last executing test programs:

12m3.144995339s ago: executing program 4 (id=1225):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x806, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000d80)=[@enter_looper, @register_looper={0x6315}], 0x0, 0x0, 0x0})

12m2.829063357s ago: executing program 4 (id=1229):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x84800, 0x0)

12m2.509928702s ago: executing program 4 (id=1230):
syz_usb_connect(0x5, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x1f, 0x66, 0x8, 0x58f, 0x6610, 0x4805, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x70, 0x81, [{{0x9, 0x4, 0x0, 0x81, 0x0, 0xff, 0xff, 0xff, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
r1 = socket$inet(0x2, 0x1, 0x100)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
syz_usb_ep_write(r2, 0x81, 0x8, &(0x7f00000001c0)="db2a9e72789f6a54")
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)="2811", 0x2}], 0x1}, 0x80)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f0000000680)=ANY=[@ANYBLOB="016f0800010000000000200000004600003f00000000008490783fffffffac1414aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba0000fe9078001309096f2f450000fffd00000004e0b7b14ea3e772d436eeb4c9b90002d58838068b9100000059a53e95d1ae723f0ef187ba880f55dbab43e792873d1c95d723ea10c57a200e36e126d4f0001ec8f850ad02485623ba90e07de49090e5df5bf0db40c024ca"], 0x4e)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000380)=[{0x3, 0x6000, 0x1, &(0x7f00000003c0)='t'}], 0x1})
syz_usb_connect$cdc_ecm(0x4, 0x11b, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x87, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x109, 0x1, 0x1, 0x0, 0x40, 0x7f, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x2, 0x6, 0x0, 0x9, {{0x8, 0x24, 0x6, 0x0, 0x0, "bfe2e9"}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x0, 0x2, 0x3f}, [@mdlm_detail={0xc2, 0x24, 0x13, 0x9, "ebd8c37a0ade87cd705cce2e65aecbd8195328d8a0cdd09365555abfd9d7905c223613015495179d77887aa4fe8bf33461962528c4bf3178495bf4e716434a4fc829d182c33be511cfd640bde4b8403132d253c9619004337dcc11ba0b1093edef806cde1ef8a06e4e63534f821d052a9eccf0242cab54e5f0c61e3e8e141a3e9c45e77a2c4a308c6a452103514bf1862db12bf6bd7282859c37ba5238af3e2d281f0623ca79dd0027d21a3a9048db8b67b9fd531c697817f77067261632"}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x8, 0x4, 0xf9, 0xff}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x4, 0x7, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x0, 0x9, 0x4}}}}}]}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x80, 0xf8, 0x8, 0x37, 0x5}, 0xc, &(0x7f00000000c0)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0x9, 0xd, 0x5d0c}]}, 0x7, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x43f}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x860}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x812}}, {0x7b, &(0x7f0000000580)=@string={0x7b, 0x3, "247f3951677ae89d5099e2bd142475d97f3da546d6b9d94acf13b3479eeb96a6ea91ad12b30162ccc49af76bbb306c2062f6be29f8824f99285c09f3694c0ccd269266f1b1be8b538a1c110ca0266b503a6c9bb23b81cec2590621ecc52770f71ec7e49cc0e770e9f450096af725e3d1b14e780d638b91ff96"}}]})

11m58.853514901s ago: executing program 4 (id=1246):
socket$can_j1939(0x1d, 0x2, 0x7)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x2)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x80101)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
chroot(&(0x7f0000000780)='./file0\x00')
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xa9a, 0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x7, 0x400, 0x800, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000003580)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x40}, {0x1, 0xc9, 0xa6}}}}, 0xa)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x40408c0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="300000001a0001000000000000000000a9ab81800000030000000000000014000100"/50], 0x30}}, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5)
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x208000, 0x0)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})

11m58.744976844s ago: executing program 4 (id=1248):
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000001080)=ANY=[], 0x180}}, 0x4000040)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x18)
r0 = socket$nl_route(0x10, 0x3, 0x0)
getsockname(r0, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000002500), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4011}, 0x4004004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x161102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000000))
r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r5, 0x0)
write$selinux_load(r4, &(0x7f0000000000)=ANY=[], 0x2046)

11m58.500828437s ago: executing program 4 (id=1250):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f00000001c0)={&(0x7f0000000080)=""/12, 0xc})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, 0x0)
unshare(0x28000400)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x600, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0xd)
r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r8 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r8, &(0x7f0000002700)=""/102392, 0x18ff8)

11m58.290522589s ago: executing program 32 (id=1250):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f00000001c0)={&(0x7f0000000080)=""/12, 0xc})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, 0x0)
unshare(0x28000400)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x600, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0xd)
r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r8 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r8, &(0x7f0000002700)=""/102392, 0x18ff8)

33.20603302s ago: executing program 1 (id=3548):
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYBLOB="3200cb61e9"])

18.7600981s ago: executing program 1 (id=3607):
socket(0x6, 0x3, 0x1)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x0, 0x8, 0x0, {0x0, 0x1}, {0x48, 0x2}, @cond=[{0x0, 0x20c8, 0x20, 0x6, 0xb3}, {0x8, 0x11, 0x1, 0x10, 0x5, 0xfaa}]})
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250)
mknodat(0xffffffffffffff9c, 0x0, 0x20, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000480)=0x2)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r2, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty, 0x3aa7}, @ib={0x1b, 0xffff, 0x0, {}, 0x0, 0xfffffffffffffffc, 0x6}}}, 0x118)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2, 0x2}}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000140)=[0x0, <r5=>0x0], 0x0, 0x0, 0x0, 0x2})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r6=>r4}, './file0\x00'})
write$P9_RXATTRCREATE(r6, &(0x7f0000000400)={0x7, 0x21, 0x1}, 0x7)
ioctl$DRM_IOCTL_MODE_GETENCODER(r4, 0xc01464a6, &(0x7f0000000240)={r5})
r7 = syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000440)='block_rq_requeue\x00'}, 0x18)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000600), 0x240000, 0x0)
r9 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r9, 0xaf01, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000040)='statm\x00')
r11 = dup3(r8, r10, 0x0)
ioctl$VHOST_SET_VRING_CALL(r9, 0x4008af21, &(0x7f0000000240)={0x1, r11})
prlimit64(r7, 0x8, &(0x7f00000000c0)={0x0, 0x7}, &(0x7f0000000100))

17.713126313s ago: executing program 1 (id=3611):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\a\x00\x00\x00\t\x00\x00\x00'], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000e2ffffff000095000000cfa04eaffc57c600a3eda615fcdd0f59fef4c4bef283ed455250f80146bfe3d8db0adfae96cdb2809288d4e1411b2eddad42d2dba73cf868809a073b40e504c56400244df206f634462f2d0f693a000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0, 0x0, 0x4}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_clone(0xe8344400, 0x0, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000780)={0x3, &(0x7f00000001c0)=[{0xc, 0x0, 0x5, 0x7}, {0x9c, 0x38, 0x4}, {0x6, 0x0, 0x2, 0xffffffff}]})
unshare(0x2040400)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, 0x0, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000080)={0x220, 0x0, 0x1}, 0x18, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r6, 0x8010500c, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x8000, 0x13)
r7 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r7, 0x2000, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', r7, 0x0, 0x3)
readv(r5, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/91, 0x5b}], 0x1)
socket$kcm(0xa, 0x2, 0x73)
r8 = userfaultfd(0x801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))

16.227271615s ago: executing program 1 (id=3615):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r6, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="010007bd7000fddbdfb2d0465a460c0e670064000000a9000300", @ANYRES32=r7, @ANYBLOB="0c0099000b00000043000000"], 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r9)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r10)
r11 = socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, 0x0)

15.101802125s ago: executing program 1 (id=3616):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
r1 = dup2(r0, r0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x800000000000000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00'}, 0x48)
r5 = socket$kcm(0x2, 0x5, 0x0)
r6 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000040)={r5, r4})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r7, 0x942e, 0x0)
ioctl$KVM_X86_SETUP_MCE(r7, 0x4008ae9c, &(0x7f0000000280)={0x14, 0x4, 0x3})
ioctl$KVM_X86_SETUP_MCE(r7, 0x4008ae9c, &(0x7f0000000080)={0x1c, 0x0, 0x5a})
readv(r0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/2, 0x2}, {&(0x7f00000002c0)=""/4096, 0x1000}], 0x2)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x5)

14.953669675s ago: executing program 1 (id=3617):
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYBLOB="3200cb61e9"])

10.862155895s ago: executing program 2 (id=3634):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
lchown(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r4, &(0x7f0000000400)="2ae0e710", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
setsockopt$inet6_int(r4, 0x29, 0x5, &(0x7f0000000140)=0x6, 0x4)
recvmmsg(r4, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000500)=@arm64={0x8, 0x1, 0x58, '\x00', 0x667})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000980)={0x1, @pix_mp={0x8d2, 0x0, 0x48524742, 0x0, 0x4, [{0x0, 0xfffffffd}, {0x0, 0x7}, {0x0, 0x80000}, {0xffff7fff}, {0x8}, {}, {0x0, 0x1}]}})
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1c)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)

10.338963129s ago: executing program 2 (id=3638):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000500)='ext4_remove_blocks\x00', r1, 0x0, 0x4}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
fcntl$getownex(r3, 0x10, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELTABLE={0x18c, 0x2, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_TABLE_USERDATA={0xf8, 0x6, "fa794a1c41b5d720b66539e37e4da14d95048caccae0966cba979bed886675ef02a3270b4258722a8d8e74152a91f9660bca6c5da90053d5c233cbc8f7a7f64b45eaecdd5ee0b0a5ddb6bd4f04fc3a1f1302ceecbdc2b69acca3e03d3af36452477ce38a06c3363d552a4e24facfb346a5b692a7a0ec524a50028717002ba59600d52364c5283054b52d25f6ccc59b633f0026c8c7490010f339dfe41f0ed929bafd93320639ed7fa2452cef422d135e4afd3563f6e96b0883115f7895289b87318b51cf215a7a4c0238a864559274fb19918640e698d454f1257c28947dcd1c02ccb5ebbcf4bdb0fbae866d2d3bbfea7c0f4532"}, @NFTA_TABLE_USERDATA={0x69, 0x6, "cd457a757da6cd7cce7e7706bf4650e6e39f2514cc9e8a3347aa1974ae953ae037b66821c162c9baa005a7a609ce152590b426053f67944c88e73299155663332327fc782680256b68ead5a41ff1849bcffd8cc6d13c22cd3730450ae8d0b0519f98af9195"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x80, 0x0, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x3e, 0x6, "f44c3395f59750c86040f461203e63a0e87eb5f9f55d290d83ec21e31735bf5c4d45bdfa56e7169a28296de01bd68cdcacebbefa4f35c1ee3e7f"}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x234}, 0x1, 0x0, 0x0, 0x48844}, 0x40050)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
umount2(&(0x7f0000000040)='.\x00', 0x2)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[<r8=>0x0], &(0x7f00000001c0), 0x0, 0x1, 0x0, 0x0, r7})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000300)={0x1, 0x1, &(0x7f0000000180)=[r7], &(0x7f00000000c0)=[0x2], &(0x7f0000000240)=[r8], &(0x7f0000000040)})

8.780012353s ago: executing program 3 (id=3640):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r6, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="010007bd7000fddbdfb2d0465a460c0e670064000000a9000300", @ANYRES32=r7, @ANYBLOB="0c0099000b00000043000000"], 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r9)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r10)
r11 = socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, 0x0)

7.849412766s ago: executing program 0 (id=3641):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x123, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x6, 0x0, 0x68b, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000240)={[&(0x7f00000000c0)='=\x8d5\x10\xe4\x00\bj\xfb', &(0x7f0000000080)='=\x8d5\x10\xe4\x00\bj\xfb']})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00'})
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
migrate_pages(r2, 0x8, &(0x7f0000000300)=0x8, &(0x7f0000000340)=0x5)
r5 = socket$netlink(0x10, 0x3, 0x5)
r6 = syz_open_dev$video(&(0x7f0000000040), 0x8000000000000003, 0x16b142)
ioctl$VIDIOC_S_FMT(r6, 0xc0d05640, &(0x7f0000000340)={0x9, @vbi={0x7, 0x5, 0x24a2, 0x34363248, [0x7fffffff, 0x10001], [0xa, 0x3], 0x1}})
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x40}}, 0x4000800)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000001b40)={0x2020}, 0x2020)
ioctl$BTRFS_IOC_ADD_DEV(r3, 0xff08, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c0000001800ffffffff7bfbfcdbdf250a148000ff01fd07"], 0x1c}}, 0x0)
sendmmsg$alg(r4, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000000))
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYRESHEX], 0x48}}, 0x0)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000480), 0x5a5a40, 0x0)

7.707521216s ago: executing program 2 (id=3643):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000000030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d3000000000000008000000000000001400000011000177cf6c000e45d4a9f50ccd07d4c19519fed66387bd56540dc82d1ca4a75691d28b75e327750c645826a5aa9826ddb675d6fa09128e61bd5bc43a67d9d04fdbc64a4387fc7c373c4b83d7e4e2ae733ed846838380f49a2fa404c04c63d3cee76f18968b1aff9d5974d3c74d334d59a6b68e3b46ce185d160f1421dea022f8d7889a9c623d17bb053afb1fa9c8f273535af5ffcc"], 0xac}}, 0x20000000)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x101202, 0x0)
read$nci(r4, &(0x7f0000000100)=""/107, 0x6b)
write$nci(r4, &(0x7f0000000100)=ANY=[], 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r4, 0xab00, r5)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r6, 0x0, 0x2d, &(0x7f0000000380)={0x0, {{0x2, 0x4e21, @empty}}}, 0x88)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r7=>0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000040)={0x1, 0x10d, 0x0, 0x1}, &(0x7f00000001c0)=0x10)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r7], 0x1c}}, 0x0)
write$nci(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="7105020682020181070601af027f0b08016a"], 0x12)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYRESDEC=r1, @ANYBLOB, @ANYRES8=r3, @ANYRES64=r1, @ANYRESHEX=r7], 0x3c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)

7.663682915s ago: executing program 3 (id=3644):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r1, 0x0, 0x0, 0x40)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x20042042}, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet(r1, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x1000)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000140)={0x106, 0x8001, 0xe, 0x3, 0x7, "63ff08000000000010000100000100000000fc", 0x64, 0x1})

7.224648316s ago: executing program 3 (id=3645):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x2, 0x0, @local}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "c8444943470da91b", "42f3ac0e0b8a32be8fe91c368e60693800000000d6e5394b00", "e7198360", "f7a5c1777af05eaa"}, 0x38)
sendto$inet6(r4, 0x0, 0x0, 0x8040, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x84, 0x81, &(0x7f00000000c0)="1a00000082000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r5, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

7.117054682s ago: executing program 2 (id=3647):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f000040b000/0x1000)=nil, 0x1000)
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r4, 0x891f, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
socket(0x10, 0x80002, 0x0)
io_setup(0x6, &(0x7f0000000180))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000240)="0f01c2ea000000001200660f6908640f6eeadde1b9800000c00f3235000400000f30f08664e70e66baa100ec66baf80cb80ea0b981ef66bafc0c66ed66baf80cb8eeb06885ef66bafc0cec", 0x4b}], 0x1, 0x54, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x900000001, 0x800000000, 0x45b, 0x0, 0x0, 0x7, 0x5, 0x0, 0xfc, 0xfffffffdfffffffc, 0xfdfffffffffffffc, 0x0, 0x9, 0x4000000000000004, 0x767], 0xeeef0000, 0x80082})
socket$netlink(0x10, 0x3, 0x6)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000000)={{&(0x7f000019e000/0x1000)=nil, 0x1000}, 0x1})
socket$nl_generic(0x10, 0x3, 0x10)
process_vm_writev(0x0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)

