -71
[  317.249374][ T5928] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  317.280008][ T5928] usb 5-1: USB disconnect, device number 18
[  318.561351][   T29] audit: type=1400 audit(1738116105.947:724): avc:  denied  { unmount } for  pid=5814 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  318.866885][ T8951] netlink: 68 bytes leftover after parsing attributes in process `syz.3.904'.
[  319.110014][   T29] audit: type=1400 audit(1738116106.897:725): avc:  denied  { listen } for  pid=8948 comm="syz.3.904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  319.985926][   T29] audit: type=1400 audit(1738116107.857:726): avc:  denied  { ioctl } for  pid=8967 comm="syz.4.910" path="socket:[22810]" dev="sockfs" ino=22810 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  320.990514][ T8981] netlink: 'syz.1.914': attribute type 4 has an invalid length.
[  321.000116][   T29] audit: type=1400 audit(1738116108.877:727): avc:  denied  { connect } for  pid=8978 comm="syz.4.913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  321.132578][   T29] audit: type=1400 audit(1738116108.877:728): avc:  denied  { setopt } for  pid=8979 comm="syz.1.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  321.174490][   T29] audit: type=1400 audit(1738116108.877:729): avc:  denied  { connect } for  pid=8979 comm="syz.1.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  321.205135][   T29] audit: type=1400 audit(1738116108.877:730): avc:  denied  { read } for  pid=8979 comm="syz.1.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  321.263382][ T8989] team_slave_1: entered promiscuous mode
[  321.280041][ T8989] macsec1: entered promiscuous mode
[  321.295088][ T8989] team0: entered promiscuous mode
[  321.325145][ T8989] team0: left promiscuous mode
[  321.330830][ T8989] team_slave_1: left promiscuous mode
[  321.611471][ T5913] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  321.899449][ T5913] usb 5-1: config 0 has an invalid interface number: 102 but max is 0
[  322.028280][ T8973] netlink: 36 bytes leftover after parsing attributes in process `syz.2.912'.
[  322.041366][ T8973] netlink: 16 bytes leftover after parsing attributes in process `syz.2.912'.
[  322.047513][ T5913] usb 5-1: config 0 has no interface number 0
[  322.064957][ T8973] netlink: 36 bytes leftover after parsing attributes in process `syz.2.912'.
[  322.078535][ T5913] usb 5-1: config 0 interface 102 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  322.081619][    T8] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  322.101868][ T8973] netlink: 36 bytes leftover after parsing attributes in process `syz.2.912'.
[  322.121559][ T5913] usb 5-1: config 0 interface 102 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  322.140518][ T5913] usb 5-1: New USB device found, idVendor=3923, idProduct=7825, bcdDevice=c6.57
[  322.150178][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.191266][ T5913] usb 5-1: Product: syz
[  322.198066][ T5913] usb 5-1: Manufacturer: syz
[  322.208723][ T5913] usb 5-1: SerialNumber: syz
[  322.336542][ T5913] usb 5-1: config 0 descriptor??
[  322.356528][ T8990] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  322.432752][ T8990] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  322.486313][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.643689][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  322.732834][    T8] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  322.740757][ T5913] plusb 5-1:0.102 usb0: register 'plusb' at usb-dummy_hcd.4-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 22:e4:ab:42:e4:93
[  322.770606][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.806226][   T29] audit: type=1400 audit(1738116110.697:731): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  322.810331][    T8] usb 1-1: config 0 descriptor??
