last executing test programs:

3m5.088222589s ago: executing program 0 (id=686):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000001000000bfa30000000070000703000000feffff720af0fff8ffffff71a4f0ff000000003f040000000000002d400300000000006504000001ed00007b130000000000006c440000000000007b0a00fe000000007b13000000000000b5000000000000009500000000000000023bc865b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a621a464a3778433e6e393002e7f3be361957adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9aa0d7d600c095090000100000000031eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7005005b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fc152b7b9da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33290933896a59ff61622cfd9aa58fe8d485f062ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18ec0ae564162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed415561c459565b1cd17572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7c00007502c7596566d674e425da5e87e59602a9f6590521d31d381eb3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2e454da0c052427d14c37960242b104e20dc2d9b0c3567aea26454a47b0f0797a7308d402ccdd9069bd50b994fda7a9de54022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c53c18294270a1ad10c80fef7c24b78b4ad83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca57138000b4ead35a385e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae037f27feeb744ddcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0602a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844cea001ddeb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e078b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1bb5916b9671b7000000000040f4bee5ad2dea2d070095265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879c8e7dc00624726042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b25393f7536bcda9f64b7c5640bf89d4a74d51dc233dee628c1dfbb55669f84784174b34eb234481547e484c6af101396b6977dd668b401391c1d2e242edccf1cabe6be9868d383ebf1db5aee9b73e92bb82c164ab14bb25189817742e054886ed6d7abbacf6319f3c050e7d53df64633eafcb64291b81188fab69b5a06fe029ce46c5cac1bb1ea8ea98aee207fa4c9618a9ce80bd8b530f4b9ba8860bf1e887ec670312ef0502e3d0a0e30dbaf38c042b7fd207c61e6b73d3b61d194acb4bf4d3e0187d62ee27cbee175eb2312209f68747eeeea30c1634d54799f42753df8e7462c6f5331ea8e56b5c4a373dfe9f111d0206f4e90f71c03bc24960dd84345e59e1289d47a929158babfb331f27370928198d2cd367e928e98c54c67b6382cb958fec947d2ece3695755bc71d55a84bb0a0da43cb9f526a20566e9d00cf9fe6be3adf3e0a05771d66664239d199ce84aa7f684c0ce4c342a85d654624736a3b9b067e2bd298ae8a2527ce59fba9448b13655281431335496da08ac626fe0b57ebb4ad0b9495a183587108b4308bc68eeca9062873703ed0ee726a7867436e01dcd6edf1583e7e17043afda8f46fdd688d461125d724404a310"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffdbb, 0x0, 0xffffffffffffffff, 0xffb9, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

3m4.791273788s ago: executing program 0 (id=688):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
syz_open_procfs(r0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x2f)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4, 0x0, 0x0, 0xd0ff}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x0, 0xfed, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

3m3.652236962s ago: executing program 0 (id=691):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
syz_io_uring_setup(0x23d, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x19)
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1, 0x0, 0xc3}, 0x0)

3m3.499906763s ago: executing program 0 (id=693):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000031201001c0012800b00010062726964676500000c0002800600270020000000cccad7015ada3bd89e87c0fb98df1a9c2289e85918c1ee88a72579f761b4ec7b8effc2253628f7f0eda7fda262a0ffcd89da51fb23cebe135261a610793ae83b4617809308d1d4b18f4d051df61449326d461e7fd7029c101bc0144a31b2351f809b435a71804c88f405aa48b035c7a8f4c7d1c77d28f5a02da48ea48b8b8c6c190d21375b96283d9dc60405e7658cab720d86ab60c45b2c646c16d5d6"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x7, &(0x7f0000387000/0x2000)=nil)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1be)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001040)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f00000001c0)={0x30, r1, 0x1, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x30}}, 0x20000804)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r6 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x6d33, 0x10000, 0x1, 0x4000000})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}, {0x24, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x18}, @NFTA_REJECT_TYPE={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa8}}, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x31001, 0x0)
r7 = getpid()
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x2205080, 0x0)
r8 = syz_pidfd_open(r7, 0x0)
setns(r8, 0x24020000)