5.165619721s ago: executing program 3 (id=3648):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f000040b000/0x1000)=nil, 0x1000)
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r4, 0x891f, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
io_setup(0x6, &(0x7f0000000180))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000240)="0f01c2ea000000001200660f6908640f6eeadde1b9800000c00f3235000400000f30f08664e70e66baa100ec66baf80cb80ea0b981ef66bafc0c66ed66baf80cb8eeb06885ef66bafc0cec", 0x4b}], 0x1, 0x54, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x900000001, 0x800000000, 0x45b, 0x0, 0x0, 0x7, 0x5, 0x0, 0xfc, 0xfffffffdfffffffc, 0xfdfffffffffffffc, 0x0, 0x9, 0x4000000000000004, 0x767], 0xeeef0000, 0x80082})
socket$netlink(0x10, 0x3, 0x6)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000000)={{&(0x7f000019e000/0x1000)=nil, 0x1000}, 0x1})
socket$nl_generic(0x10, 0x3, 0x10)
process_vm_writev(0x0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)

5.096843298s ago: executing program 5 (id=3649):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85513, &(0x7f0000000b00)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x1, 0x0, 0x0, 0x0, 0x70e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x7, 0x0, 0x3, 0x800000000000000, 0x0, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xaf17, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]})
r3 = socket$netlink(0x10, 0x3, 0xc)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000001a40)=@newqdisc={0x2c, 0x24, 0xd0f, 0x3, 0x3, {0x60, 0x0, 0x0, r7, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
r10 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004380)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x38, 0x10, 0x801, 0x4000000, 0xfffffffc, {0x0, 0x0, 0x4c, 0x0, 0x200c9, 0x500}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x5}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x4529}]}, 0x38}, 0x1, 0xffffa888}, 0x20000880)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)

4.811811493s ago: executing program 0 (id=3650):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000640), 0x2000)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, 0x0, 0x0, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="110000000d00000004000000120000008400000087f44e519eb84dcd5319a99e5fee390bf9e4a0aa0334b94164b107d118fda56d491930685f90f951fd33446bf7bcf0c92ac48b6e827809d329a7e66b8ffde1dc436ce0ad94ba94937be3e8c39ae23c1330c314243ba38a4beadcc6e522973144c5f861f1d3b56095b717b7caa6104f884be60d577ab41b3abebbb9901c263d7dd9e19d2beea300a3f4a0505c5aecedbffc19c3732dd931486b1ba21755c500edcd75aa7cf7528a26989e8d5e94a72ccfd96119210be17bce226ffd136a935b3f0dc92ccb808b59555a654cfa13cb82388622f00051df1c78d9c7d6c3fa34c5cda5d4e6816ed4c7dc3c83d1b283e0eb3be4f5414e226ec20605e31a1b91df172ed650d42863caf30cc93841baebef53dd19256652045b847e80da43ac3303a9abbc7e3297491b56b4717fd0d41be6c774ae4f60c4ca76844a56ef079821064f0f2abf4e", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setgroups(0x4000000000000190, &(0x7f0000000080))

4.512820472s ago: executing program 0 (id=3651):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\a\x00\x00\x00\t\x00\x00\x00'], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000e2ffffff000095000000cfa04eaffc57c600a3eda615fcdd0f59fef4c4bef283ed455250f80146bfe3d8db0adfae96cdb2809288d4e1411b2eddad42d2dba73cf868809a073b40e504c56400244df206f634462f2d0f693a000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0, 0x0, 0x4}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_clone(0xe8344400, 0x0, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000780)={0x3, &(0x7f00000001c0)=[{0xc, 0x0, 0x5, 0x7}, {0x9c, 0x38, 0x4}, {0x6, 0x0, 0x2, 0xffffffff}]})
unshare(0x2040400)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, 0x0, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000080)={0x220, 0x0, 0x1}, 0x18, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r6, 0x8010500c, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x8000, 0x13)
r7 = syz_open_procfs(0x0, 0x0)
lseek(r7, 0x2000, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', r7, 0x0, 0x3)
readv(r5, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/91, 0x5b}], 0x1)
socket$kcm(0xa, 0x2, 0x73)
r8 = userfaultfd(0x801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))

3.230835789s ago: executing program 0 (id=3652):
syz_open_procfs$namespace(0x0, 0x0)
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000140)={0x20, 0x15}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000240)={0x20, 0x1, 0xa7, "1cc3efc06f1784a7ad87a62b849fd0c20cdf4db89e1258f5f84a02fe9606b3210dd56e18ae1c889d5f292716c8dad95b708b6e4bcdd36ea02bee7b7a8d0a33e6b0c15effd4562cc24e8528c6bee461854d1c7e7b66ab7aef4a07c9eec41cc6a911c8e55c17e590b629de5c790a4137e78f86e290b03e89e051efd263f5a3456bd96b25de68115b2310f8129fcc8882b56e41c376e1f3e17ea173834145ba48a7db26519fd6cdae"}, &(0x7f0000000300)={0x20, 0x3, 0x1, 0x5}})

2.822252033s ago: executing program 2 (id=3653):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001580)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018200000000000006c0000006c0000000200000000000000000000070000000000000000070000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d700000000000000000000000000000000a1d8faf5bd23dd800008"], 0x0, 0x86}, 0x28)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)={0x14, 0x4, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
write$cgroup_subtree(r0, 0x0, 0xffbf)

2.437598676s ago: executing program 3 (id=3654):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000640), r1)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x5800}, 0x4) (async)
r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000240), 0x8)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r3, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x14, 0x3, 0x2, 0x401, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x0) (async, rerun: 32)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) (async, rerun: 32)
r4 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r4, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4) (async)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r5, &(0x7f0000007c40)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1) (async)
recvfrom$rxrpc(r5, &(0x7f0000000480)=""/32, 0x20, 0x40000040, &(0x7f0000000500)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e22, 0x1, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x9}}, 0x24) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0)
bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) (async)
recvmmsg(r4, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000015c0)=""/127, 0x7f}}], 0x1, 0x2, 0x0) (async)
sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) (async)
syz_usb_connect$uac1(0x5, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x61, &(0x7f0000000680)=ANY=[@ANYBLOB="6103252a7f43ac9eb8c38f703201f02e6ee54e146688f04d4724be07c14280fe65985c3f6a5fe913162efad7f50e63cb8dab5c1e56407710e3b14f0800000000000000cbadb440a42828ba2a88195a952b8afb6dd70bb98c0646f6db7b885d5dd004fdc65db28b5cc9d38f9729e65c9d61d0d7aeaaa68252a08e892abc819a23c7ec8eef35fa9a920df8a50049e44b3a2cc01271029829bf630ac8813c8f3507a4546237dcebb82e39d7d0c858c0bf1cb402ec80151d5003578dde93cd138a20978cc466ef7a51696deb9cce7c33b4ebb07fd5391ba43d5dd4a33f86db8acef85129a06197dc178f68375bad2cf7ad469d3d6647157b9d65d6bc33563bc22ad72d3f4af04da2c917d129342e927827dc21aaf733e6e3e85a0985cba233b624672d0bf03930302ed3f9631585ae3b261fdc22511d5e9c114cbd36b0265070b604a67aadb68ae540a99eb1c8f69d52d23d38ea9d70aa482e1df62594ca19c67eef25b51d375f2eec9ffbe57c0d5ce618cfad97692ec0c997d86c4ed7eecdb36b918772a61777c895b1068ed614636837876a7910a5f096a208a52fec43bd3fc15ac2d8ed0ff0dcf13818ff15f785f4581fe909c9b0"]}]})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2882, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async, rerun: 64)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}) (rerun: 64)
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x58)
r11 = accept4(r10, 0x0, 0x0, 0x80000)
write(r11, &(0x7f0000000040)="cb", 0xfffffdef)

2.349053234s ago: executing program 3 (id=3655):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000002000)=ANY=[@ANYBLOB="12010000facf01406e0510401c20000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="07370aee1bd5e9636c52faa25e7b5cd7ee5453000077"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000003c0)={0x20, 0x16, 0x2, "f2ac"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
read(r1, &(0x7f0000006fc0)=""/240, 0xf0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000180)={0x40, 0x30, 0x49, "6234474210c763816deb01a99ad0b525b7d218d0b79d75eb7babf003deb5cb1ea8d3f94648030119a7cd71dd8fb0c59fc209ffb2c6d48334ab6f07ef8d5149763d51c46704714936b8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.806929675s ago: executing program 5 (id=3656):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x26}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r1, 0x0, 0x0, 0x40)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@ipv4_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x20042042}, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet(r1, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0)
sendfile(r0, r5, 0x0, 0x1000)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000140)={0x106, 0x8001, 0xe, 0x3, 0x7, "63ff08000000000010000100000100000000fc", 0x64, 0x1})

1.015758671s ago: executing program 5 (id=3657):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

988.000751ms ago: executing program 5 (id=3658):
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0xfffe, 0x1000, @loopback}, 0x1c)
r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x5, 0x2041)
ioctl$BLKROGET(r0, 0x125e, 0xfffffffffffffffc)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0xc1105511, &(0x7f0000000040)={0x7, 0x3, 0x40, 0x10000, 'syz1\x00', 0x4000041})

967.004661ms ago: executing program 2 (id=3659):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
iopl(0x3)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_trace', 0x40000, 0x18b)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$selinux_user(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB='system_u:object_r:ppdpwd_exec_t:s0 sysadm_u\x00'], 0x2c)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000140)={0xa, 0x6, 0x0, 0x9, 'syz1\x00', 0x4})
socket$packet(0x11, 0x3, 0x300)
socket$vsock_stream(0x28, 0x1, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x5)
setsockopt$inet_tcp_int(r4, 0x6, 0x8, &(0x7f00000004c0)=0xfffffeff, 0x3)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[], 0x1c}}, 0x4000080)

905.111834ms ago: executing program 5 (id=3660):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r1, @ANYRES64=r1, @ANYRES32=r1, @ANYRES16=r1], 0x68}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_pts(0xffffffffffffffff, 0x202340)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x40900)
listen(r3, 0x4)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r3, 0x0, 0x1, 0x0, 0x200000000004, 0x10000})
ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000300))
pipe2$9p(&(0x7f0000000440), 0x4800)
read$msr(r2, &(0x7f0000004340)=""/102376, 0x18fe8)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000000306010400001b0000000000000062be554574580465f0133ca82d6ab4e6e7c940df53b049f85a8fbe833f96deeb376162ba44377059480ec992f4f075c9810d92caebeb8dfb6c07351c3ef441a17684428fc6c73350f1098d7a435f5b88e5effd5efddc0eee8c5dac850ecd459af00a38e14a78a0313d1d5b26b6b3f99f15454ab7dc8069f9bebc8f52b30584e9a693b9cf292dfaa25d787e85dddf7d8d2e8e638216398046201bcbd5daf7c9029e79d9c5493392c13d3ff8e9a8999c130eac"], 0x1c}, 0x1, 0x0, 0x0, 0x40044}, 0xc8)
r5 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
writev(r5, &(0x7f0000000100)=[{&(0x7f0000000040)='2', 0x1}], 0x1)
ioctl$VIDIOC_S_OUTPUT(r5, 0xc004562f, &(0x7f0000000180)=0x3e)
r6 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
fcntl$getflags(r6, 0xb)
socket$inet_tcp(0x2, 0x1, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c)
ioctl$vim2m_VIDIOC_G_FMT(r6, 0xc0285629, 0x0)

600.36941ms ago: executing program 5 (id=3661):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85513, &(0x7f0000000b00)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x1, 0x0, 0x0, 0x0, 0x70e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x7, 0x0, 0x3, 0x800000000000000, 0x0, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xaf17, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]})
r3 = socket(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d40)=@newqdisc={0x154, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x17b, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}]}}]}, 0x154}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000001a40)=@newqdisc={0x2c, 0x24, 0xd0f, 0x3, 0x3, {0x60, 0x0, 0x0, r7, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
r9 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004380)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x38, 0x10, 0x801, 0x4000000, 0xfffffffc, {0x0, 0x0, 0x4c, 0x0, 0x200c9, 0x500}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x5}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x4529}]}, 0x38}, 0x1, 0xffffa888}, 0x20000880)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)

157.546058ms ago: executing program 0 (id=3662):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x497, 0x0, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, 0x0)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000540)={'pcm3724\x00', [0x800, 0x80008000, 0x0, 0xc, 0x80000000, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x1, 0x5, 0x6, 0x746, 0x100, 0x6, 0xffffffa7, 0x2000001, 0x0, 0x65c, 0x3ff, 0x10004, 0x800, 0xe2e0, 0x9, 0x6, 0x4, 0x3, 0x7, 0x5, 0x5]})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(0x3)
r6 = syz_open_dev$sndctrl(0x0, 0x5d, 0x88200)
close_range(r6, 0xffffffffffffffff, 0x8115c72fb4e51f3d)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
getsockopt$bt_BT_CHANNEL_POLICY(r7, 0x112, 0xa, 0x0, &(0x7f0000000100))

0s ago: executing program 0 (id=3663):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
lchown(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r4, &(0x7f0000000400)="2ae0e710", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
setsockopt$inet6_int(r4, 0x29, 0x5, &(0x7f0000000140)=0x6, 0x4)
recvmmsg(r4, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000500)=@arm64={0x8, 0x1, 0x58, '\x00', 0x667})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1c)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)

kernel console output (not intermixed with test programs):