[  322.860359][ T5913] usb 5-1: USB disconnect, device number 19
[  322.872821][ T5913] plusb 5-1:0.102 usb0: unregister 'plusb' usb-dummy_hcd.4-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1
[  323.392630][    T8] cm6533_jd 0003:0D8C:0022.0014: unknown main item tag 0x0
[  323.410611][    T8] cm6533_jd 0003:0D8C:0022.0014: unknown main item tag 0x0
[  323.586585][    T8] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0014/input/input37
[  324.437109][    T8] cm6533_jd 0003:0D8C:0022.0014: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  324.939224][    T8] usb 1-1: USB disconnect, device number 20
[  327.371830][   T29] audit: type=1400 audit(1738116115.187:732): avc:  denied  { lock } for  pid=9038 comm="syz.1.930" path="socket:[22303]" dev="sockfs" ino=22303 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  328.134710][ T9058] xt_hashlimit: size too large, truncated to 1048576
[  328.704956][ T9069] input: syz0 as /devices/virtual/input/input38
[  328.844226][ T5868] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  329.651429][ T5866] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  329.868823][ T5868] usb 3-1: Using ep0 maxpacket: 16
[  329.911053][ T5868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  329.930330][ T5868] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.947794][ T5868] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  329.973370][ T5868] usb 3-1: config 0 interface 0 has no altsetting 0
[  329.983611][ T5868] usb 3-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  329.995428][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.304056][ T5866] usb 5-1: Using ep0 maxpacket: 32
[  330.313902][ T5868] usb 3-1: config 0 descriptor??
[  330.335966][ T5866] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  330.361387][ T5866] usb 5-1: config 0 has an invalid descriptor of length 160, skipping remainder of the config
[  330.423208][ T5866] usb 5-1: config 0 has no interface number 0
[  330.441992][ T5866] usb 5-1: config 0 interface 51 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  330.499225][ T5866] usb 5-1: config 0 interface 51 has no altsetting 0
[  330.526673][ T5866] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  330.561994][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.575179][ T5866] usb 5-1: Product: syz
[  330.580826][ T5866] usb 5-1: Manufacturer: syz
[  330.603835][ T5866] usb 5-1: SerialNumber: syz
[  330.613255][ T5866] usb 5-1: config 0 descriptor??
[  330.848791][ T5866] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  330.942436][ T5868] kye 0003:0458:0153.0015: unexpected long global item
[  330.952586][ T5868] kye 0003:0458:0153.0015: parse failed
[  330.958698][ T5868] kye 0003:0458:0153.0015: probe with driver kye failed with error -22
[  331.389834][ T5866] usb 5-1: qt2_attach - failed to power on unit: -71
[  331.400380][ T5866] quatech2 5-1:0.51: probe with driver quatech2 failed with error -71
[  331.427316][ T5866] usb 5-1: USB disconnect, device number 20
[  332.010203][ T9102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.020541][ T9102] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.802606][   T29] audit: type=1400 audit(1738116120.647:733): avc:  denied  { append } for  pid=9092 comm="syz.3.947" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  332.862737][   T29] audit: type=1400 audit(1738116120.687:734): avc:  denied  { mount } for  pid=9116 comm="syz.4.954" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  332.886225][    C0] vkms_vblank_simulate: vblank timer overrun
[  332.898344][   T29] audit: type=1400 audit(1738116120.757:735): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  332.918543][    C0] vkms_vblank_simulate: vblank timer overrun
[  333.566104][ T5898] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  333.668874][ T5928] usb 3-1: USB disconnect, device number 26
[  333.792134][ T9125] sg_write: data in/out 196608/5 bytes for SCSI command 0xd-- guessing data in;
[  333.792134][ T9125]    program syz.2.956 not setting count and/or reply_len properly
[  333.851296][ T5898] usb 2-1: Using ep0 maxpacket: 8
[  333.861636][ T5898] usb 2-1: config 2 has an invalid interface number: 169 but max is 0
[  333.869890][ T5898] usb 2-1: config 2 has no interface number 0
[  333.891366][ T5898] usb 2-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  333.918057][ T5898] usb 2-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  334.036602][ T5898] usb 2-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  334.081352][ T5898] usb 2-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  334.559661][ T5898] usb 2-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  334.573469][ T5898] usb 2-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  334.635521][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.651486][ T5898] cypress_m8 2-1:2.169: DeLorme Earthmate USB converter detected
[  334.867701][ T5898] usb 2-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  334.908534][ T5898] usb 2-1: USB disconnect, device number 23
[  334.942631][ T5898] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  334.974019][ T5898] cypress_m8 2-1:2.169: device disconnected
[  334.987098][ T9147] netlink: 16 bytes leftover after parsing attributes in process `syz.0.964'.