3m1.836243445s ago: executing program 0 (id=697):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000000)=""/84, 0x0, 0x8080000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
socket(0x1e, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$l2tp6(0xa, 0x2, 0x73)
listen(r1, 0x9)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000000)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000300)={0x0, 0x8000}, 0x4)
setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0x13, 0x0, 0x2)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x46032, 0xffffffffffffffff, 0x0)
sendmmsg(r2, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
close(0x4)
shmctl$SHM_INFO(0x0, 0xe, 0x0)

3m1.56516788s ago: executing program 0 (id=700):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040bd28050900000000000109022400010000000009040200010300000009210000000122050009058103"], 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x7c, &(0x7f0000000480)=ANY=[@ANYBLOB="120100000200001c332860a440000102030109026a00020106d0020904000001020d000008240600012c995805240000000d240f0104020000000000800906241af80c2607240afa07c41557b22a972063d2097e802c1d425807042402b8090581031000810e030904010000020d00000904010102020d000009058202200040006209050302ff0308047f"], &(0x7f0000000400)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x8, 0x54, 0x6, 0x40, 0xa}, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="050fff0100001d6c79eb89a1"], 0x5, [{0x0, 0x0}, {0x18, &(0x7f0000000200)=ANY=[@ANYBLOB="18ee543cf61249f306879714bfcc951d4471b609897269b6"]}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xc07}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x814}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x4ff}}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x5f7f, 0x3, 0x3}, 0x18, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, 0x0, 0x8db93d1c3839aadb)
landlock_restrict_self(r0, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x5, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000006c0)={&(0x7f0000000540)=[0x0], &(0x7f0000000580)=[0x0], &(0x7f0000000640), &(0x7f0000000680), 0x1, 0x1})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="02c9000c00080005"], 0x11)
syz_open_dev$vbi(0x0, 0x1, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
ioctl$RTC_AIE_ON(r3, 0x7001)
ioctl$RTC_UIE_ON(r3, 0x7003)
syz_open_dev$video4linux(0x0, 0x5, 0x200)
io_uring_setup(0x1694, &(0x7f0000000280)={0x0, 0x800001, 0x200, 0x0, 0x5})

3m1.167079048s ago: executing program 32 (id=700):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040bd28050900000000000109022400010000000009040200010300000009210000000122050009058103"], 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x7c, &(0x7f0000000480)=ANY=[@ANYBLOB="120100000200001c332860a440000102030109026a00020106d0020904000001020d000008240600012c995805240000000d240f0104020000000000800906241af80c2607240afa07c41557b22a972063d2097e802c1d425807042402b8090581031000810e030904010000020d00000904010102020d000009058202200040006209050302ff0308047f"], &(0x7f0000000400)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x8, 0x54, 0x6, 0x40, 0xa}, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="050fff0100001d6c79eb89a1"], 0x5, [{0x0, 0x0}, {0x18, &(0x7f0000000200)=ANY=[@ANYBLOB="18ee543cf61249f306879714bfcc951d4471b609897269b6"]}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xc07}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x814}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x4ff}}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x5f7f, 0x3, 0x3}, 0x18, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, 0x0, 0x8db93d1c3839aadb)
landlock_restrict_self(r0, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x5, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000006c0)={&(0x7f0000000540)=[0x0], &(0x7f0000000580)=[0x0], &(0x7f0000000640), &(0x7f0000000680), 0x1, 0x1})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="02c9000c00080005"], 0x11)
syz_open_dev$vbi(0x0, 0x1, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
ioctl$RTC_AIE_ON(r3, 0x7001)
ioctl$RTC_UIE_ON(r3, 0x7003)
syz_open_dev$video4linux(0x0, 0x5, 0x200)
io_uring_setup(0x1694, &(0x7f0000000280)={0x0, 0x800001, 0x200, 0x0, 0x5})

2m41.112374359s ago: executing program 1 (id=793):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)

2m41.036264214s ago: executing program 1 (id=794):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x56, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
brk(0x400000ffc020)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={0x0, 0xffffffffffffff53, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000440)={r7, 0x800000, 0x0, 0x0, 0x0, [], [0x0, 0x0, 0x0, 0xffffffff], [0x1000, 0x0, 0x0, 0xfffffffc], [0x1, 0x7]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000000))
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