ess `syz.5.3084'.
[  997.081607][    T9] usb 6-1: USB disconnect, device number 48
[  997.653430][T17986] syzkaller0: entered promiscuous mode
[  997.659044][T17986] syzkaller0: entered allmulticast mode
[  998.197408][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  998.207553][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  998.216600][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  998.225116][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  998.233831][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  998.632146][T13882] bond0: (slave syz_tun): Releasing backup interface
[  998.767463][T18008] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  998.800397][T18008] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3097'.
[  999.019666][T17991] chnl_net:caif_netlink_parms(): no params data found
[  999.228439][T17991] bridge0: port 1(bridge_slave_0) entered blocking state
[  999.253880][T17991] bridge0: port 1(bridge_slave_0) entered disabled state
[  999.275245][T17991] bridge_slave_0: entered allmulticast mode
[  999.381391][T17991] bridge_slave_0: entered promiscuous mode
[  999.468682][T18022] netlink: 'syz.2.3099': attribute type 3 has an invalid length.
[  999.478021][T18022] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3099'.
[  999.487969][T17991] bridge0: port 2(bridge_slave_1) entered blocking state
[  999.498918][T17991] bridge0: port 2(bridge_slave_1) entered disabled state
[  999.508018][T17991] bridge_slave_1: entered allmulticast mode
[  999.521237][T17991] bridge_slave_1: entered promiscuous mode
[  999.700416][    T9] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  999.858954][    T9] usb 3-1: Using ep0 maxpacket: 32
[  999.867285][    T9] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  999.875885][    T9] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  999.885499][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  999.896537][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  999.906475][    T9] usb 3-1: config 1 has no interface number 0
[  999.912641][    T9] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  999.922598][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  999.945778][    T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1000.157988][    T9] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[ 1000.167483][    T9] snd_usb_pod 3-1:1.1: invalid control EP
[ 1000.175019][    T9] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1000.181808][    T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1000.189909][    T9] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1000.280403][ T5858] Bluetooth: hci2: command tx timeout
[ 1000.911975][   T10] usb 3-1: USB disconnect, device number 86
[ 1000.933758][T17991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1000.952764][T17991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1001.008363][T17991] team0: Port device team_slave_0 added
[ 1001.022089][T17991] team0: Port device team_slave_1 added
[ 1001.038726][T18025] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3100'.
[ 1001.068080][T17991] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1001.076245][T17991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1001.103010][T17991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1001.125028][T17991] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1001.145218][T17991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1001.178255][T17991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1001.339701][T17991] hsr_slave_0: entered promiscuous mode
[ 1001.377574][T17991] hsr_slave_1: entered promiscuous mode
[ 1001.408499][T17991] debugfs: 'hsr0' already exists in 'hsr'
[ 1001.527889][T17991] Cannot create hsr debugfs directory
[ 1001.697787][T18035] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1001.708563][T18035] syzkaller0: entered promiscuous mode
[ 1001.714332][T18035] syzkaller0: entered allmulticast mode
[ 1001.978196][T17991] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1002.125439][T17991] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1002.260670][T17991] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1002.338417][T18031] tipc: Resetting bearer <eth:syzkaller0>
[ 1002.349124][ T5858] Bluetooth: hci2: command tx timeout
[ 1002.405166][T18031] tipc: Disabling bearer <eth:syzkaller0>
[ 1002.487238][T17991] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1002.861418][T17991] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1002.924533][T17991] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1002.934773][T17991] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1002.972050][T17991] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1003.101698][T17991] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1003.121037][T17991] 8021q: adding VLAN 0 to HW filter on device team0
[ 1003.213883][T17991] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1003.370549][T17991] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1003.521560][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1003.528642][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1003.560670][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1003.567796][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1004.076194][T18067] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1004.446572][T18067] overlayfs: failed lookup in lower (/, name='cpuacct.usage_sys', err=-66): unsupported object type
[ 1004.469252][ T5858] Bluetooth: hci2: command tx timeout
[ 1004.474918][   T30] audit: type=1400 audit(1756196130.733:1877): avc:  denied  { write } for  pid=18061 comm="syz.5.3108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1004.629387][   T30] audit: type=1400 audit(1756196131.353:1878): avc:  denied  { setopt } for  pid=18065 comm="syz.2.3109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1004.690569][T18072] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3109'.
[ 1006.450166][T17991] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1006.511370][ T5858] Bluetooth: hci2: command tx timeout
[ 1006.530796][T18092] netlink: 292 bytes leftover after parsing attributes in process `syz.5.3114'.
[ 1006.561893][T17991] veth0_vlan: entered promiscuous mode
[ 1006.572407][   T30] audit: type=1400 audit(1756196133.293:1879): avc:  denied  { ioctl } for  pid=18093 comm="syz.3.3113" path="socket:[72624]" dev="sockfs" ino=72624 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1006.644439][T17991] veth1_vlan: entered promiscuous mode
[ 1007.030692][T17991] veth0_macvtap: entered promiscuous mode
[ 1007.087707][T17991] veth1_macvtap: entered promiscuous mode
[ 1007.413484][T17991] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1007.508985][   T10] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1007.510337][T17991] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1007.540581][ T6707] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1007.551107][ T6707] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1007.560749][ T6707] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1007.579949][  T188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1007.680998][   T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1007.693914][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1007.727177][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1007.748445][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1007.766751][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1007.781033][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1007.811653][   T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1007.827684][  T188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1007.851945][   T10] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1007.864702][  T188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1007.876950][   T10] usb 3-1: Manufacturer: syz
[ 1008.028976][   T10] usb 3-1: config 0 descriptor??
[ 1008.761602][   T10] appleir 0003:05AC:8243.001F: unknown main item tag 0x0
[ 1008.774890][   T10] appleir 0003:05AC:8243.001F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[ 1009.160061][   T24] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[ 1009.500963][   T24] usb 4-1: New USB device found, idVendor=0545, idProduct=800d, bcdDevice= 3.0a
[ 1009.510259][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1009.521732][   T24] usb 4-1: config 0 descriptor??
[ 1009.528449][   T24] gspca_main: xirlink-cit-2.14.0 probing 0545:800d
[ 1009.538441][   T24] input: xirlink-cit as /devices/platform/dummy_hcd.3/usb4/4-1/input/input58
[ 1009.589036][   T10] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1009.624003][  T979] usb 3-1: USB disconnect, device number 87
[ 1009.707286][T11317] usb 4-1: USB disconnect, device number 81
[ 1009.743087][   T10] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[ 1009.753806][   T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1009.767044][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1009.781206][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1009.794987][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1009.815583][   T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1009.825957][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1009.836900][   T10] usb 6-1: config 0 descriptor??
[ 1009.871432][T18126] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1010.110206][T18144] netlink: 'syz.3.3124': attribute type 3 has an invalid length.
[ 1010.119454][T18144] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3124'.
[ 1010.568520][   T10] plantronics 0003:047F:FFFF.0020: reserved main item tag 0xd
[ 1010.587641][   T10] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1010.631578][    T9] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1010.721902][T18151] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1010.731209][T18151] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1010.740349][T18151] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1010.752290][T18151] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1010.800653][    T9] usb 4-1: Using ep0 maxpacket: 32
[ 1010.823948][    T9] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1010.851406][    T9] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1010.863185][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1010.875365][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1010.886302][    T9] usb 4-1: config 1 has no interface number 0
[ 1010.892579][    T9] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1010.902102][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1010.919220][  T976] usb 6-1: USB disconnect, device number 49
[ 1010.926908][    T9] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[ 1011.026207][T18159] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3127'.
[ 1011.125094][    T9] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[ 1011.142149][    T9] snd_usb_pod 4-1:1.1: invalid control EP
[ 1011.158192][    T9] snd_usb_pod 4-1:1.1: cannot start listening: -22
[ 1011.169580][    T9] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[ 1011.179314][    T9] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1011.408910][  T976] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[ 1011.442814][    T9] usb 4-1: USB disconnect, device number 82
[ 1011.580782][  T976] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[ 1011.597648][  T976] usb 2-1: config 0 has no interface number 0
[ 1011.626329][  T976] usb 2-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= f.d6
[ 1011.851563][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1011.861129][  T976] usb 2-1: Product: syz
[ 1011.865331][  T976] usb 2-1: Manufacturer: syz
[ 1011.875395][  T976] usb 2-1: SerialNumber: syz
[ 1011.897708][  T976] usb 2-1: config 0 descriptor??
[ 1011.972866][  T976] ftdi_sio 2-1:0.117: FTDI USB Serial Device converter detected
[ 1011.990213][  T976] ftdi_sio ttyUSB0: unknown device type: 0xfd6
[ 1012.262304][T18175] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3132'.
[ 1014.629539][    T9] usb 2-1: USB disconnect, device number 84
[ 1014.639507][    T9] ftdi_sio 2-1:0.117: device disconnected
[ 1015.128942][ T5918] usb 2-1: new full-speed USB device number 85 using dummy_hcd
[ 1015.304897][ T5918] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[ 1015.395963][ T5858] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1015.405839][ T5858] Bluetooth: hci1: Injecting HCI hardware error event
[ 1015.414519][T17742] Bluetooth: hci1: hardware error 0x00
[ 1015.423144][ T5918] usb 2-1: config 0 has no interface number 0
[ 1015.525177][ T5918] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1015.537997][ T5918] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1015.558900][ T5896] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1015.567328][ T5918] usb 2-1: Product: syz
[ 1015.578045][ T5918] usb 2-1: Manufacturer: syz
[ 1015.586863][ T5918] usb 2-1: SerialNumber: syz
[ 1015.593332][ T5918] usb 2-1: config 0 descriptor??
[ 1015.844194][ T5896] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1015.995141][ T5896] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1016.314487][ T5918] usb 2-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73)
[ 1016.363464][ T5896] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1016.381987][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1016.398246][ T5896] usb 6-1: SerialNumber: syz
[ 1016.565049][ T5918] usb 2-1: no permanent extended address found, random address set
[ 1016.588992][ T5918] usb 2-1: atusb_probe: initialization failed, error = -524
[ 1016.596497][ T5918] atusb 2-1:0.128: probe with driver atusb failed with error -524
[ 1016.776542][T18226] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3146'.
[ 1016.791792][ T5918] usb 2-1: USB disconnect, device number 85
[ 1016.843412][ T5896] usb 6-1: USB disconnect, device number 50
[ 1017.116718][T18227] mkiss: ax0: crc mode is auto.
[ 1017.628968][T17742] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1019.034739][T18254] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3154'.
[ 1019.403108][T18256] mkiss: ax0: crc mode is auto.
[ 1019.427484][T18259] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3156'.
[ 1019.441833][T18260] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3155'.
[ 1019.595092][T18261] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3155'.
[ 1021.385204][T18287] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1021.412795][T18287] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3162'.
[ 1022.968927][  T976] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1023.159066][  T976] usb 2-1: Using ep0 maxpacket: 8
[ 1023.178034][  T976] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1023.203786][  T976] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1023.248867][  T976] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1023.297345][  T976] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1023.317742][  T976] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1023.338890][  T976] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1023.358074][  T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1023.366148][ T5896] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[ 1023.378655][T18315] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1023.430867][T18315] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3167'.
[ 1023.913984][  T976] usb 2-1: GET_CAPABILITIES returned 0
[ 1023.923493][  T976] usbtmc 2-1:16.0: can't read capabilities
[ 1023.934582][ T5896] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1023.951303][ T5896] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1023.990420][ T5896] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1024.030781][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1024.059328][ T5896] usb 4-1: SerialNumber: syz
[ 1024.303450][ T5896] usb 4-1: USB disconnect, device number 83
[ 1025.556050][T18338] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3175'.
[ 1025.721842][   T24] usb 2-1: USB disconnect, device number 86
[ 1025.792279][ T5896] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1025.949126][ T5896] usb 6-1: Using ep0 maxpacket: 16
[ 1026.117501][ T5896] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1026.126245][ T5896] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1026.136884][ T5896] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1026.147471][ T5896] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1026.212262][ T5896] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1026.242348][ T5896] usb 6-1: Product: syz
[ 1026.252727][ T5896] usb 6-1: Manufacturer: syz
[ 1026.264120][ T5896] usb 6-1: SerialNumber: syz
[ 1026.521198][T18354] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3179'.
[ 1026.565941][ T5896] usb 6-1: 0:2 : does not exist
[ 1026.671951][ T5896] usb 6-1: USB disconnect, device number 51
[ 1028.281157][T18378] syzkaller0: entered promiscuous mode
[ 1028.286742][T18378] syzkaller0: entered allmulticast mode
[ 1028.798914][   T10] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 1029.058894][  T979] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 1029.969019][   T10] usb 6-1: Using ep0 maxpacket: 8
[ 1029.976547][   T10] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1029.984883][   T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1029.995601][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1030.005444][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1030.015584][   T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1030.028854][   T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1030.037989][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.061357][  T979] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1030.109470][  T979] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1030.130889][  T979] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1030.150147][  T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1030.170042][  T979] usb 3-1: SerialNumber: syz
[ 1030.308976][   T10] usb 6-1: GET_CAPABILITIES returned 0
[ 1030.321628][   T10] usbtmc 6-1:16.0: can't read capabilities
[ 1030.442373][T18392] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3190'.
[ 1031.299828][T18397] mkiss: ax0: crc mode is auto.
[ 1031.443602][T18404] netlink: 'syz.3.3193': attribute type 3 has an invalid length.
[ 1031.458432][T18404] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3193'.
[ 1031.663045][T18407] netlink: 292 bytes leftover after parsing attributes in process `syz.0.3194'.
[ 1031.728870][ T5896] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1031.846977][T18408] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1031.861008][T18408] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1031.881453][ T5896] usb 4-1: Using ep0 maxpacket: 32
[ 1031.888592][ T5896] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1031.899993][ T5896] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1031.908942][ T5896] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1031.925313][ T5896] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1031.934416][ T5896] usb 4-1: config 1 has no interface number 0
[ 1031.942583][ T5896] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1031.951942][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1031.993120][ T5896] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[ 1032.195676][ T5896] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[ 1032.206249][ T5896] snd_usb_pod 4-1:1.1: invalid control EP
[ 1032.206930][   T10] usb 6-1: USB disconnect, device number 52