[  335.261491][ T5866] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  335.441233][ T5866] usb 4-1: Using ep0 maxpacket: 32
[  335.472263][ T5866] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  335.480318][ T5866] usb 4-1: config 0 has no interface number 0
[  335.505546][ T5866] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.705661][ T5866] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  335.951252][ T5866] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  335.960582][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.012221][ T5866] usb 4-1: config 0 descriptor??
[  336.976627][   T29] audit: type=1400 audit(1738116124.867:736): avc:  denied  { connect } for  pid=9159 comm="syz.2.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  337.248003][   T29] audit: type=1400 audit(1738116124.867:737): avc:  denied  { setopt } for  pid=9159 comm="syz.2.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  337.325780][ T5866] uclogic 0003:28BD:0094.0016: pen parameters not found
[  337.334611][ T5866] uclogic 0003:28BD:0094.0016: interface is invalid, ignoring
[  337.379468][   T29] audit: type=1400 audit(1738116125.267:738): avc:  denied  { read } for  pid=9159 comm="syz.2.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  337.465144][   T29] audit: type=1400 audit(1738116125.347:739): avc:  denied  { connect } for  pid=9176 comm="syz.4.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  337.549513][   T29] audit: type=1400 audit(1738116125.407:740): avc:  denied  { write } for  pid=9176 comm="syz.4.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  337.580420][ T5866] usb 4-1: USB disconnect, device number 17
[  337.652484][ T5913] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  338.047289][ T9183] netlink: 24 bytes leftover after parsing attributes in process `syz.4.975'.
[  338.165417][ T9186] netlink: 40 bytes leftover after parsing attributes in process `syz.0.976'.
[  338.191284][ T5913] usb 2-1: Using ep0 maxpacket: 8
[  338.228463][ T5913] usb 2-1: config 2 has an invalid interface number: 169 but max is 0
[  338.247197][ T5913] usb 2-1: config 2 has no interface number 0
[  338.257344][ T5913] usb 2-1: config 2 interface 169 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  338.270568][ T5913] usb 2-1: config 2 interface 169 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  338.296736][ T5913] usb 2-1: config 2 interface 169 altsetting 0 endpoint 0x8B has an invalid bInterval 129, changing to 11
[  338.336984][ T5913] usb 2-1: config 2 interface 169 altsetting 0 endpoint 0x8B has invalid maxpacket 58232, setting to 1024
[  338.403731][ T5913] usb 2-1: config 2 interface 169 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  338.431972][   T29] audit: type=1326 audit(1738116126.327:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9189 comm="syz.3.977" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb88218cda9 code=0x0
[  338.478706][ T5913] usb 2-1: New USB device found, idVendor=1163, idProduct=0200, bcdDevice=b8.92
[  338.539627][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.568247][ T5913] cypress_m8 2-1:2.169: DeLorme Earthmate USB converter detected
[  338.943614][ T5913] usb 2-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  338.986742][ T5913] usb 2-1: USB disconnect, device number 24
[  339.037866][ T5913] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  339.251780][ T5913] cypress_m8 2-1:2.169: device disconnected
[  340.034320][ T9206] sg_write: data in/out 196608/5 bytes for SCSI command 0xd-- guessing data in;
[  340.034320][ T9206]    program syz.1.982 not setting count and/or reply_len properly
[  340.111496][ T5868] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  340.281471][ T5868] usb 4-1: Using ep0 maxpacket: 32
[  340.304765][ T5868] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  340.367727][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.490950][ T5868] usb 4-1: config 0 descriptor??
[  340.541493][ T5868] as10x_usb: device has been detected
[  340.549854][ T5868] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  340.605383][ T5868] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  340.725894][ T5868] as10x_usb: error during firmware upload part1
[  340.747675][ T5868] Registered device nBox DVB-T Dongle
[  340.767090][ T5868] usb 4-1: USB disconnect, device number 18
[  340.821748][ T5928] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  340.865972][ T5868] Unregistered device nBox DVB-T Dongle
[  340.867348][ T5868] as10x_usb: device has been disconnected
[  341.011288][ T5928] usb 2-1: Using ep0 maxpacket: 16
[  341.022733][ T5928] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  341.045364][ T5928] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  341.081257][ T5928] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  341.106968][ T5928] usb 2-1: config 0 interface 0 has no altsetting 0
[  341.124318][ T5928] usb 2-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  341.161256][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.228730][ T5928] usb 2-1: config 0 descriptor??