2m39.837720049s ago: executing program 1 (id=797):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close(0x4)
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = syz_io_uring_setup(0x8d2, 0x0, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
r5 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b900000000109021200"], 0x0)
syz_usb_control_io$cdc_ecm(r5, 0x0, 0x0)
r6 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
preadv(r6, &(0x7f0000001980)=[{&(0x7f00000000c0)=""/108, 0x6c}, {0x0}], 0x2, 0x8000, 0x10001)

2m36.087030922s ago: executing program 1 (id=813):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWSET={0x1c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}]}, @NFT_MSG_NEWSETELEM={0x24, 0xc, 0xa, 0x101, 0x6000, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0)

2m35.884294709s ago: executing program 1 (id=814):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040bd28050900000000000109022400010000000009040200010300000009210000000122050009058103"], 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x7c, &(0x7f0000000480)=ANY=[@ANYBLOB="120100000200001c332860a440000102030109026a00020106d0020904000001020d000008240600012c995805240000000d240f0104020000000000800906241af80c2607240afa07c41557b22a972063d2097e802c1d425807042402b8090581031000810e030904010000020d00000904010102020d000009058202200040006209050302ff0308047f"], &(0x7f0000000400)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x8, 0x54, 0x6, 0x40, 0xa}, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000f600000000000000"]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x5f7f, 0x3, 0x3}, 0x18, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, 0x0, 0x8db93d1c3839aadb)
landlock_restrict_self(r0, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000006c0)={&(0x7f0000000540)=[0x0], &(0x7f0000000580)=[0x0], &(0x7f0000000640), &(0x7f0000000680), 0x1, 0x1})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="02c9000c00080005"], 0x11)
syz_open_dev$vbi(0x0, 0x1, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
ioctl$RTC_AIE_ON(r3, 0x7001)
ioctl$RTC_UIE_ON(r3, 0x7003)
syz_open_dev$video4linux(0x0, 0x5, 0x200)
io_uring_setup(0x1694, &(0x7f0000000280)={0x0, 0x800003, 0x2, 0x0, 0x28d})

2m31.690021482s ago: executing program 1 (id=829):
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61)
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
socket(0x2, 0x1, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r2)
ioctl$NBD_DO_IT(r1, 0xab03)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x6)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x3)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)

2m16.169285109s ago: executing program 33 (id=829):
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61)
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
socket(0x2, 0x1, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r2)
ioctl$NBD_DO_IT(r1, 0xab03)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x6)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x3)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)

20.972109677s ago: executing program 5 (id=1357):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x401}, @NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0xfffffffffffffff7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x24000880}, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r4}, &(0x7f0000000800), &(0x7f0000000840)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={r3, 0x3, 0x6, @multicast}, 0x10)
syz_open_dev$sg(&(0x7f0000000540), 0x0, 0x189080)

20.323734074s ago: executing program 5 (id=1360):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, r3, 0x0, <r4=>0x0, 0x0, <r5=>0x0})
clock_gettime(0x0, &(0x7f0000000240))
timer_create(0x3, 0x0, &(0x7f0000000100)=<r6=>0x0)
timer_gettime(r6, &(0x7f00000006c0))
clock_gettime(0x4, &(0x7f0000000300)={<r7=>0x0, <r8=>0x0})
timer_settime(r1, 0x0, &(0x7f00000002c0)={{0x77359400}, {r7, r8+10000000}}, 0x0)
r9 = msgget$private(0x0, 0x214)
r10 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_S_OUTPUT(r10, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r10, 0xc0845657, &(0x7f0000000380)={0x0, @reserved})
msgsnd(0x0, &(0x7f0000006f80)=ANY=[@ANYBLOB="00000000ff010000"], 0x8, 0x800)
msgsnd(r9, &(0x7f0000000100)=ANY=[@ANYRES16=r1, @ANYBLOB="17bb2c422bacea445720a611c9e1baa2", @ANYRESHEX, @ANYRES64=r5, @ANYRES32=r4, @ANYRES64=r9, @ANYRESDEC=r4, @ANYRESOCT=r9, @ANYBLOB="521acf70bbe57858caa9153528ba2b566968c0bc1342d67919f991ff16a4dc51b99b1570710efe3cb78ccfbe1983fc4bc9e97e1686a46d0949b448ce488d6365ddb92afe26388eb20e043edf99b0d459b687a7e3d20df14ef9e9d64809d1f9b6a253281483c480c79496bc534c2f055338d095850ab572ada178bc320f2412de1b4f0741ee967aeb5ba15b375c9ff6ae5ca63bd7977e40080f37a452cca5887b18d1e3bc3e97aae5cdb31b6d06331f68ba197fc1ca530731b53e5e114c147199c2a359ee398ff0c6", @ANYRESDEC=r0], 0x401, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000fcebe44047053e686f430102000008441300"/36], 0x0)