[ 1032.213926][ T5896] snd_usb_pod 4-1:1.1: cannot start listening: -22
[ 1032.228261][ T5896] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[ 1032.236094][ T5896] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1032.610444][  T979] usb 3-1: USB disconnect, device number 88
[ 1032.635916][T18417] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3198'.
[ 1032.640987][T18418] netlink: 'syz.5.3197': attribute type 3 has an invalid length.
[ 1032.656708][T18418] netlink: 3 bytes leftover after parsing attributes in process `syz.5.3197'.
[ 1032.708993][ T5896] usb 4-1: USB disconnect, device number 84
[ 1032.988914][   T10] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1033.014055][T18424] netlink: 292 bytes leftover after parsing attributes in process `syz.2.3199'.
[ 1033.148986][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1033.165766][   T10] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1033.194619][   T10] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1033.232561][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1033.243409][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1033.256072][   T10] usb 6-1: config 1 has no interface number 0
[ 1033.269765][   T10] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1033.279083][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1033.329743][   T10] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[ 1033.443204][T18432] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3202'.
[ 1033.515260][   T10] snd_usb_pod 6-1:1.1: endpoint not available, using fallback values
[ 1033.524861][   T10] snd_usb_pod 6-1:1.1: invalid control EP
[ 1033.549994][   T10] snd_usb_pod 6-1:1.1: cannot start listening: -22
[ 1033.551414][T18437] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3203'.
[ 1033.601708][   T10] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[ 1033.742887][T18439] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3203'.
[ 1033.915717][   T10] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1034.224069][T18438] mkiss: ax0: crc mode is auto.
[ 1034.314919][T18444] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3204'.
[ 1034.325035][ T5896] usb 6-1: USB disconnect, device number 53
[ 1034.874059][T18452] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1034.908726][T18452] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3205'.
[ 1035.085198][T18453] tipc: Started in network mode
[ 1035.090138][T18453] tipc: Node identity dee41049556f, cluster identity 4711
[ 1035.097295][T18453] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1035.105006][T18453] syzkaller0: entered promiscuous mode
[ 1035.110468][T18453] syzkaller0: entered allmulticast mode
[ 1035.830598][T18450] tipc: Resetting bearer <eth:syzkaller0>
[ 1035.848190][T18450] tipc: Disabling bearer <eth:syzkaller0>
[ 1035.959190][  T979] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1036.185774][  T979] usb 2-1: Using ep0 maxpacket: 16
[ 1036.214177][  T976] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[ 1036.230846][  T979] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1036.244251][  T979] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1036.268734][  T979] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1036.342294][  T979] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1036.362496][  T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1036.380818][  T976] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1036.392864][  T979] usb 2-1: Product: syz
[ 1036.393230][  T976] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1036.406047][  T979] usb 2-1: Manufacturer: syz
[ 1036.411503][  T979] usb 2-1: SerialNumber: syz
[ 1036.418978][  T976] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1036.434705][  T976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1036.447157][  T976] usb 6-1: SerialNumber: syz
[ 1036.644756][  T979] usb 2-1: 0:2 : does not exist
[ 1036.693344][  T979] usb 2-1: USB disconnect, device number 87
[ 1036.705580][  T976] usb 6-1: USB disconnect, device number 54
[ 1037.029798][T18476] syzkaller0: entered promiscuous mode
[ 1037.035408][T18476] syzkaller0: entered allmulticast mode
[ 1037.403398][T18480] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3214'.
[ 1039.154911][T18503] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3220'.
[ 1039.348501][T18504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3220'.
[ 1039.749569][T18514] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3224'.
[ 1039.787568][T18513] netlink: 292 bytes leftover after parsing attributes in process `syz.2.3223'.
[ 1040.038867][ T5918] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[ 1040.168950][ T5918] usb 6-1: device descriptor read/64, error -71
[ 1040.320174][T18529] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3228'.
[ 1040.449975][ T5918] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[ 1040.557030][T18530] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3228'.
[ 1040.598962][ T5918] usb 6-1: device descriptor read/64, error -71
[ 1040.709217][ T5918] usb usb6-port1: attempt power cycle
[ 1041.038061][T18533] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3229'.
[ 1041.069002][ T5918] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[ 1041.133130][ T5918] usb 6-1: device descriptor read/8, error -71
[ 1041.136597][T18534] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3229'.
[ 1041.610292][ T5918] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[ 1041.732977][ T5918] usb 6-1: device descriptor read/8, error -71
[ 1041.835361][T18545] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3232'.
[ 1041.879190][ T5918] usb usb6-port1: unable to enumerate USB device
[ 1042.081016][T18552] syzkaller0: entered promiscuous mode
[ 1042.086593][T18552] syzkaller0: entered allmulticast mode
[ 1043.250510][T18568] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1043.279021][T18568] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3238'.
[ 1045.060763][T18596] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1045.080986][T18596] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3244'.
[ 1045.286963][ T5918] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[ 1045.458858][ T5918] usb 2-1: device descriptor read/64, error -71
[ 1045.566360][T18601] syzkaller0: entered promiscuous mode
[ 1045.571955][T18601] syzkaller0: entered allmulticast mode
[ 1045.749259][ T5918] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1046.019150][   T10] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[ 1046.038918][ T5918] usb 2-1: device descriptor read/64, error -71
[ 1046.149076][ T5918] usb usb2-port1: attempt power cycle
[ 1046.175032][T18605] FAULT_INJECTION: forcing a failure.
[ 1046.175032][T18605] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1046.188418][T18605] CPU: 1 UID: 0 PID: 18605 Comm: syz.3.3251 Not tainted syzkaller #0 PREEMPT(full) 
[ 1046.188443][T18605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1046.188454][T18605] Call Trace:
[ 1046.188460][T18605]  <TASK>
[ 1046.188467][T18605]  dump_stack_lvl+0x16c/0x1f0
[ 1046.188492][T18605]  should_fail_ex+0x512/0x640
[ 1046.188518][T18605]  _copy_to_user+0x32/0xd0
[ 1046.188543][T18605]  simple_read_from_buffer+0xcb/0x170
[ 1046.188564][T18605]  proc_fail_nth_read+0x197/0x240
[ 1046.188591][T18605]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1046.188614][T18605]  ? rw_verify_area+0xcf/0x6c0
[ 1046.188640][T18605]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1046.188661][T18605]  vfs_read+0x1e4/0xcf0
[ 1046.188683][T18605]  ? __pfx___mutex_lock+0x10/0x10
[ 1046.188703][T18605]  ? __pfx_vfs_read+0x10/0x10
[ 1046.188728][T18605]  ? __fget_files+0x20e/0x3c0
[ 1046.188755][T18605]  ksys_read+0x12a/0x250
[ 1046.188773][T18605]  ? __pfx_ksys_read+0x10/0x10
[ 1046.188794][T18605]  ? fput+0x9b/0xd0
[ 1046.188821][T18605]  do_syscall_64+0xcd/0x4c0
[ 1046.188843][T18605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1046.188862][T18605] RIP: 0033:0x7efd9058d5fc
[ 1046.188877][T18605] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1046.188894][T18605] RSP: 002b:00007efd9144a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1046.188912][T18605] RAX: ffffffffffffffda RBX: 00007efd907b5fa0 RCX: 00007efd9058d5fc
[ 1046.188924][T18605] RDX: 000000000000000f RSI: 00007efd9144a0a0 RDI: 0000000000000003
[ 1046.188934][T18605] RBP: 00007efd9144a090 R08: 0000000000000000 R09: 0000000000000000
[ 1046.188944][T18605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1046.188955][T18605] R13: 00007efd907b6038 R14: 00007efd907b5fa0 R15: 00007ffcf9ee1d28
[ 1046.188979][T18605]  </TASK>
[ 1046.191946][   T10] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[ 1046.261948][T18607] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3252'.
[ 1046.264712][   T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1046.368872][   T24] usb 3-1: new full-speed USB device number 89 using dummy_hcd
[ 1046.372153][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1046.517053][T18608] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3252'.
[ 1046.546087][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1046.566788][ T5918] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[ 1046.594333][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1046.608657][ T5918] usb 2-1: device descriptor read/8, error -71
[ 1046.616400][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1046.616674][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1046.627430][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1046.654150][   T24] usb 3-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 1046.654275][   T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1046.663242][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1046.797337][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1046.798471][   T24] usb 3-1: config 0 descriptor??
[ 1046.808147][   T10] usb 6-1: config 0 descriptor??
[ 1046.817185][T18588] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1046.825059][T18603] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1046.918910][ T5918] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[ 1046.939532][ T5918] usb 2-1: device descriptor read/8, error -71
[ 1046.980800][T18613] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1046.994526][T18613] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3253'.
[ 1047.085675][ T5918] usb usb2-port1: unable to enumerate USB device
[ 1047.229729][   T24] usbhid 3-1:0.0: can't add hid device: -71
[ 1047.235774][   T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1047.249171][   T24] usb 3-1: USB disconnect, device number 89
[ 1047.445448][   T10] plantronics 0003:047F:FFFF.0021: reserved main item tag 0xd
[ 1047.457007][   T10] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1047.735234][   T24] usb 6-1: USB disconnect, device number 59
[ 1048.184859][T18621] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3254'.
[ 1049.648835][T18647] syzkaller0: entered promiscuous mode
[ 1049.655242][T18647] syzkaller0: entered allmulticast mode
[ 1050.298654][T18649] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3263'.
[ 1052.593644][   T10] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1052.933701][   T10] usb 3-1: Using ep0 maxpacket: 8
[ 1052.944973][   T10] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 1052.953866][   T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1052.973537][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1053.027255][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1053.071286][T18684] netlink: 292 bytes leftover after parsing attributes in process `syz.5.3273'.
[ 1053.110488][T18686] netlink: 'syz.3.3274': attribute type 3 has an invalid length.
[ 1053.121933][T18686] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3274'.
[ 1053.301334][   T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1053.482038][   T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1053.491301][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1053.533965][T18688] mkiss: ax0: crc mode is auto.
[ 1053.538980][  T979] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1053.618268][T18690] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3275'.
[ 1053.749221][   T10] usb 3-1: GET_CAPABILITIES returned 0
[ 1053.760240][   T10] usbtmc 3-1:16.0: can't read capabilities
[ 1053.763344][T18691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3275'.
[ 1053.852720][  T979] usb 4-1: Using ep0 maxpacket: 32
[ 1053.975117][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.032212][  T979] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1054.052119][  T979] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1054.092511][  T979] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1054.122961][  T979] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1054.147454][  T979] usb 4-1: config 1 has no interface number 0
[ 1054.157591][  T979] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1054.170141][  T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1054.183431][  T979] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[ 1054.198456][T18693] netlink: 292 bytes leftover after parsing attributes in process `syz.0.3276'.
[ 1054.422587][T18699] mkiss: ax0: crc mode is auto.
[ 1054.536840][  T979] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[ 1054.601569][  T979] snd_usb_pod 4-1:1.1: invalid control EP
[ 1054.608925][  T979] snd_usb_pod 4-1:1.1: cannot start listening: -22
[ 1054.616119][  T979] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[ 1054.669375][  T979] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1054.709242][  T979] usb 4-1: USB disconnect, device number 85
[ 1054.982482][T18706] Invalid logical block size (1280)
[ 1055.681429][T11317] usb 3-1: USB disconnect, device number 90
[ 1057.518945][   T30] audit: type=1400 audit(1756196184.213:1880): avc:  denied  { read } for  pid=18723 comm="syz.1.3285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1058.188926][T11317] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[ 1058.306597][   T30] audit: type=1400 audit(1756196185.023:1881): avc:  denied  { connect } for  pid=18740 comm="syz.2.3289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1058.369232][T11317] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[ 1058.424304][T11317] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1058.568891][T11317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1058.581248][T11317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1058.592645][T11317] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1058.605946][T11317] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1058.615207][T11317] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1058.631461][T11317] usb 6-1: config 0 descriptor??
[ 1058.639002][T18730] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1060.004070][T11317] plantronics 0003:047F:FFFF.0022: reserved main item tag 0xd
[ 1060.016264][T11317] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1060.227632][  T979] usb 6-1: USB disconnect, device number 60
[ 1060.733421][T18766] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3298'.
[ 1060.953320][T18767] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3298'.
[ 1061.447987][T18782] netlink: 'syz.3.3302': attribute type 3 has an invalid length.
[ 1061.459624][T18782] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3302'.
[ 1061.497885][T18783] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1061.556084][T18783] netlink: 244 bytes leftover after parsing attributes in process `syz.5.3301'.
[ 1061.578928][  T976] usb 3-1: new full-speed USB device number 91 using dummy_hcd
[ 1062.218331][  T979] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1062.231583][  T976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1062.248890][  T976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1062.428627][  T976] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1062.449156][  T979] usb 4-1: Using ep0 maxpacket: 32
[ 1062.568910][  T979] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1062.577400][  T979] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1062.578522][  T976] usb 3-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 1062.586072][  T979] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1062.609107][  T979] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1062.638353][  T979] usb 4-1: config 1 has no interface number 0
[ 1062.655429][  T979] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1062.669077][  T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1062.678531][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1062.697676][  T976] usb 3-1: config 0 descriptor??
[ 1062.701401][  T979] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[ 1062.703270][T18774] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1062.903768][  T979] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[ 1062.913017][  T979] snd_usb_pod 4-1:1.1: invalid control EP
[ 1062.922265][T18796] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1062.930841][  T979] snd_usb_pod 4-1:1.1: cannot start listening: -22
[ 1062.931006][  T979] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[ 1062.959301][  T979] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1063.142182][  T976] usbhid 3-1:0.0: can't add hid device: -71
[ 1063.148249][  T976] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1063.175684][T18800] netlink: 244 bytes leftover after parsing attributes in process `syz.5.3305'.
[ 1063.299865][  T976] usb 3-1: USB disconnect, device number 91
[ 1063.332534][  T979] usb 4-1: USB disconnect, device number 86
[ 1064.544932][T18815] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1065.202277][T18815] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3310'.
[ 1065.942239][T18833] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3315'.
[ 1065.953109][T18832] netlink: 508 bytes leftover after parsing attributes in process `syz.5.3315'.
[ 1065.962141][T18832] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3315'.
[ 1066.408948][  T979] usb 2-1: new full-speed USB device number 92 using dummy_hcd
[ 1066.570395][  T979] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1066.583383][  T979] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1066.732200][  T979] usb 2-1: config 0 descriptor??
[ 1067.131083][T17508] usb 3-1: new full-speed USB device number 92 using dummy_hcd
[ 1067.393597][T18855] netlink: 292 bytes leftover after parsing attributes in process `syz.0.3323'.
[ 1067.473640][T17508] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[ 1067.483985][T17508] usb 3-1: config 0 has no interface number 0
[ 1067.493507][T17508] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1067.843769][T17508] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1067.858829][T17508] usb 3-1: Product: syz
[ 1067.867462][T17508] usb 3-1: Manufacturer: syz
[ 1067.920150][T18837] vlan2: entered allmulticast mode
[ 1067.930628][T18837] bond0: entered allmulticast mode
[ 1067.965830][T18837] bond_slave_0: entered allmulticast mode
[ 1067.973665][T18837] bond_slave_1: entered allmulticast mode
[ 1068.005408][T17508] usb 3-1: SerialNumber: syz
[ 1068.015889][T17508] usb 3-1: config 0 descriptor??
[ 1068.104908][  T979] pegasus 2-1:0.0: probe with driver pegasus failed with error -71
[ 1068.114592][  T979] usb 2-1: USB disconnect, device number 92
[ 1068.460144][T18859] mkiss: ax0: crc mode is auto.
[ 1068.566396][T18861] netlink: 292 bytes leftover after parsing attributes in process `syz.5.3324'.
[ 1070.295811][  T976] usb 3-1: USB disconnect, device number 92