[  341.803262][ T5928] kye 0003:0458:0153.0017: unexpected long global item
[  341.825842][ T5928] kye 0003:0458:0153.0017: parse failed
[  341.840719][ T5928] kye 0003:0458:0153.0017: probe with driver kye failed with error -22
[  343.023147][ T9240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  343.031818][ T9240] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  343.040346][ T5868] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  343.204256][ T5868] usb 5-1: Using ep0 maxpacket: 16
[  343.226174][ T5868] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  343.303644][ T5868] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  343.345127][ T5868] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  343.354775][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.366945][ T5868] usb 5-1: config 0 descriptor??
[  343.611926][ T3069] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  343.757318][ T5828] Bluetooth: hci4: link tx timeout
[  343.763979][ T5828] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  343.792678][ T3069] usb 1-1: Using ep0 maxpacket: 8
[  343.803314][ T3069] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  343.837073][ T3069] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  343.848851][ T5868] hid-multitouch 0003:1FD2:6007.0018: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0
[  343.862676][ T3069] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.880801][ T3069] usb 1-1: config 0 descriptor??
[  343.914524][ T5828] Bluetooth: hci4: link tx timeout
[  343.919876][ T5828] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  343.943147][ T5828] Bluetooth: hci4: link tx timeout
[  343.948469][ T5828] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  343.993227][ T9261] netlink: 8 bytes leftover after parsing attributes in process `syz.3.995'.
[  344.115620][ T5868] usb 2-1: USB disconnect, device number 25
[  344.125485][ T3069] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  344.133385][ T9267] netlink: 'syz.3.995': attribute type 2 has an invalid length.
[  344.147302][ T9267] netlink: 'syz.3.995': attribute type 1 has an invalid length.
[  344.157788][ T9267] netlink: 'syz.3.995': attribute type 1 has an invalid length.
[  344.208354][ T3069] usb 5-1: USB disconnect, device number 21
[  344.308467][ T5913] usb 1-1: USB disconnect, device number 21
[  344.444121][ T5828] Bluetooth: hci4: link tx timeout
[  344.449369][ T5828] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  344.790946][ T9270] nvme_fabrics: unknown parameter or missing value 'gD��Я' in ctrl creation request
[  344.927878][ T9270] netlink: 36 bytes leftover after parsing attributes in process `syz.1.996'.
[  344.939396][ T9270] netlink: 16 bytes leftover after parsing attributes in process `syz.1.996'.
[  344.948679][ T5828] Bluetooth: hci4: link tx timeout
[  344.955171][ T5828] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  344.955190][ T9270] netlink: 36 bytes leftover after parsing attributes in process `syz.1.996'.
[  345.089881][ T9270] netlink: 36 bytes leftover after parsing attributes in process `syz.1.996'.
[  345.217387][ T3069] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  345.352845][ T9292] netlink: 84 bytes leftover after parsing attributes in process `syz.4.997'.