16.37745933s ago: executing program 5 (id=1377):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100))
r0 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlinkat(r0, &(0x7f0000000000)='./file1\x00', 0x0)
unlink(&(0x7f0000000040)='./file1\x00')
open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x0)

15.97265729s ago: executing program 5 (id=1380):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x1000, 0x34325842, 0x500, 0x2d0, 0x0, @discrete={0x7, 0x4}})
r0 = syz_io_uring_setup(0x5126, &(0x7f0000000080)={0x0, 0xe535, 0x1000, 0x0, 0x161}, &(0x7f0000000240), &(0x7f0000000100))
setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000180)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs$userns(0x0, &(0x7f0000000340))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
kexec_load(0xf5, 0x0, &(0x7f0000000b80), 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000070511911000000", @ANYRES32=0x0, @ANYBLOB='\a\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x4d, 0x0, &(0x7f0000cab000)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x17, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000006100f4ff00000000bf91000000000000b5020000000000008500000001000000b7000000000000009500"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$UHID_CREATE2(r2, &(0x7f00000000c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f0000000040)={0xffffff01, 0x3}, 0x1)
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0)
mkdir(&(0x7f0000000140)='./file1\x00', 0x1a0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x0, 0x1, 0x2000200000a95e, 0x7, 0x9, 0x1, 0x48cd, 0x0, 0x800000df})
r5 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x1812c1, 0x0)
fchown(r5, 0xee01, 0x0)

15.018940741s ago: executing program 5 (id=1385):
syz_emit_ethernet(0x22, &(0x7f0000000380)={@multicast, @empty, @void, {@ipv4={0x88fb, @generic={{0x5, 0x4, 0x1, 0x16, 0x14, 0x64, 0x0, 0x2, 0x6c, 0x0, @broadcast, @multicast2}}}}}, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x204}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}]}}}]}, 0x3c}}, 0x0) (async, rerun: 32)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 32)
write$binfmt_script(r1, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) (async)
r2 = socket$packet(0x11, 0x3, 0x300) (async)
unshare(0x26020480)
setsockopt$packet_int(r2, 0x107, 0x17, &(0x7f0000000080)=0x1, 0x4) (async, rerun: 32)
r3 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='mpol=prefer:0'])
r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x101000, 0x0, 0x22}, 0x18)
mknodat$null(r5, &(0x7f00000000c0)='./file0\x00', 0x2, 0x103)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@bridge_delneigh={0x30, 0x1c, 0x1, 0x3, 0x25dedbfb, {0x7, 0x0, 0x0, r6, 0x20, 0xc, 0x3}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}}, @NDA_VLAN={0x4, 0x5, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x2404c011}, 0x40c0) (async)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000000)=0xfffffffe, 0x4)

14.708112749s ago: executing program 5 (id=1387):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
r2 = eventfd2(0x58, 0x80000)
io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000000)=r2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r6)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x3e44, 0x8, 0x0, 0x0)

14.127476654s ago: executing program 34 (id=1387):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
r2 = eventfd2(0x58, 0x80000)
io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000000)=r2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r6)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x3e44, 0x8, 0x0, 0x0)