[ 1070.313386][T18876] netlink: 'syz.3.3328': attribute type 3 has an invalid length.
[ 1070.328909][T18876] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3328'.
[ 1070.647393][T18882] XFS (nullb0): Invalid superblock magic number
[ 1070.678864][T17508] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1070.852723][T17508] usb 4-1: Using ep0 maxpacket: 32
[ 1072.476363][T17508] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1072.505274][T17508] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1072.548916][T17508] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1072.580111][T17508] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1072.591444][T17508] usb 4-1: config 1 has no interface number 0
[ 1072.601747][T17508] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1072.611649][T17508] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1072.643027][T17508] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[ 1072.758957][T11317] usb 3-1: new full-speed USB device number 93 using dummy_hcd
[ 1073.196801][T17508] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[ 1073.207055][T17508] snd_usb_pod 4-1:1.1: invalid control EP
[ 1073.212917][T17508] snd_usb_pod 4-1:1.1: cannot start listening: -22
[ 1073.219716][T17508] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[ 1073.227499][T17508] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1073.254430][  T976] usb 4-1: USB disconnect, device number 87
[ 1073.280229][T11317] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[ 1073.288502][T11317] usb 3-1: config 0 has no interface number 0
[ 1073.296667][T11317] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1073.306077][T11317] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1073.314748][T11317] usb 3-1: Product: syz
[ 1073.319061][T11317] usb 3-1: Manufacturer: syz
[ 1073.323686][T11317] usb 3-1: SerialNumber: syz
[ 1073.330161][T11317] usb 3-1: config 0 descriptor??
[ 1073.853824][T18911] syzkaller0: entered promiscuous mode
[ 1073.859480][T18911] syzkaller0: entered allmulticast mode
[ 1074.667076][T11317] usb 3-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73)
[ 1074.703559][T11317] usb 3-1: no permanent extended address found, random address set
[ 1074.711622][T11317] usb 3-1: atusb_probe: initialization failed, error = -524
[ 1074.719441][T11317] atusb 3-1:0.128: probe with driver atusb failed with error -524
[ 1074.826010][T18917] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1074.835635][T18917] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1074.846596][T18917] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1074.854578][T18917] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1074.906918][   T24] usb 3-1: USB disconnect, device number 93
[ 1075.644554][T18929] netlink: 292 bytes leftover after parsing attributes in process `syz.0.3342'.
[ 1076.064751][T18933] mkiss: ax0: crc mode is auto.
[ 1076.229564][T18941] netlink: 292 bytes leftover after parsing attributes in process `syz.2.3345'.
[ 1076.445639][   T24] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[ 1076.704208][T18943] mkiss: ax0: crc mode is auto.
[ 1078.469280][   T10] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[ 1078.496625][T18959] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3350'.
[ 1078.619687][T11317] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[ 1078.685528][   T10] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[ 1078.694280][   T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1078.714165][T18960] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3350'.
[ 1078.923411][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1078.934665][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1078.946994][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1078.969208][   T10] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1078.978414][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1078.998907][T11317] usb 4-1: Using ep0 maxpacket: 32
[ 1079.005025][   T10] usb 3-1: config 0 descriptor??
[ 1079.010951][T18954] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1079.031171][T11317] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1079.045598][T11317] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1079.059407][T11317] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1079.068090][T11317] usb 4-1: Product: syz
[ 1079.072416][T11317] usb 4-1: Manufacturer: syz
[ 1079.077066][T11317] usb 4-1: SerialNumber: syz
[ 1079.084338][T11317] usb 4-1: config 0 descriptor??
[ 1079.452990][   T10] plantronics 0003:047F:FFFF.0023: reserved main item tag 0xd
[ 1079.475946][   T10] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1079.507617][T11317] gs_usb 4-1:0.0: Configuring for 1 interfaces
[ 1079.583251][T18978] overlay: Unknown parameter '/'
[ 1079.714565][T18978] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[ 1079.851785][  T976] usb 3-1: USB disconnect, device number 94
[ 1079.911365][T11317] gs_usb 4-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[ 1079.941077][T11317] usb 4-1: USB disconnect, device number 88
[ 1080.763920][T18987] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3358'.
[ 1081.147790][T18990] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3358'.
[ 1081.178961][   T24] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 1081.342317][   T24] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[ 1081.359020][   T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1081.370956][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1081.407257][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1081.419104][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1081.435406][   T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1081.444988][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1081.692436][   T24] usb 3-1: config 0 descriptor??
[ 1081.698258][T18985] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1082.162267][   T24] plantronics 0003:047F:FFFF.0024: reserved main item tag 0xd
[ 1082.186142][   T24] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1082.464990][   T10] usb 3-1: USB disconnect, device number 95
[ 1082.598956][   T24] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[ 1082.813255][   T24] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1082.838152][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1082.851931][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1082.871523][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1082.889886][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1082.899144][   T24] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1082.925066][   T24] usb 4-1: Manufacturer: syz
[ 1082.944344][   T24] usb 4-1: config 0 descriptor??
[ 1082.985358][T19014] netlink: 'syz.1.3364': attribute type 3 has an invalid length.
[ 1082.994015][T19014] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3364'.
[ 1083.258884][   T10] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[ 1083.394902][   T24] appleir 0003:05AC:8243.0025: unknown main item tag 0x0
[ 1083.404380][   T24] appleir 0003:05AC:8243.0025: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1083.409362][   T10] usb 2-1: Using ep0 maxpacket: 32
[ 1083.446857][   T10] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1083.456354][   T10] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1083.466561][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1083.477442][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1083.486620][   T10] usb 2-1: config 1 has no interface number 0
[ 1083.494048][   T10] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1083.504884][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1083.529124][T17508] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 1083.540893][   T10] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[ 1083.679019][T17508] usb 3-1: Using ep0 maxpacket: 8
[ 1083.692237][T17508] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 1083.700732][T17508] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1083.749260][   T10] snd_usb_pod 2-1:1.1: endpoint not available, using fallback values
[ 1083.767213][T17508] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1083.791000][   T10] snd_usb_pod 2-1:1.1: invalid control EP
[ 1083.797453][T17508] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1083.807546][   T10] snd_usb_pod 2-1:1.1: cannot start listening: -22
[ 1083.814127][T17508] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1083.827376][   T10] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[ 1083.834773][   T10] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1083.843478][T17508] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1083.855149][T17508] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1083.989178][   T24] usb 2-1: USB disconnect, device number 93
[ 1084.078853][T17508] usb 3-1: GET_CAPABILITIES returned 0
[ 1084.088914][T17508] usbtmc 3-1:16.0: can't read capabilities
[ 1084.324186][   T10] usb 4-1: USB disconnect, device number 89
[ 1084.874838][T19039] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1084.889538][T19039] syzkaller0: entered promiscuous mode
[ 1084.895069][T19039] syzkaller0: entered allmulticast mode
[ 1084.938706][   T24] usb 2-1: new full-speed USB device number 94 using dummy_hcd
[ 1085.210854][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1085.230820][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1085.247211][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1085.286182][   T24] usb 2-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 1085.295939][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1085.307600][   T24] usb 2-1: config 0 descriptor??
[ 1085.318601][T19036] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1085.408067][T19033] tipc: Resetting bearer <eth:syzkaller0>
[ 1085.428298][T19033] tipc: Disabling bearer <eth:syzkaller0>
[ 1085.583291][   T24] usbhid 2-1:0.0: can't add hid device: -71
[ 1085.589323][   T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1085.760481][   T24] usb 2-1: USB disconnect, device number 94
[ 1086.318098][T11317] usb 3-1: USB disconnect, device number 96
[ 1087.162792][T19058] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3378'.
[ 1087.468393][T19064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3378'.
[ 1088.601418][   T30] audit: type=1326 audit(1756196215.233:1882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19070 comm="syz.1.3381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f010ab8ebe9 code=0x7fc00000
[ 1088.666723][T19078] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3382'.
[ 1089.163505][T19085] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3385'.
[ 1089.635807][   T10] usb 4-1: new full-speed USB device number 90 using dummy_hcd
[ 1089.880510][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1089.891680][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1089.927220][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1089.948219][   T10] usb 4-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 1089.958832][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1089.970181][   T10] usb 4-1: config 0 descriptor??
[ 1089.976693][T19089] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1090.118852][   T24] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[ 1090.187857][   T10] usbhid 4-1:0.0: can't add hid device: -71
[ 1090.195867][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1090.206320][   T10] usb 4-1: USB disconnect, device number 90
[ 1090.218926][ T5896] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[ 1090.268868][   T24] usb 6-1: Using ep0 maxpacket: 8
[ 1090.275000][   T24] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1090.283236][   T24] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1090.293411][   T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1090.304676][   T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1090.315445][   T24] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1090.328467][   T24] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1090.337558][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1090.390317][ T5896] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1090.400519][ T5896] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1090.411696][ T5896] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1090.420805][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1090.431675][ T5896] usb 3-1: SerialNumber: syz
[ 1090.551235][   T24] usb 6-1: GET_CAPABILITIES returned 0
[ 1090.556880][   T24] usbtmc 6-1:16.0: can't read capabilities
[ 1091.838686][T19111] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3393'.
[ 1091.997024][T19114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3393'.
[ 1092.220487][T19117] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048)
[ 1092.237547][T19118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3395'.
[ 1092.355116][T19121] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3397'.
[ 1093.001706][ T5896] usb 3-1: USB disconnect, device number 97
[ 1093.021136][ T5918] usb 6-1: USB disconnect, device number 62
[ 1093.528895][ T5896] usb 3-1: new full-speed USB device number 98 using dummy_hcd
[ 1093.850316][ T5896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1093.861593][ T5896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1093.948830][ T5918] usb 6-1: new full-speed USB device number 63 using dummy_hcd
[ 1094.009020][ T5896] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1094.031356][ T5896] usb 3-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 1094.115828][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1094.125487][ T5918] usb 6-1: config 0 has an invalid interface number: 128 but max is 0
[ 1094.133762][ T5918] usb 6-1: config 0 has no interface number 0
[ 1094.142460][ T5918] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1094.151626][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1094.182831][ T5918] usb 6-1: Product: syz
[ 1094.187718][ T5896] usb 3-1: config 0 descriptor??
[ 1094.192840][ T5918] usb 6-1: Manufacturer: syz
[ 1094.198262][ T5918] usb 6-1: SerialNumber: syz
[ 1094.203717][T19134] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1094.230321][ T5918] usb 6-1: config 0 descriptor??
[ 1094.261149][T19139] netlink: 292 bytes leftover after parsing attributes in process `syz.1.3402'.
[ 1094.416944][ T5896] usbhid 3-1:0.0: can't add hid device: -71
[ 1094.459258][ T5896] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1094.476535][ T5896] usb 3-1: USB disconnect, device number 98
[ 1094.653336][ T5918] usb 6-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73)
[ 1094.859713][ T5918] usb 6-1: no permanent extended address found, random address set
[ 1094.876747][ T5918] usb 6-1: atusb_probe: initialization failed, error = -524
[ 1094.887394][ T5918] atusb 6-1:0.128: probe with driver atusb failed with error -524
[ 1096.194164][ T5896] usb 6-1: USB disconnect, device number 63
[ 1096.323782][T19154] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1096.329994][T19154] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1096.609403][T19160] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3408'.
[ 1097.030771][T19166] tipc: Started in network mode
[ 1097.035809][T19166] tipc: Node identity 8ab98d4ba595, cluster identity 4711
[ 1097.134131][T19166] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1097.141075][T19167] syzkaller0: entered promiscuous mode
[ 1097.146530][T19167] syzkaller0: entered allmulticast mode
[ 1097.304730][T19165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3408'.
[ 1097.543235][T19162] tipc: Resetting bearer <eth:syzkaller0>
[ 1097.583851][T19162] tipc: Disabling bearer <eth:syzkaller0>
[ 1097.706259][   T30] audit: type=1400 audit(1756196224.423:1883): avc:  denied  { bind } for  pid=19175 comm="syz.0.3413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1097.726626][   T30] audit: type=1400 audit(1756196224.423:1884): avc:  denied  { ioctl } for  pid=19175 comm="syz.0.3413" path="socket:[78970]" dev="sockfs" ino=78970 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1097.759976][T19177] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1097.802586][T19177] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1097.898865][T15815] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[ 1097.920682][   T10] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 1098.120391][T19189] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3417'.
[ 1098.131535][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1098.146178][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1098.158839][T15815] usb 6-1: Using ep0 maxpacket: 8
[ 1098.164325][   T10] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1098.165435][T15815] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 1098.181957][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1098.191073][   T10] usb 3-1: SerialNumber: syz
[ 1098.646969][T15815] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1098.657127][T15815] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1098.667343][T15815] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1098.679703][T15815] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1098.693712][T15815] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1098.703493][T15815] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1099.169752][T19194] mkiss: ax0: crc mode is auto.
[ 1099.335080][T15815] usb 6-1: GET_CAPABILITIES returned 0
[ 1099.364664][T15815] usbtmc 6-1:16.0: can't read capabilities
[ 1100.288884][T11317] usb 2-1: new full-speed USB device number 95 using dummy_hcd
[ 1100.446109][T11317] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[ 1100.456264][T11317] usb 2-1: config 0 has no interface number 0
[ 1100.464642][T11317] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1100.474151][T11317] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1100.482270][T11317] usb 2-1: Product: syz
[ 1100.486525][T11317] usb 2-1: Manufacturer: syz
[ 1100.487777][T19210] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3423'.
[ 1100.508884][T11317] usb 2-1: SerialNumber: syz
[ 1100.524737][T11317] usb 2-1: config 0 descriptor??
[ 1100.705472][   T10] usb 3-1: USB disconnect, device number 99
[ 1101.112096][T19219] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1101.119771][T19219] syzkaller0: entered promiscuous mode
[ 1101.125331][T19219] syzkaller0: entered allmulticast mode
[ 1101.579085][T19211] tipc: Resetting bearer <eth:syzkaller0>
[ 1101.596579][T19211] tipc: Disabling bearer <eth:syzkaller0>
[ 1101.752772][T11317] usb 2-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73)
[ 1102.147277][T19213] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3423'.
[ 1102.279676][T11317] usb 2-1: no permanent extended address found, random address set
[ 1102.379113][T11317] usb 2-1: atusb_probe: initialization failed, error = -524
[ 1102.386620][T11317] atusb 2-1:0.128: probe with driver atusb failed with error -524
[ 1102.388877][ T5918] usb 6-1: USB disconnect, device number 64
[ 1102.481957][T11317] usb 2-1: USB disconnect, device number 95
[ 1102.811592][T19230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3430'.
[ 1102.820658][T19230] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3430'.
[ 1102.919074][T19235] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1102.945116][T11897] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1102.967253][T19235] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3429'.
[ 1102.986256][T11897] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1103.008084][T19233] netlink: 292 bytes leftover after parsing attributes in process `syz.5.3431'.