[  345.421400][   T29] audit: type=1400 audit(1738116133.237:742): avc:  denied  { append } for  pid=9287 comm="syz.4.997" name="sg0" dev="devtmpfs" ino=738 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  345.449997][ T3069] usb 1-1: Using ep0 maxpacket: 8
[  345.876119][ T5828] Bluetooth: hci4: command 0x0405 tx timeout
[  345.882517][ T5828] Bluetooth: hci4: link tx timeout
[  345.887808][ T5828] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  345.902270][ T5828] ==================================================================
[  345.910451][ T5828] BUG: KASAN: slab-use-after-free in hci_disconnect+0x200/0x230
[  345.918100][ T5828] Read of size 4 at addr ffff88805963803c by task kworker/u9:4/5828
[  345.926082][ T5828] 
[  345.928403][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: kworker/u9:4 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  345.928423][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  345.928435][ T5828] Workqueue: hci4 hci_tx_work
[  345.928458][ T5828] Call Trace:
[  345.928464][ T5828]  <TASK>
[  345.928471][ T5828]  dump_stack_lvl+0x116/0x1f0
[  345.928500][ T5828]  print_report+0xc3/0x620
[  345.928520][ T5828]  ? __virt_addr_valid+0x5e/0x590
[  345.928539][ T5828]  ? __phys_addr+0xc6/0x150
[  345.928558][ T5828]  kasan_report+0xd9/0x110
[  345.928577][ T5828]  ? hci_disconnect+0x200/0x230
[  345.928602][ T5828]  ? hci_disconnect+0x200/0x230
[  345.928628][ T5828]  hci_disconnect+0x200/0x230
[  345.928651][ T5828]  ? __pfx_hci_disconnect+0x10/0x10
[  345.928675][ T5828]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  345.928700][ T5828]  ? __rcu_read_unlock+0x2b4/0x580
[  345.928725][ T5828]  __check_timeout+0x3ed/0x720
[  345.928744][ T5828]  ? __check_timeout+0x3ce/0x720
[  345.928763][ T5828]  ? __pfx___check_timeout+0x10/0x10
[  345.928784][ T5828]  hci_tx_work+0x6e3/0x1410
[  345.928803][ T5828]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  345.928828][ T5828]  ? rcu_is_watching+0x12/0xc0
[  345.928847][ T5828]  ? __pfx_hci_tx_work+0x10/0x10
[  345.928867][ T5828]  ? lock_acquire+0x2f/0xb0
[  345.928889][ T5828]  ? process_one_work+0x921/0x1ba0
[  345.928913][ T5828]  process_one_work+0x9c5/0x1ba0
[  345.928941][ T5828]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  345.928966][ T5828]  ? __pfx_process_one_work+0x10/0x10
[  345.928992][ T5828]  ? assign_work+0x1a0/0x250
[  345.929014][ T5828]  worker_thread+0x6c8/0xf00
[  345.929042][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  345.929065][ T5828]  kthread+0x3af/0x750
[  345.929087][ T5828]  ? __pfx_kthread+0x10/0x10
[  345.929108][ T5828]  ? lock_acquire+0x2f/0xb0
[  345.929133][ T5828]  ? __pfx_kthread+0x10/0x10
[  345.929160][ T5828]  ret_from_fork+0x45/0x80
[  345.929183][ T5828]  ? __pfx_kthread+0x10/0x10
[  345.929203][ T5828]  ret_from_fork_asm+0x1a/0x30
[  345.929235][ T5828]  </TASK>
[  345.929241][ T5828] 
[  345.961912][ T5928] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  345.965278][ T5828] Allocated by task 5828:
[  345.965292][ T5828]  kasan_save_stack+0x33/0x60
[  346.141320][ T5828]  kasan_save_track+0x14/0x30
[  346.145984][ T5828]  __kasan_kmalloc+0xaa/0xb0
[  346.150552][ T5828]  __hci_conn_add+0x131/0x1ab0
[  346.155300][ T5828]  hci_conn_add_unset+0x6d/0x100
[  346.160222][ T5828]  le_conn_complete_evt+0x798/0x1da0
[  346.165491][ T5828]  hci_le_conn_complete_evt+0x23c/0x370
[  346.171024][ T5828]  hci_le_meta_evt+0x2e2/0x5d0
[  346.175781][ T5828]  hci_event_packet+0x666/0x1180
[  346.180701][ T5828]  hci_rx_work+0x2c5/0x16b0
[  346.185196][ T5828]  process_one_work+0x9c5/0x1ba0
[  346.190119][ T5828]  worker_thread+0x6c8/0xf00