[ 1103.044881][T11897] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1103.056890][T19238] 9pnet_fd: Insufficient options for proto=fd
[ 1103.065211][T11897] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1103.768897][   T10] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1103.834973][T19249] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1103.855180][T19249] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3434'.
[ 1104.168825][   T10] usb 3-1: Using ep0 maxpacket: 32
[ 1104.183220][   T10] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1104.201966][   T10] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1104.220543][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1104.358082][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1104.398506][   T10] usb 3-1: config 1 has no interface number 0
[ 1104.424854][   T10] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1104.454290][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1104.592718][T19253] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3436'.
[ 1104.595401][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1105.034302][   T10] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[ 1105.042948][   T10] snd_usb_pod 3-1:1.1: invalid control EP
[ 1105.052951][   T10] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1105.059725][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1105.179406][   T10] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1105.455640][   T10] usb 3-1: USB disconnect, device number 100
[ 1105.747063][T19259] tipc: Started in network mode
[ 1105.752191][T19259] tipc: Node identity e2f778252696, cluster identity 4711
[ 1105.760672][T19259] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1105.773557][T19259] syzkaller0: entered promiscuous mode
[ 1105.779181][T19259] syzkaller0: entered allmulticast mode
[ 1106.293816][T19256] tipc: Resetting bearer <eth:syzkaller0>
[ 1106.307870][T19256] tipc: Disabling bearer <eth:syzkaller0>
[ 1106.698328][T19274] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1106.710189][T19274] netlink: 244 bytes leftover after parsing attributes in process `syz.5.3442'.
[ 1106.949131][   T10] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1107.012473][T19279] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1107.029961][T19279] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3443'.
[ 1107.199485][   T10] usb 2-1: Using ep0 maxpacket: 16
[ 1107.207473][   T10] usb 2-1: config 8 has an invalid interface number: 39 but max is 0
[ 1107.215913][   T10] usb 2-1: config 8 has no interface number 0
[ 1107.222932][   T10] usb 2-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[ 1107.235545][   T10] usb 2-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1107.261852][   T10] usb 2-1: config 8 interface 39 has no altsetting 0
[ 1107.291660][   T10] usb 2-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[ 1107.301719][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1107.310749][   T10] usb 2-1: Product: syz
[ 1107.335087][   T10] usb 2-1: Manufacturer: syz
[ 1107.353822][   T10] usb 2-1: SerialNumber: syz
[ 1108.254030][T19272] ceph: No mds server is up or the cluster is laggy
[ 1108.261090][    T9] libceph: connect (1)[c::]:6789 error -101
[ 1108.271227][    T9] libceph: mon0 (1)[c::]:6789 connect error
[ 1108.414723][   T10] ipheth 2-1:8.39: Unable to find endpoints
[ 1108.440001][   T10] usb 2-1: USB disconnect, device number 96
[ 1108.675798][   T30] audit: type=1400 audit(1756196235.393:1885): avc:  denied  { mount } for  pid=19295 comm="syz.3.3448" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1
[ 1108.680453][T19296] netlink: 'syz.3.3448': attribute type 12 has an invalid length.
[ 1108.779021][ T5918] usb 3-1: new full-speed USB device number 101 using dummy_hcd
[ 1108.889184][   T10] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[ 1109.031152][ T5918] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[ 1109.047392][ T5918] usb 3-1: config 0 has no interface number 0
[ 1109.071070][ T5918] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1109.075452][T19299] FAULT_INJECTION: forcing a failure.
[ 1109.075452][T19299] name failslab, interval 1, probability 0, space 0, times 0
[ 1109.080883][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1109.102717][T19299] CPU: 1 UID: 0 PID: 19299 Comm: syz.1.3449 Not tainted syzkaller #0 PREEMPT(full) 
[ 1109.102745][T19299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1109.102755][T19299] Call Trace:
[ 1109.102761][T19299]  <TASK>
[ 1109.102769][T19299]  dump_stack_lvl+0x16c/0x1f0
[ 1109.102792][T19299]  should_fail_ex+0x512/0x640
[ 1109.102813][T19299]  ? fs_reclaim_acquire+0xae/0x150
[ 1109.102838][T19299]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1109.102862][T19299]  should_failslab+0xc2/0x120
[ 1109.102882][T19299]  __kmalloc_noprof+0xd2/0x510
[ 1109.102901][T19299]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1109.102919][T19299]  ? tomoyo_profile+0x47/0x60
[ 1109.102931][T19299]  tomoyo_path_number_perm+0x245/0x580
[ 1109.102950][T19299]  ? tomoyo_path_number_perm+0x237/0x580
[ 1109.102975][T19299]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1109.102998][T19299]  ? find_held_lock+0x2b/0x80
[ 1109.103038][T19299]  ? find_held_lock+0x2b/0x80
[ 1109.103052][T19299]  ? hook_file_ioctl_common+0x145/0x410
[ 1109.103067][T19299]  ? __fget_files+0x20e/0x3c0
[ 1109.103082][T19299]  security_file_ioctl+0x9b/0x240
[ 1109.103100][T19299]  __x64_sys_ioctl+0xb7/0x210
[ 1109.103128][T19299]  do_syscall_64+0xcd/0x4c0
[ 1109.103149][T19299]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1109.103166][T19299] RIP: 0033:0x7f010ab8ebe9
[ 1109.103181][T19299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1109.103193][T19299] RSP: 002b:00007f010ba76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1109.103204][T19299] RAX: ffffffffffffffda RBX: 00007f010adb5fa0 RCX: 00007f010ab8ebe9
[ 1109.103211][T19299] RDX: 0000200000000040 RSI: 000000008050640a RDI: 0000000000000003
[ 1109.103218][T19299] RBP: 00007f010ba76090 R08: 0000000000000000 R09: 0000000000000000
[ 1109.103225][T19299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1109.103231][T19299] R13: 00007f010adb6038 R14: 00007f010adb5fa0 R15: 00007ffd3d190318
[ 1109.103250][T19299]  </TASK>
[ 1109.103410][T19299] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1109.103480][   T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1109.113102][ T5918] usb 3-1: Product: syz
[ 1109.140714][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1109.295652][ T5918] usb 3-1: Manufacturer: syz
[ 1109.352278][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1109.364809][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1109.365149][ T5918] usb 3-1: SerialNumber: syz
[ 1109.392577][ T5918] usb 3-1: config 0 descriptor??
[ 1109.404982][   T30] audit: type=1400 audit(1756196236.113:1886): avc:  denied  { ioctl } for  pid=19302 comm="syz.1.3451" path="socket:[80340]" dev="sockfs" ino=80340 ioctlcmd=0x942a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1109.431066][   T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1109.440338][   T10] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1109.448463][   T10] usb 6-1: Manufacturer: syz
[ 1109.456338][   T10] usb 6-1: config 0 descriptor??
[ 1109.751909][T19309] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1109.762599][T19309] syzkaller0: entered promiscuous mode
[ 1109.768163][T19309] syzkaller0: entered allmulticast mode
[ 1109.929572][    T9] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[ 1110.022342][ T5918] usb 3-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73)
[ 1110.084820][   T10] appleir 0003:05AC:8243.0026: unknown main item tag 0x0
[ 1110.094555][   T10] appleir 0003:05AC:8243.0026: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[ 1110.118974][    T9] usb 4-1: Using ep0 maxpacket: 32
[ 1110.125473][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1110.135759][    T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1110.146549][    T9] usb 4-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b
[ 1110.155817][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1110.165334][    T9] usb 4-1: Product: syz
[ 1110.169561][    T9] usb 4-1: Manufacturer: syz
[ 1110.174196][    T9] usb 4-1: SerialNumber: syz
[ 1110.180974][    T9] usb 4-1: config 0 descriptor??
[ 1110.231670][ T5918] usb 3-1: no permanent extended address found, random address set
[ 1110.239832][ T5918] usb 3-1: atusb_probe: initialization failed, error = -524
[ 1110.247219][ T5918] atusb 3-1:0.128: probe with driver atusb failed with error -524
[ 1110.261097][T19304] tipc: Resetting bearer <eth:syzkaller0>
[ 1110.277481][T19304] tipc: Disabling bearer <eth:syzkaller0>
[ 1110.392431][T15815] usb 4-1: USB disconnect, device number 91
[ 1110.481953][ T5918] usb 3-1: USB disconnect, device number 101
[ 1110.590614][   T30] audit: type=1400 audit(1756196237.313:1887): avc:  denied  { read write } for  pid=19312 comm="syz.1.3455" name="file0" dev="fuse" ino=144115188075855875 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 1110.599378][T19314] sd 0:0:1:0: PR command failed: 1026
[ 1110.620452][T19314] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[ 1110.627326][T19314] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 1110.707335][   T30] audit: type=1400 audit(1756196237.313:1888): avc:  denied  { open } for  pid=19312 comm="syz.1.3455" path="/114/file0/file0" dev="fuse" ino=144115188075855875 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 1110.736775][   T30] audit: type=1400 audit(1756196237.313:1889): avc:  denied  { ioctl } for  pid=19312 comm="syz.1.3455" path="/114/file0/file0" dev="fuse" ino=144115188075855875 ioctlcmd=0x70c9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 1110.999766][ T5918] usb 6-1: USB disconnect, device number 65
[ 1111.590923][T19325] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3459'.
[ 1111.601566][T19325] netlink: 'syz.3.3459': attribute type 8 has an invalid length.
[ 1111.623282][   T30] audit: type=1400 audit(1756196238.343:1890): avc:  denied  { remount } for  pid=19324 comm="syz.3.3459" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1111.697362][T19329] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3461'.
[ 1111.742180][T19331] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3460'.
[ 1111.881556][T19332] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3461'.
[ 1112.330441][T19338] SELinux:  policydb version -1343907157 does not match my version range 15-35
[ 1112.382746][T19338] SELinux: failed to load policy
[ 1112.757898][T19326] comedi comedi2: reset error (fatal)
[ 1113.040716][T19348] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1113.048109][T19348] syzkaller0: entered promiscuous mode
[ 1113.053693][T19348] syzkaller0: entered allmulticast mode
[ 1113.081226][T19347] netlink: 292 bytes leftover after parsing attributes in process `syz.2.3466'.
[ 1113.310009][T15815] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[ 1113.378239][T19343] tipc: Resetting bearer <eth:syzkaller0>
[ 1113.392451][T19343] tipc: Disabling bearer <eth:syzkaller0>
[ 1113.428966][  T976] usb 2-1: new full-speed USB device number 97 using dummy_hcd
[ 1113.499001][T15815] usb 4-1: config 127 has an invalid interface number: 127 but max is 0
[ 1113.524472][T15815] usb 4-1: config 127 has no interface number 0
[ 1113.619011][T15815] usb 4-1: New USB device found, idVendor=1bc7, idProduct=9201, bcdDevice=12.f5
[ 1113.678496][  T976] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[ 1113.703993][  T976] usb 2-1: config 0 has no interface number 0
[ 1113.711193][T15815] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1113.722418][  T976] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1113.733114][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1113.743084][  T976] usb 2-1: Product: syz
[ 1113.769170][  T976] usb 2-1: Manufacturer: syz
[ 1113.860297][  T976] usb 2-1: SerialNumber: syz
[ 1113.868133][  T976] usb 2-1: config 0 descriptor??
[ 1114.279836][  T976] usb 2-1: Firmware: major: 84, minor: 103, hardware type: UNKNOWN (73)
[ 1114.684060][  T976] usb 2-1: no permanent extended address found, random address set
[ 1114.703016][  T976] usb 2-1: atusb_probe: initialization failed, error = -524
[ 1114.724955][  T976] atusb 2-1:0.128: probe with driver atusb failed with error -524
[ 1114.911466][ T5896] usb 2-1: USB disconnect, device number 97
[ 1114.924294][T19375] netlink: 'syz.5.3473': attribute type 3 has an invalid length.
[ 1114.932510][T19375] netlink: 3 bytes leftover after parsing attributes in process `syz.5.3473'.
[ 1115.118897][  T976] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1115.178944][T17508] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[ 1115.181693][T19377] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3474'.
[ 1115.275466][T19378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3474'.
[ 1115.290239][  T976] usb 3-1: Using ep0 maxpacket: 32
[ 1115.306410][  T976] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1115.314997][  T976] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1115.330007][  T976] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1115.345622][T17508] usb 6-1: Using ep0 maxpacket: 32
[ 1115.347056][  T976] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1115.366709][  T976] usb 3-1: config 1 has no interface number 0
[ 1115.373613][T17508] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1115.374153][  T976] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1115.392397][T17508] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1115.393570][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1115.409398][T17508] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1115.411886][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.426541][T17508] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1115.478887][T15815] usb 4-1: string descriptor 0 read error: -71
[ 1115.498640][T15815] option 4-1:127.127: GSM modem (1-port) converter detected
[ 1115.676079][  T976] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1115.682729][T17508] usb 6-1: config 1 has no interface number 0
[ 1115.682798][T17508] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1115.739346][T15815] usb 4-1: USB disconnect, device number 92
[ 1115.745385][T17508] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1115.759875][T15815] option 4-1:127.127: device disconnected
[ 1115.805062][T17508] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[ 1115.904409][  T976] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[ 1115.918734][  T976] snd_usb_pod 3-1:1.1: invalid control EP
[ 1115.925043][  T976] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1115.931743][  T976] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1115.939276][  T976] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1116.505891][T17508] snd_usb_pod 6-1:1.1: endpoint not available, using fallback values
[ 1116.519777][T17508] snd_usb_pod 6-1:1.1: invalid control EP
[ 1116.527031][T17508] snd_usb_pod 6-1:1.1: cannot start listening: -22
[ 1116.534446][T17508] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[ 1116.565119][T17508] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1116.692797][T19386] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1116.700874][T19386] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1116.710564][T19393] overlayfs: overlapping lowerdir path
[ 1116.716880][T19386] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1116.725643][T17508] usb 3-1: USB disconnect, device number 102
[ 1116.728952][T19386] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 1116.752255][T19393] trusted_key: encrypted_key: insufficient parameters specified
[ 1116.762037][T19393] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1116.820355][   T10] usb 6-1: USB disconnect, device number 66
[ 1117.274670][T19397] netlink: 'syz.2.3479': attribute type 3 has an invalid length.
[ 1117.282660][T19397] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3479'.
[ 1117.495634][T19400] netlink: 'syz.3.3480': attribute type 13 has an invalid length.
[ 1117.528886][   T10] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1117.758857][   T10] usb 3-1: Using ep0 maxpacket: 32
[ 1117.770073][   T10] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1117.783277][   T10] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1117.795285][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1117.808662][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1117.822037][   T10] usb 3-1: config 1 has no interface number 0
[ 1117.832638][   T10] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1117.854395][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1117.880126][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1118.083137][   T10] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[ 1118.102841][   T10] snd_usb_pod 3-1:1.1: invalid control EP
[ 1118.116805][   T10] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1118.131035][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1118.145675][   T10] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1118.484565][   T30] audit: type=1400 audit(1756196245.173:1891): avc:  denied  { write } for  pid=19406 comm="syz.3.3482" path="socket:[80580]" dev="sockfs" ino=80580 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1118.616124][  T976] usb 3-1: USB disconnect, device number 103
[ 1119.309051][  T976] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[ 1119.428937][ T5918] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1119.470104][  T976] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1119.484393][  T976] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1119.495349][  T976] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1119.505155][  T976] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1119.520065][  T976] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1119.529253][  T976] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1119.537315][  T976] usb 6-1: Manufacturer: syz
[ 1119.543138][  T976] usb 6-1: config 0 descriptor??
[ 1119.605259][ T5918] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1119.614450][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1119.623214][ T5918] usb 3-1: Product: syz
[ 1119.627575][ T5918] usb 3-1: Manufacturer: syz
[ 1119.632370][ T5918] usb 3-1: SerialNumber: syz
[ 1119.643062][ T5918] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1119.665164][T15815] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1119.750510][T19426] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3487'.
[ 1119.816711][T19427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3487'.
[ 1119.995495][  T976] appleir 0003:05AC:8243.0027: unknown main item tag 0x0
[ 1120.068477][T19419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1120.069347][  T976] appleir 0003:05AC:8243.0027: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[ 1120.094891][T19419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1120.426417][  T976] usb 3-1: USB disconnect, device number 104
[ 1120.740164][T19445] syzkaller0: entered promiscuous mode
[ 1120.745710][T19445] syzkaller0: entered allmulticast mode
[ 1121.228871][T15815] usb 3-1: Service connection timeout for: 256
[ 1121.235210][T15815] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1121.246595][T15815] ath9k_htc: Failed to initialize the device
[ 1121.252812][  T976] usb 3-1: ath9k_htc: USB layer deinitialized
[ 1121.423042][T19451] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3494'.
[ 1121.629258][  T976] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 1121.810544][  T976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1121.820620][  T976] usb 3-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00
[ 1121.829732][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.839034][  T976] usb 3-1: config 0 descriptor??
[ 1122.036727][T11317] usb 6-1: USB disconnect, device number 67
[ 1122.251005][  T976] itetech 0003:258A:6A88.0028: hidraw0: USB HID v0.00 Device [HID 258a:6a88] on usb-dummy_hcd.2-1/input0
[ 1122.379087][T11317] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[ 1122.574287][T11317] usb 6-1: device descriptor read/64, error -71
[ 1123.168902][T11317] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[ 1123.458874][T11317] usb 6-1: device descriptor read/64, error -71
[ 1123.587939][T11317] usb usb6-port1: attempt power cycle
[ 1123.709031][   T10] usb 4-1: new full-speed USB device number 93 using dummy_hcd
[ 1123.860853][   T10] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[ 1123.869333][   T10] usb 4-1: config 0 has no interface number 0
[ 1123.877352][   T10] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1123.886577][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.894680][   T10] usb 4-1: Product: syz
[ 1123.898911][   T10] usb 4-1: Manufacturer: syz
[ 1123.903565][   T10] usb 4-1: SerialNumber: syz
[ 1123.909940][   T10] usb 4-1: config 0 descriptor??
[ 1123.928822][T11317] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[ 1123.949317][T11317] usb 6-1: device descriptor read/8, error -71
[ 1124.189078][T11317] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[ 1124.210847][T11317] usb 6-1: device descriptor read/8, error -71
[ 1124.287930][  T979] usb 3-1: USB disconnect, device number 105
[ 1124.317941][   T10] usb 4-1: Firmware version (0.0) predates our first public release.
[ 1124.333421][T11317] usb usb6-port1: unable to enumerate USB device
[ 1124.347293][   T10] usb 4-1: Please update to version 0.2 or newer
[ 1124.702989][   T10] usb 4-1: USB disconnect, device number 93
[ 1124.899072][  T979] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 1124.985081][T19490] netlink: 'syz.3.3506': attribute type 3 has an invalid length.
[ 1124.998193][T19490] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3506'.
[ 1125.103901][  T979] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1125.150149][  T979] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1125.173683][  T979] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1125.197412][   T30] audit: type=1326 audit(1756196251.913:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1125.595194][  T976] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[ 1126.065304][  T979] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1126.083657][   T30] audit: type=1326 audit(1756196251.913:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1126.112648][  T979] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1126.126033][  T979] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1126.151014][  T979] usb 2-1: Manufacturer: syz
[ 1126.157047][   T30] audit: type=1326 audit(1756196251.913:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1126.207971][  T979] usb 2-1: config 0 descriptor??
[ 1126.213625][   T30] audit: type=1326 audit(1756196251.913:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1126.237391][  T976] usb 4-1: Using ep0 maxpacket: 32
[ 1126.283787][  T976] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1126.292738][   T30] audit: type=1326 audit(1756196251.913:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1126.331080][  T976] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1126.369081][  T976] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1126.379481][  T976] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1126.388888][  T976] usb 4-1: config 1 has no interface number 0
[ 1126.397369][   T30] audit: type=1326 audit(1756196251.913:1897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1126.493918][  T976] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1126.625864][  T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1126.635625][  T979] appleir 0003:05AC:8243.0029: unknown main item tag 0x0
[ 1126.650886][   T30] audit: type=1326 audit(1756196251.913:1898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1126.788397][  T976] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[ 1126.805348][  T979] appleir 0003:05AC:8243.0029: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[ 1126.909721][  T976] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values
[ 1126.930036][  T976] snd_usb_pod 4-1:1.1: invalid control EP
[ 1126.939986][  T976] snd_usb_pod 4-1:1.1: cannot start listening: -22
[ 1126.958272][   T30] audit: type=1326 audit(1756196251.913:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1126.961013][  T976] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[ 1126.989526][   T30] audit: type=1326 audit(1756196251.913:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1127.040633][   T30] audit: type=1326 audit(1756196251.913:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19491 comm="syz.5.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e7a98ebe9 code=0x7ffc0000
[ 1127.067791][  T976] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1127.358940][  T979] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 1127.408487][  T976] usb 4-1: USB disconnect, device number 94
[ 1127.510144][  T979] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1127.520613][  T979] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1127.531025][  T979] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1127.540231][  T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1127.548526][  T979] usb 3-1: SerialNumber: syz
[ 1127.887219][  T979] usb 3-1: USB disconnect, device number 106
[ 1128.008352][T19518] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3514'.
[ 1128.218363][  T979] usb 2-1: USB disconnect, device number 98
[ 1128.528930][T11317] usb 6-1: new full-speed USB device number 72 using dummy_hcd
[ 1128.691003][T11317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1128.702209][T11317] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1128.713146][T11317] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1128.726836][T11317] usb 6-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 1128.736119][T11317] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1128.745445][T11317] usb 6-1: config 0 descriptor??
[ 1128.751138][T19524] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1128.778884][  T979] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 1128.908831][  T979] usb 3-1: device descriptor read/64, error -71
[ 1128.962105][T11317] usbhid 6-1:0.0: can't add hid device: -71
[ 1128.968139][T11317] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1128.978095][T11317] usb 6-1: USB disconnect, device number 72
[ 1129.149309][  T979] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 1129.158300][T19539] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48832 sclass=netlink_tcpdiag_socket pid=19539 comm=syz.3.3521
[ 1129.303080][  T979] usb 3-1: device descriptor read/64, error -71
[ 1129.351148][T19549] FAULT_INJECTION: forcing a failure.
[ 1129.351148][T19549] name failslab, interval 1, probability 0, space 0, times 0
[ 1129.369170][T19549] CPU: 1 UID: 0 PID: 19549 Comm: syz.1.3523 Not tainted syzkaller #0 PREEMPT(full) 
[ 1129.369196][T19549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1129.369206][T19549] Call Trace:
[ 1129.369212][T19549]  <TASK>
[ 1129.369218][T19549]  dump_stack_lvl+0x16c/0x1f0
[ 1129.369249][T19549]  should_fail_ex+0x512/0x640
[ 1129.369269][T19549]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1129.369291][T19549]  should_failslab+0xc2/0x120
[ 1129.369312][T19549]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1129.369330][T19549]  ? __f_unlock_pos+0xd/0x20
[ 1129.369351][T19549]  ? getname_flags.part.0+0x4c/0x550
[ 1129.369380][T19549]  getname_flags.part.0+0x4c/0x550
[ 1129.369408][T19549]  getname_flags+0x93/0xf0
[ 1129.369427][T19549]  __x64_sys_rename+0x58/0xa0
[ 1129.369450][T19549]  do_syscall_64+0xcd/0x4c0
[ 1129.369472][T19549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.369490][T19549] RIP: 0033:0x7f010ab8ebe9
[ 1129.369504][T19549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1129.369521][T19549] RSP: 002b:00007f010ba34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[ 1129.369539][T19549] RAX: ffffffffffffffda RBX: 00007f010adb6180 RCX: 00007f010ab8ebe9
[ 1129.369550][T19549] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000280
[ 1129.369562][T19549] RBP: 00007f010ba34090 R08: 0000000000000000 R09: 0000000000000000
[ 1129.369574][T19549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1129.369585][T19549] R13: 00007f010adb6218 R14: 00007f010adb6180 R15: 00007ffd3d190318
[ 1129.369610][T19549]  </TASK>
[ 1129.538248][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1129.545143][  T979] usb usb3-port1: attempt power cycle
[ 1130.068921][  T976] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[ 1130.128889][  T979] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 1130.149791][  T979] usb 3-1: device descriptor read/8, error -71
[ 1130.260556][  T976] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1130.271845][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1130.282758][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1130.292771][  T976] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1130.307859][  T976] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1130.316952][  T976] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1130.325140][  T976] usb 2-1: Manufacturer: syz
[ 1130.341613][  T976] usb 2-1: config 0 descriptor??
[ 1130.429118][  T979] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 1130.469472][  T979] usb 3-1: device descriptor read/8, error -71
[ 1130.591997][  T979] usb usb3-port1: unable to enumerate USB device
[ 1130.872215][  T976] appleir 0003:05AC:8243.002A: unknown main item tag 0x0
[ 1130.922198][  T976] appleir 0003:05AC:8243.002A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[ 1130.942078][T19564] mkiss: ax0: crc mode is auto.
[ 1131.208823][  T976] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[ 1131.298869][   T24] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[ 1131.358833][  T976] usb 6-1: Using ep0 maxpacket: 16
[ 1131.365235][  T976] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1131.376434][  T976] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1131.386170][  T976] usb 6-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[ 1131.395327][  T976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1131.404962][  T976] usb 6-1: config 0 descriptor??
[ 1131.450131][   T24] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[ 1131.458274][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1131.469841][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1131.480716][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1131.491895][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1131.504827][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1131.513870][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1131.523197][   T24] usb 4-1: config 0 descriptor??
[ 1131.528685][T19566] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[ 1131.828283][  T976] hid-multitouch 0003:1FD2:6007.002B: hidraw1: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.5-1/input0
[ 1131.955027][   T24] plantronics 0003:047F:FFFF.002C: reserved main item tag 0xd
[ 1131.976276][   T24] plantronics 0003:047F:FFFF.002C: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1132.027974][   T24] usb 6-1: USB disconnect, device number 73
[ 1132.176350][T11317] usb 4-1: USB disconnect, device number 95
[ 1132.468850][   T24] usb 6-1: new full-speed USB device number 74 using dummy_hcd
[ 1132.634200][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1132.643752][   T24] usb 6-1: not running at top speed; connect to a high speed hub
[ 1132.653993][   T24] usb 6-1: config 129 has an invalid interface number: 222 but max is 0
[ 1132.662419][   T24] usb 6-1: config 129 has no interface number 0
[ 1132.669240][   T24] usb 6-1: config 129 interface 222 has no altsetting 0
[ 1132.678100][   T24] usb 6-1: New USB device found, idVendor=19d2, idProduct=ff83, bcdDevice= 7.75
[ 1132.688440][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1132.699045][   T24] usb 6-1: Product: syz
[ 1132.703226][   T24] usb 6-1: Manufacturer: syz
[ 1132.707802][   T24] usb 6-1: SerialNumber: syz
[ 1132.920502][   T24] option 6-1:129.222: GSM modem (1-port) converter detected
[ 1132.929771][   T24] usb 6-1: USB disconnect, device number 74
[ 1132.936311][   T24] option 6-1:129.222: device disconnected
[ 1133.037575][T19592] FAULT_INJECTION: forcing a failure.
[ 1133.037575][T19592] name failslab, interval 1, probability 0, space 0, times 0
[ 1133.050458][T19592] CPU: 0 UID: 0 PID: 19592 Comm: syz.1.3538 Not tainted syzkaller #0 PREEMPT(full) 
[ 1133.050483][T19592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1133.050493][T19592] Call Trace:
[ 1133.050500][T19592]  <TASK>
[ 1133.050507][T19592]  dump_stack_lvl+0x16c/0x1f0
[ 1133.050531][T19592]  should_fail_ex+0x512/0x640
[ 1133.050551][T19592]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1133.050581][T19592]  should_failslab+0xc2/0x120
[ 1133.050602][T19592]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1133.050630][T19592]  ? input_allocate_device+0x44/0x350
[ 1133.050657][T19592]  input_allocate_device+0x44/0x350
[ 1133.050680][T19592]  uinput_ioctl_handler.isra.0+0x8bb/0x1df0
[ 1133.050700][T19592]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1133.050727][T19592]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[ 1133.050746][T19592]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1133.050795][T19592]  ? selinux_file_ioctl+0x180/0x270
[ 1133.050819][T19592]  ? selinux_file_ioctl+0xb4/0x270
[ 1133.050845][T19592]  ? __pfx_uinput_ioctl+0x10/0x10
[ 1133.050866][T19592]  __x64_sys_ioctl+0x18b/0x210
[ 1133.050895][T19592]  do_syscall_64+0xcd/0x4c0
[ 1133.050917][T19592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1133.050933][T19592] RIP: 0033:0x7f010ab8ebe9
[ 1133.050943][T19592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1133.050956][T19592] RSP: 002b:00007f010ba76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1133.050967][T19592] RAX: ffffffffffffffda RBX: 00007f010adb5fa0 RCX: 00007f010ab8ebe9
[ 1133.050975][T19592] RDX: 0000200000000040 RSI: 00000000401c5504 RDI: 0000000000000003
[ 1133.050981][T19592] RBP: 00007f010ba76090 R08: 0000000000000000 R09: 0000000000000000
[ 1133.050988][T19592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1133.050995][T19592] R13: 00007f010adb6038 R14: 00007f010adb5fa0 R15: 00007ffd3d190318
[ 1133.051010][T19592]  </TASK>
[ 1133.459629][  T976] usb 2-1: USB disconnect, device number 99
[ 1133.864263][T19599] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3540'.
[ 1135.310142][T19608] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3543'.
[ 1135.390509][T19615] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1135.398461][T19613] tipc: Disabling bearer <eth:syzkaller0>
[ 1136.014191][T19637] syzkaller0: entered promiscuous mode
[ 1136.019830][T19637] syzkaller0: entered allmulticast mode
[ 1136.688881][T17508] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[ 1136.701861][T19652] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1136.740455][T19651] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3551'.
[ 1137.170374][T17508] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[ 1137.178627][T17508] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1137.190792][T17508] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1137.205796][T17508] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1137.228454][T17508] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1137.359608][T17508] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1137.956999][T17508] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1138.009161][T17508] usb 6-1: config 0 descriptor??
[ 1138.020699][T19639] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1138.225417][T19670] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1139.000728][T17508] plantronics 0003:047F:FFFF.002D: reserved main item tag 0xd
[ 1139.393739][T17508] plantronics 0003:047F:FFFF.002D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1139.933981][T17508] usb 6-1: USB disconnect, device number 75
[ 1140.288998][T19692] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1140.479257][T19692] netlink: 244 bytes leftover after parsing attributes in process `syz.5.3563'.
[ 1141.633020][T19715] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3570'.
[ 1141.653138][T19715] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3570'.
[ 1141.668689][T19715] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3570'.
[ 1141.681381][T19715] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3570'.
[ 1141.777176][T19722] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1141.810638][T19724] FAULT_INJECTION: forcing a failure.
[ 1141.810638][T19724] name failslab, interval 1, probability 0, space 0, times 0
[ 1141.825027][T19724] CPU: 0 UID: 0 PID: 19724 Comm: syz.0.3574 Not tainted syzkaller #0 PREEMPT(full) 
[ 1141.825052][T19724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1141.825062][T19724] Call Trace:
[ 1141.825068][T19724]  <TASK>
[ 1141.825073][T19724]  dump_stack_lvl+0x16c/0x1f0
[ 1141.825089][T19724]  should_fail_ex+0x512/0x640
[ 1141.825102][T19724]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1141.825130][T19724]  should_failslab+0xc2/0x120
[ 1141.825143][T19724]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1141.825160][T19724]  ? tcf_idr_create_from_flags+0x4f/0x70
[ 1141.825177][T19724]  ? tcf_pedit_init+0x416/0x1af0
[ 1141.825191][T19724]  tcf_pedit_init+0x416/0x1af0
[ 1141.825209][T19724]  ? __pfx_tcf_pedit_init+0x10/0x10
[ 1141.825230][T19724]  ? tcf_action_init_1+0x2d2/0x6c0
[ 1141.825247][T19724]  ? __asan_memcpy+0x3c/0x60
[ 1141.825266][T19724]  tcf_action_init_1+0x45d/0x6c0
[ 1141.825283][T19724]  ? __pfx_tcf_action_init_1+0x10/0x10
[ 1141.825308][T19724]  ? __nla_parse+0x40/0x60
[ 1141.825325][T19724]  tcf_action_init+0x432/0xa50
[ 1141.825346][T19724]  ? __pfx_tcf_action_init+0x10/0x10
[ 1141.825377][T19724]  ? arch_stack_walk+0xa6/0x100
[ 1141.825404][T19724]  ? __kasan_slab_free+0x60/0x70
[ 1141.825417][T19724]  ? __lock_acquire+0x62e/0x1ce0
[ 1141.825437][T19724]  tcf_action_add+0xee/0x5c0
[ 1141.825456][T19724]  ? __pfx_tcf_action_add+0x10/0x10
[ 1141.825496][T19724]  ? __nla_parse+0x40/0x60
[ 1141.825513][T19724]  tc_ctl_action+0x35b/0x470
[ 1141.825530][T19724]  ? __pfx_tc_ctl_action+0x10/0x10
[ 1141.825552][T19724]  ? __pfx_tc_ctl_action+0x10/0x10
[ 1141.825569][T19724]  rtnetlink_rcv_msg+0x3c6/0xe90
[ 1141.825584][T19724]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1141.825601][T19724]  ? ref_tracker_free+0x37c/0x830
[ 1141.825617][T19724]  netlink_rcv_skb+0x158/0x420
[ 1141.825631][T19724]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1141.825645][T19724]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1141.825664][T19724]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1141.825679][T19724]  netlink_unicast+0x5a7/0x870
[ 1141.825694][T19724]  ? __pfx_netlink_unicast+0x10/0x10
[ 1141.825707][T19724]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1141.825725][T19724]  netlink_sendmsg+0x8d1/0xdd0