[  346.194694][ T5828]  kthread+0x3af/0x750
[  346.198746][ T5828]  ret_from_fork+0x45/0x80
[  346.203152][ T5828]  ret_from_fork_asm+0x1a/0x30
[  346.207898][ T5828] 
[  346.210207][ T5828] Freed by task 5132:
[  346.214170][ T5828]  kasan_save_stack+0x33/0x60
[  346.218837][ T5828]  kasan_save_track+0x14/0x30
[  346.223496][ T5828]  kasan_save_free_info+0x3b/0x60
[  346.228506][ T5828]  __kasan_slab_free+0x51/0x70
[  346.233261][ T5828]  kfree+0x2c4/0x4d0
[  346.237143][ T5828]  device_release+0xa1/0x240
[  346.241720][ T5828]  kobject_put+0x1e4/0x5a0
[  346.246125][ T5828]  device_unregister+0x2f/0xc0
[  346.250877][ T5828]  hci_conn_del_sysfs+0xab/0x170
[  346.255801][ T5828]  hci_conn_del+0x54e/0xdb0
[  346.260288][ T5828]  hci_conn_failed+0x2a6/0x3e0
[  346.265036][ T5828]  hci_abort_conn_sync+0x91c/0xfe0
[  346.270135][ T5828]  abort_conn_sync+0x197/0x360
[  346.274881][ T5828]  hci_cmd_sync_work+0x1a4/0x410
[  346.279803][ T5828]  process_one_work+0x9c5/0x1ba0
[  346.284735][ T5828]  worker_thread+0x6c8/0xf00
[  346.289321][ T5828]  kthread+0x3af/0x750
[  346.293375][ T5828]  ret_from_fork+0x45/0x80
[  346.297781][ T5828]  ret_from_fork_asm+0x1a/0x30
[  346.302533][ T5828] 
[  346.304839][ T5828] The buggy address belongs to the object at ffff888059638000
[  346.304839][ T5828]  which belongs to the cache kmalloc-8k of size 8192
[  346.318871][ T5828] The buggy address is located 60 bytes inside of
[  346.318871][ T5828]  freed 8192-byte region [ffff888059638000, ffff88805963a000)
[  346.332652][ T5828] 
[  346.334969][ T5828] The buggy address belongs to the physical page:
[  346.341364][ T5828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59638
[  346.350102][ T5828] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  346.358581][ T5828] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  346.366220][ T5828] page_type: f5(slab)
[  346.370192][ T5828] raw: 00fff00000000040 ffff88801b042280 dead000000000122 0000000000000000
[  346.378757][ T5828] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  346.387325][ T5828] head: 00fff00000000040 ffff88801b042280 dead000000000122 0000000000000000
[  346.395979][ T5828] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  346.404653][ T5828] head: 00fff00000000003 ffffea0001658e01 ffffffffffffffff 0000000000000000
[  346.413314][ T5828] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  346.421977][ T5828] page dumped because: kasan: bad access detected
[  346.428374][ T5828] page_owner tracks the page as allocated
[  346.434065][ T5828] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5828, tgid 5828 (kworker/u9:4), ts 59247404335, free_ts 13699901497
[  346.455408][ T5828]  post_alloc_hook+0x181/0x1b0
[  346.460173][ T5828]  get_page_from_freelist+0xfce/0x2f80
[  346.465618][ T5828]  __alloc_frozen_pages_noprof+0x221/0x2470
[  346.471496][ T5828]  alloc_pages_mpol+0x1fc/0x540
[  346.476332][ T5828]  new_slab+0x23d/0x330
[  346.480475][ T5828]  ___slab_alloc+0xc5d/0x1720
[  346.485146][ T5828]  __slab_alloc.constprop.0+0x56/0xb0
[  346.490512][ T5828]  __kmalloc_cache_noprof+0xfa/0x410
[  346.495791][ T5828]  __hci_conn_add+0x131/0x1ab0
[  346.500544][ T5828]  hci_conn_add_unset+0x6d/0x100
[  346.505466][ T5828]  le_conn_complete_evt+0x798/0x1da0
[  346.510736][ T5828]  hci_le_conn_complete_evt+0x23c/0x370
[  346.516264][ T5828]  hci_le_meta_evt+0x2e2/0x5d0
[  346.521014][ T5828]  hci_event_packet+0x666/0x1180
[  346.525933][ T5828]  hci_rx_work+0x2c5/0x16b0
[  346.530421][ T5828]  process_one_work+0x9c5/0x1ba0
[  346.535361][ T5828] page last free pid 1 tgid 1 stack trace:
[  346.541147][ T5828]  free_frozen_pages+0x6db/0xfb0