[ 1141.825740][T19724]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1141.825759][T19724]  ____sys_sendmsg+0xa95/0xc70
[ 1141.825775][T19724]  ? copy_msghdr_from_user+0x10a/0x160
[ 1141.825788][T19724]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1141.825805][T19724]  ? __pfx__kstrtoull+0x10/0x10
[ 1141.825819][T19724]  ___sys_sendmsg+0x134/0x1d0
[ 1141.825832][T19724]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1141.825851][T19724]  ? find_held_lock+0x2b/0x80
[ 1141.825874][T19724]  __sys_sendmmsg+0x200/0x420
[ 1141.825888][T19724]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1141.825906][T19724]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1141.825925][T19724]  ? fput+0x9b/0xd0
[ 1141.825941][T19724]  ? xfd_validate_state+0x61/0x180
[ 1141.825957][T19724]  ? __pfx_ksys_write+0x10/0x10
[ 1141.825972][T19724]  __x64_sys_sendmmsg+0x9c/0x100
[ 1141.825984][T19724]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1141.825996][T19724]  do_syscall_64+0xcd/0x4c0
[ 1141.826010][T19724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1141.826022][T19724] RIP: 0033:0x7f078d58ebe9
[ 1141.826032][T19724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1141.826043][T19724] RSP: 002b:00007f078e443038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1141.826054][T19724] RAX: ffffffffffffffda RBX: 00007f078d7b5fa0 RCX: 00007f078d58ebe9
[ 1141.826061][T19724] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[ 1141.826068][T19724] RBP: 00007f078e443090 R08: 0000000000000000 R09: 0000000000000000
[ 1141.826075][T19724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1141.826081][T19724] R13: 00007f078d7b6038 R14: 00007f078d7b5fa0 R15: 00007ffce609fba8
[ 1141.826096][T19724]  </TASK>
[ 1143.412520][   T30] kauditd_printk_skb: 37 callbacks suppressed
[ 1143.412536][   T30] audit: type=1400 audit(1756196270.133:1939): avc:  denied  { ioctl } for  pid=19735 comm="syz.2.3577" path="socket:[82435]" dev="sockfs" ino=82435 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1143.782526][T19743] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1143.794009][T19743] syzkaller0: entered promiscuous mode
[ 1143.799549][T19743] syzkaller0: entered allmulticast mode
[ 1144.346310][T19740] tipc: Resetting bearer <eth:syzkaller0>
[ 1144.363428][T19740] tipc: Disabling bearer <eth:syzkaller0>
[ 1145.248812][  T976] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[ 1145.410149][  T976] usb 4-1: config 11 has an invalid interface number: 48 but max is 0
[ 1145.418663][  T976] usb 4-1: config 11 has no interface number 0
[ 1145.426597][  T976] usb 4-1: config 11 interface 48 altsetting 0 endpoint 0x7 has invalid maxpacket 8986, setting to 64
[ 1145.439036][  T976] usb 4-1: config 11 interface 48 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[ 1145.454152][  T976] usb 4-1: New USB device found, idVendor=03eb, idProduct=4102, bcdDevice=fc.f8
[ 1145.484241][  T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1145.498830][  T976] usb 4-1: Product: syz
[ 1145.503021][  T976] usb 4-1: Manufacturer: syz
[ 1145.507612][  T976] usb 4-1: SerialNumber: syz
[ 1146.014882][  T976] usb 4-1: USB disconnect, device number 96
[ 1146.650745][T19783] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3589'.
[ 1147.389185][T17508] usb 6-1: new full-speed USB device number 76 using dummy_hcd
[ 1147.418552][   T30] audit: type=1400 audit(1756196274.133:1940): avc:  denied  { ioctl } for  pid=19790 comm="syz.2.3591" path="socket:[82653]" dev="sockfs" ino=82653 ioctlcmd=0xf508 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1147.418615][   T10] IPVS: starting estimator thread 0...
[ 1147.550238][T17508] usb 6-1: config 0 has an invalid interface number: 128 but max is 0
[ 1147.558512][T17508] usb 6-1: config 0 has no interface number 0
[ 1147.566245][T17508] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1147.575410][T17508] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1147.583607][T17508] usb 6-1: Product: syz
[ 1147.588652][T17508] usb 6-1: Manufacturer: syz
[ 1147.610432][T17508] usb 6-1: SerialNumber: syz
[ 1147.610484][T19792] IPVS: using max 71 ests per chain, 170400 per kthread
[ 1147.622841][T17508] usb 6-1: config 0 descriptor??
[ 1147.639984][T19797] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19797 comm=syz.0.3592
[ 1148.106962][T19807] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3595'.
[ 1148.185151][T17508] usb 6-1: Firmware version (0.0) predates our first public release.
[ 1148.193332][T17508] usb 6-1: Please update to version 0.2 or newer
[ 1148.281879][T17508] usb 6-1: USB disconnect, device number 76
[ 1148.284488][   T30] audit: type=1400 audit(1756196275.003:1941): avc:  denied  { map } for  pid=19811 comm="syz.2.3596" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1148.841202][T19822] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3600'.
[ 1148.854035][T19824] netlink: 'syz.5.3599': attribute type 2 has an invalid length.
[ 1149.246619][T19829] syzkaller0: entered promiscuous mode
[ 1149.252259][T19829] syzkaller0: entered allmulticast mode
[ 1149.613384][T19826] SELinux: failed to load policy
[ 1150.008812][T15815] kernel read not supported for file /vcs (pid: 15815 comm: kworker/1:3)
[ 1150.729651][T11317] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 1151.038874][T11317] usb 3-1: Using ep0 maxpacket: 32
[ 1151.046292][T11317] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1151.054780][T11317] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1151.063428][T11317] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1151.081168][T11317] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1151.098915][T11317] usb 3-1: config 1 has no interface number 0
[ 1151.118832][T11317] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1151.128064][T11317] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.163229][T11317] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1151.379493][T11317] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[ 1151.387903][T11317] snd_usb_pod 3-1:1.1: invalid control EP
[ 1151.393905][T11317] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1151.406874][T11317] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1151.423515][T11317] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1151.434062][T19863] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3613'.
[ 1153.040642][T19873] syzkaller0: entered promiscuous mode
[ 1153.046246][T19873] syzkaller0: entered allmulticast mode
[ 1153.376616][   T10] usb 3-1: USB disconnect, device number 111
[ 1153.838212][ T3000] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1153.868804][ T3000] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1153.877579][   T30] audit: type=1400 audit(1756196280.573:1942): avc:  denied  { associate } for  pid=19861 comm="syz.0.3613" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1153.903105][ T3000] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1153.982107][ T3000] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1154.003332][   T30] audit: type=1400 audit(1756196280.573:1943): avc:  denied  { map } for  pid=19861 comm="syz.0.3613" path="/proc/309/net/pfkey" dev="proc" ino=4026534189 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[ 1154.444881][T19894] input: syz1 as /devices/virtual/input/input69
[ 1155.308973][T19903] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1155.322244][T19903] syzkaller0: entered promiscuous mode
[ 1155.327760][T19903] syzkaller0: entered allmulticast mode
[ 1155.917107][T19897] tipc: Resetting bearer <eth:syzkaller0>
[ 1155.967814][T19897] tipc: Disabling bearer <eth:syzkaller0>
[ 1155.981781][T19908] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3626'.
[ 1157.000460][T19915] FAULT_INJECTION: forcing a failure.
[ 1157.000460][T19915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1157.013811][T19915] CPU: 0 UID: 0 PID: 19915 Comm: syz.0.3628 Not tainted syzkaller #0 PREEMPT(full) 
[ 1157.013840][T19915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1157.013850][T19915] Call Trace:
[ 1157.013857][T19915]  <TASK>
[ 1157.013864][T19915]  dump_stack_lvl+0x16c/0x1f0
[ 1157.013890][T19915]  should_fail_ex+0x512/0x640
[ 1157.013914][T19915]  strncpy_from_user+0x3b/0x2e0
[ 1157.013937][T19915]  getname_flags.part.0+0x8f/0x550
[ 1157.013967][T19915]  getname_flags+0x93/0xf0
[ 1157.013986][T19915]  user_path_at+0x24/0x60
[ 1157.014006][T19915]  __x64_sys_mount+0x1fc/0x310
[ 1157.014029][T19915]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1157.014060][T19915]  do_syscall_64+0xcd/0x4c0
[ 1157.014081][T19915]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1157.014100][T19915] RIP: 0033:0x7f078d58ebe9
[ 1157.014115][T19915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1157.014133][T19915] RSP: 002b:00007f078e422038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1157.014151][T19915] RAX: ffffffffffffffda RBX: 00007f078d7b6090 RCX: 00007f078d58ebe9
[ 1157.014163][T19915] RDX: 0000200000002880 RSI: 0000200000002840 RDI: 0000000000000000
[ 1157.014175][T19915] RBP: 00007f078e422090 R08: 0000200000000200 R09: 0000000000000000
[ 1157.014185][T19915] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000001
[ 1157.014196][T19915] R13: 00007f078d7b6128 R14: 00007f078d7b6090 R15: 00007ffce609fba8
[ 1157.014221][T19915]  </TASK>
[ 1157.167479][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1157.885304][T19927] overlayfs: failed to resolve './file1': -2
[ 1160.614609][T19955] syzkaller0: entered promiscuous mode
[ 1160.620242][T19955] syzkaller0: entered allmulticast mode
[ 1161.276616][T19963] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3643'.
[ 1166.510179][T20012] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[ 1166.788849][  T976] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[ 1167.046074][  T976] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1167.055193][  T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.065207][  T976] usb 4-1: config 0 descriptor??
[ 1167.905829][  T976] pegasus 4-1:0.0: probe with driver pegasus failed with error -121
[ 1167.988499][T20028] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3660'.
[ 1168.044516][T20029] SELinux: syz.2.3659 (20029) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1168.066724][T20030] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3660'.
[ 1168.364664][T20035] netlink: 292 bytes leftover after parsing attributes in process `syz.5.3661'.
[ 1169.078174][T20048] ==================================================================
[ 1169.086255][T20048] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x21d2/0x43c0
[ 1169.094823][T20048] Write of size 640 at addr ffffc900043f3e00 by task vivid-000-vid-c/20048
[ 1169.103372][T20048] 
[ 1169.105666][T20048] CPU: 0 UID: 0 PID: 20048 Comm: vivid-000-vid-c Not tainted syzkaller #0 PREEMPT(full) 
[ 1169.105680][T20048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1169.105687][T20048] Call Trace:
[ 1169.105692][T20048]  <TASK>
[ 1169.105697][T20048]  dump_stack_lvl+0x116/0x1f0
[ 1169.105711][T20048]  print_report+0xcd/0x630
[ 1169.105724][T20048]  ? __virt_addr_valid+0x81/0x610
[ 1169.105740][T20048]  ? tpg_fill_plane_buffer+0x21d2/0x43c0
[ 1169.105753][T20048]  kasan_report+0xe0/0x110
[ 1169.105766][T20048]  ? tpg_fill_plane_buffer+0x21d2/0x43c0
[ 1169.105780][T20048]  kasan_check_range+0x100/0x1b0
[ 1169.105795][T20048]  __asan_memcpy+0x3c/0x60
[ 1169.105812][T20048]  tpg_fill_plane_buffer+0x21d2/0x43c0
[ 1169.105832][T20048]  ? __pfx_vb2_vmalloc_vaddr+0x10/0x10
[ 1169.105848][T20048]  ? __pfx_tpg_fill_plane_buffer+0x10/0x10
[ 1169.105863][T20048]  vivid_fillbuff+0x8d2/0x4250
[ 1169.105876][T20048]  ? find_held_lock+0x2b/0x80
[ 1169.105890][T20048]  ? start_dl_timer+0x257/0x5e0
[ 1169.105906][T20048]  ? __pfx_vivid_fillbuff+0x10/0x10
[ 1169.105919][T20048]  ? irqentry_exit+0x3b/0x90
[ 1169.105931][T20048]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1169.105944][T20048]  ? ktime_get+0x212/0x310
[ 1169.105960][T20048]  ? ktime_get+0x221/0x310
[ 1169.105974][T20048]  ? v4l2_ctrl_request_setup+0x45e/0xa60
[ 1169.105991][T20048]  ? ktime_get+0xad/0x310
[ 1169.106007][T20048]  ? vivid_thread_vid_cap_tick+0x814/0x15d0
[ 1169.106019][T20048]  vivid_thread_vid_cap_tick+0x814/0x15d0
[ 1169.106037][T20048]  vivid_thread_vid_cap+0x454/0xda0
[ 1169.106050][T20048]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1169.106063][T20048]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1169.106075][T20048]  ? find_held_lock+0x2b/0x80
[ 1169.106089][T20048]  ? rcu_is_watching+0x12/0xc0
[ 1169.106103][T20048]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1169.106114][T20048]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1169.106125][T20048]  ? __kthread_parkme+0x19e/0x250
[ 1169.106142][T20048]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1169.106154][T20048]  kthread+0x3c5/0x780
[ 1169.106165][T20048]  ? __pfx_kthread+0x10/0x10
[ 1169.106176][T20048]  ? rcu_is_watching+0x12/0xc0
[ 1169.106189][T20048]  ? __pfx_kthread+0x10/0x10
[ 1169.106200][T20048]  ret_from_fork+0x5d7/0x6f0
[ 1169.106210][T20048]  ? __pfx_kthread+0x10/0x10
[ 1169.106221][T20048]  ret_from_fork_asm+0x1a/0x30
[ 1169.106238][T20048]  </TASK>
[ 1169.106242][T20048] 
[ 1169.330529][T20048] The buggy address belongs to a 1-page vmalloc region starting at 0xffffc900043f3000 allocated at vb2_vmalloc_alloc+0x135/0x3f0
[ 1169.343802][T20048] The buggy address belongs to the physical page:
[ 1169.350185][T20048] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88806bd3fc80 pfn:0x6bd3f
[ 1169.360222][T20048] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1169.367311][T20048] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 1169.375869][T20048] raw: ffff88806bd3fc80 0000000000000000 00000001ffffffff 0000000000000000
[ 1169.384420][T20048] page dumped because: kasan: bad access detected
[ 1169.390799][T20048] page_owner tracks the page as allocated
[ 1169.396484][T20048] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 20047, tgid 20015 (syz.3.3655), ts 1169060324225, free_ts 1169059994212
[ 1169.416008][T20048]  post_alloc_hook+0x1c0/0x230
[ 1169.420764][T20048]  get_page_from_freelist+0x132b/0x38e0
[ 1169.426287][T20048]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1169.432158][T20048]  alloc_pages_bulk_noprof+0x71c/0x1410
[ 1169.437679][T20048]  alloc_pages_bulk_mempolicy_noprof+0x244/0x1280
[ 1169.444072][T20048]  __vmalloc_node_range_noprof+0x526/0x14b0
[ 1169.449950][T20048]  vmalloc_user_noprof+0x9e/0xe0
[ 1169.454867][T20048]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1169.459785][T20048]  __vb2_queue_alloc+0x8c9/0x1280
[ 1169.464788][T20048]  vb2_core_reqbufs+0xa90/0xfe0
[ 1169.469642][T20048]  __vb2_init_fileio+0x3f1/0x1100
[ 1169.474644][T20048]  __vb2_perform_fileio+0x9c2/0x1660
[ 1169.479907][T20048]  vb2_fop_read+0x215/0x3e0
[ 1169.484385][T20048]  v4l2_read+0x229/0x360
[ 1169.488599][T20048]  vfs_read+0x1e4/0xcf0
[ 1169.492727][T20048]  ksys_read+0x12a/0x250
[ 1169.496945][T20048] page last free pid 20047 tgid 20015 stack trace:
[ 1169.503413][T20048]  __free_frozen_pages+0x7d5/0x10f0
[ 1169.508593][T20048]  kasan_populate_vmalloc+0x13d/0x1f0
[ 1169.513946][T20048]  alloc_vmap_area+0x959/0x29c0
[ 1169.518772][T20048]  __get_vm_area_node+0x1ca/0x330
[ 1169.523776][T20048]  __vmalloc_node_range_noprof+0x271/0x14b0
[ 1169.529650][T20048]  vmalloc_user_noprof+0x9e/0xe0
[ 1169.534568][T20048]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1169.539484][T20048]  __vb2_queue_alloc+0x8c9/0x1280
[ 1169.544487][T20048]  vb2_core_reqbufs+0xa90/0xfe0
[ 1169.549315][T20048]  __vb2_init_fileio+0x3f1/0x1100
[ 1169.554317][T20048]  __vb2_perform_fileio+0x9c2/0x1660
[ 1169.559579][T20048]  vb2_fop_read+0x215/0x3e0
[ 1169.564059][T20048]  v4l2_read+0x229/0x360
[ 1169.568274][T20048]  vfs_read+0x1e4/0xcf0
[ 1169.572406][T20048]  ksys_read+0x12a/0x250
[ 1169.576621][T20048]  do_syscall_64+0xcd/0x4c0
[ 1169.581101][T20048] 
[ 1169.583400][T20048] Memory state around the buggy address:
[ 1169.589008][T20048]  ffffc900043f3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1169.597045][T20048]  ffffc900043f3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1169.605079][T20048] >ffffc900043f4000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1169.613110][T20048]                    ^
[ 1169.617148][T20048]  ffffc900043f4080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1169.625181][T20048]  ffffc900043f4100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1169.633213][T20048] ==================================================================
[ 1169.681216][T20048] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1169.688431][T20048] CPU: 0 UID: 0 PID: 20048 Comm: vivid-000-vid-c Not tainted syzkaller #0 PREEMPT(full) 
[ 1169.698220][T20048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1169.708265][T20048] Call Trace:
[ 1169.711530][T20048]  <TASK>
[ 1169.714441][T20048]  dump_stack_lvl+0x3d/0x1f0
[ 1169.719021][T20048]  vpanic+0x6e8/0x7a0
[ 1169.722991][T20048]  ? __pfx_vpanic+0x10/0x10
[ 1169.727491][T20048]  ? tpg_fill_plane_buffer+0x21d2/0x43c0
[ 1169.733110][T20048]  panic+0xca/0xd0
[ 1169.736820][T20048]  ? __pfx_panic+0x10/0x10
[ 1169.741224][T20048]  ? tpg_fill_plane_buffer+0x21d2/0x43c0
[ 1169.746840][T20048]  ? preempt_schedule_common+0x44/0xc0
[ 1169.752300][T20048]  ? preempt_schedule_thunk+0x16/0x30
[ 1169.757666][T20048]  ? check_panic_on_warn+0x1f/0xb0
[ 1169.762763][T20048]  check_panic_on_warn+0xab/0xb0
[ 1169.767688][T20048]  end_report+0x107/0x170
[ 1169.771999][T20048]  kasan_report+0xee/0x110
[ 1169.776397][T20048]  ? tpg_fill_plane_buffer+0x21d2/0x43c0
[ 1169.782017][T20048]  kasan_check_range+0x100/0x1b0
[ 1169.786937][T20048]  __asan_memcpy+0x3c/0x60
[ 1169.791338][T20048]  tpg_fill_plane_buffer+0x21d2/0x43c0
[ 1169.796790][T20048]  ? __pfx_vb2_vmalloc_vaddr+0x10/0x10
[ 1169.802234][T20048]  ? __pfx_tpg_fill_plane_buffer+0x10/0x10
[ 1169.808027][T20048]  vivid_fillbuff+0x8d2/0x4250
[ 1169.812771][T20048]  ? find_held_lock+0x2b/0x80
[ 1169.817431][T20048]  ? start_dl_timer+0x257/0x5e0
[ 1169.822270][T20048]  ? __pfx_vivid_fillbuff+0x10/0x10
[ 1169.827454][T20048]  ? irqentry_exit+0x3b/0x90
[ 1169.832024][T20048]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1169.837207][T20048]  ? ktime_get+0x212/0x310
[ 1169.841609][T20048]  ? ktime_get+0x221/0x310
[ 1169.846009][T20048]  ? v4l2_ctrl_request_setup+0x45e/0xa60
[ 1169.851627][T20048]  ? ktime_get+0xad/0x310
[ 1169.855939][T20048]  ? vivid_thread_vid_cap_tick+0x814/0x15d0
[ 1169.861810][T20048]  vivid_thread_vid_cap_tick+0x814/0x15d0
[ 1169.867511][T20048]  vivid_thread_vid_cap+0x454/0xda0
[ 1169.872692][T20048]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1169.878388][T20048]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1169.883391][T20048]  ? find_held_lock+0x2b/0x80
[ 1169.888050][T20048]  ? rcu_is_watching+0x12/0xc0
[ 1169.892792][T20048]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1169.898574][T20048]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1169.903751][T20048]  ? __kthread_parkme+0x19e/0x250
[ 1169.908759][T20048]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1169.914453][T20048]  kthread+0x3c5/0x780
[ 1169.918496][T20048]  ? __pfx_kthread+0x10/0x10
[ 1169.923064][T20048]  ? rcu_is_watching+0x12/0xc0
[ 1169.927805][T20048]  ? __pfx_kthread+0x10/0x10
[ 1169.932371][T20048]  ret_from_fork+0x5d7/0x6f0
[ 1169.936937][T20048]  ? __pfx_kthread+0x10/0x10
[ 1169.941502][T20048]  ret_from_fork_asm+0x1a/0x30
[ 1169.946250][T20048]  </TASK>
[ 1169.949447][T20048] Kernel Offset: disabled
[ 1169.953742][T20048] Rebooting in 86400 seconds..