[  346.546094][ T5828]  free_contig_range+0x133/0x3f0
[  346.551043][ T5828]  destroy_args+0x66f/0x830
[  346.555534][ T5828]  debug_vm_pgtable+0x130f/0x2d60
[  346.560545][ T5828]  do_one_initcall+0x128/0x700
[  346.565306][ T5828]  kernel_init_freeable+0x5c7/0x900
[  346.570491][ T5828]  kernel_init+0x1c/0x2b0
[  346.574806][ T5828]  ret_from_fork+0x45/0x80
[  346.579211][ T5828]  ret_from_fork_asm+0x1a/0x30
[  346.584046][ T5828] 
[  346.586350][ T5828] Memory state around the buggy address:
[  346.591963][ T5828]  ffff888059637f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  346.600005][ T5828]  ffff888059637f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  346.608062][ T5828] >ffff888059638000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  346.616116][ T5828]                                         ^
[  346.621997][ T5828]  ffff888059638080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  346.630041][ T5828]  ffff888059638100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  346.638085][ T5828] ==================================================================
[  346.799494][ T3069] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  346.809540][ T5828] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  346.816769][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: kworker/u9:4 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  346.827273][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  346.837323][ T5828] Workqueue: hci4 hci_tx_work
[  346.841984][ T5828] Call Trace:
[  346.845238][ T5828]  <TASK>
[  346.848145][ T5828]  dump_stack_lvl+0x3d/0x1f0
[  346.852717][ T5828]  panic+0x71d/0x800
[  346.856585][ T5828]  ? __pfx_panic+0x10/0x10
[  346.860981][ T5828]  ? preempt_schedule_thunk+0x1a/0x30
[  346.866333][ T5828]  ? preempt_schedule_common+0x44/0xc0
[  346.871772][ T5828]  ? check_panic_on_warn+0x1f/0xb0
[  346.876902][ T5828]  check_panic_on_warn+0xab/0xb0
[  346.881825][ T5828]  end_report+0x117/0x180
[  346.886138][ T5828]  kasan_report+0xe9/0x110
[  346.890532][ T5828]  ? hci_disconnect+0x200/0x230
[  346.895365][ T5828]  ? hci_disconnect+0x200/0x230
[  346.900213][ T5828]  hci_disconnect+0x200/0x230
[  346.904885][ T5828]  ? __pfx_hci_disconnect+0x10/0x10
[  346.910063][ T5828]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  346.915853][ T5828]  ? __rcu_read_unlock+0x2b4/0x580
[  346.920957][ T5828]  __check_timeout+0x3ed/0x720
[  346.925701][ T5828]  ? __check_timeout+0x3ce/0x720
[  346.930643][ T5828]  ? __pfx___check_timeout+0x10/0x10
[  346.935924][ T5828]  hci_tx_work+0x6e3/0x1410
[  346.940411][ T5828]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  346.946030][ T5828]  ? rcu_is_watching+0x12/0xc0
[  346.950777][ T5828]  ? __pfx_hci_tx_work+0x10/0x10
[  346.955693][ T5828]  ? lock_acquire+0x2f/0xb0
[  346.960177][ T5828]  ? process_one_work+0x921/0x1ba0
[  346.965281][ T5828]  process_one_work+0x9c5/0x1ba0
[  346.970207][ T5828]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  346.975841][ T5828]  ? __pfx_process_one_work+0x10/0x10
[  346.981213][ T5828]  ? assign_work+0x1a0/0x250
[  346.985810][ T5828]  worker_thread+0x6c8/0xf00
[  346.990398][ T5828]  ? __pfx_worker_thread+0x10/0x10
[  346.995511][ T5828]  kthread+0x3af/0x750
[  346.999565][ T5828]  ? __pfx_kthread+0x10/0x10
[  347.004129][ T5828]  ? lock_acquire+0x2f/0xb0
[  347.008625][ T5828]  ? __pfx_kthread+0x10/0x10
[  347.013191][ T5828]  ret_from_fork+0x45/0x80
[  347.017586][ T5828]  ? __pfx_kthread+0x10/0x10
[  347.022150][ T5828]  ret_from_fork_asm+0x1a/0x30
[  347.026912][ T5828]  </TASK>
[  347.030196][ T5828] Kernel Offset: disabled
[  347.034513][ T5828] Rebooting in 86400 seconds..