10.995868085s ago: executing program 3 (id=1400):
r0 = io_uring_setup(0x3637, &(0x7f0000000000)={0x0, 0xb528, 0x2, 0x1, 0x275})
io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, &(0x7f0000000080)={0x3}, 0x0)
fsetxattr$security_ima(r0, &(0x7f00000000c0), &(0x7f0000000100)=@ng={0x4, 0x12, "43f266372cfc3fa4b7a55aa7"}, 0xe, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r1=>r0, {0x800}}, './file0\x00'})
write$binfmt_format(r1, &(0x7f0000000180)='-1\x00', 0x3)
r2 = syz_usb_connect$hid(0x3, 0x3f, &(0x7f00000001c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x56a, 0x323, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x4, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x7, {0x9, 0x21, 0x81, 0x1, 0x1, {0x22, 0x6f3}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x1, 0x1}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x9, 0xf, 0x51}}]}}}]}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x101, 0xb, 0x18, 0x7, 0xff, 0x9}, 0x29, &(0x7f0000000240)={0x5, 0xf, 0x29, 0x1, [@ssp_cap={0x24, 0x10, 0xa, 0x20, 0x6, 0x5, 0xf00f, 0x3, [0x3f30, 0x0, 0xff00ff, 0x30, 0xdf80, 0xf]}]}, 0x6, [{0xe9, &(0x7f0000000280)=@string={0xe9, 0x3, "d2e6cd82d0164746770a0d7da10f44b4bacef7e107c7670917df820f6018df6dc584b26023732d59f442f0f0b82b021ee515653176f9bbae66b18bb46c692237312d23dfb769ebb791eed142a029c1fb3740313d0d1a1225849b810d687e9bba0e5db295533a146f9d0656684ba44e938016154fa614bd8e2edddcf8bcb5cfd9928a012a5c7e2d6306483a5c62bb9970bb4a5846c7495c61dfcc5ebbdb5e74a4bbdd9899e74e03921367d8207f03994bfd2b6a65ac9f1e735b1909d683d55a350b9d857b7becaf4a17dd17792d1a51535ffedfe0ae237f84794189f5fdd0b487dc21c5cebfd3a7"}}, {0xb4, &(0x7f0000000380)=@string={0xb4, 0x3, "c9267b8b4fe83222ad8c129bb38469521216dfd69be03dadfbec47dff9f029ed3c5a9177e13708ef773c3be4a9f3a5fa0ae0351e267501f8dc0530ea1c0328e8bf6d977ad69d59cdb17cf404c3a21692d0fdab58b9d59d2f478173c8131823be6ba7286741577a78c0424b54c3d3e577a46a347055ac1dc1e768e6f982b36dd2fb0c5b4616eabd2738c1df492545bdbb31c363e4d60adc181aa7942a435a6f67ab888992fead75efc0b9f998d45ae6aa4dff"}}, {0x38, &(0x7f0000000440)=@string={0x38, 0x3, "9d30cf41a0ff60d54152101d5ad590e270d5fe4a89e9c265a4502b6061cc77c7dee20b91a0ae638405dd069aad454d1d4a06ac3f4804"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x83e}}, {0x76, &(0x7f00000004c0)=@string={0x76, 0x3, "ef4e60ae8a8c7c424600067819ea9f743dd41a2af180796c1a66aa0faab52b3b171bb3f6a4f65f298079d84511ff5a2ddeec07833929fa49a1c84ca44ca05a728f297ba4569c766852d2652a256fa1983c33105b6b85df5aa8f66d7d41a90351d569eaf430e803af9855012fb53254696a91e5bf"}}, {0xf2, &(0x7f0000000540)=@string={0xf2, 0x3, "3d3bb518171c5c392824fc49d68a92cbcee06319b3afe82b23a4fec9afcff01062357d3314ebc90c9a9c1d4aacee383d6836ae735dc581caeb700d8f14624390f4e523d315abc0c32cd054a629a5b12ac32b284b77c1a06adab9db3dea53c684fb574fbb8fb815e4ee950529385ef986c9bb0c9bd0aef44c8edd2d881f4e2edc4160fd99bb6a86d8d81e75622a6dab0bd80d28c63d56f1cd23479427f8e7ee5c0fa5bbe2d68e8e5a52d66e0278f4138cd3f38729124301286781815f96c369ba4289505c1a6c3566cb64678270e8731227b8417abe9ef4b9706e092ac8d621efa9dbc763fbdaf67dba0101cf2f12e786"}}]})
syz_usb_control_io$hid(r2, &(0x7f00000008c0)={0x24, &(0x7f00000006c0)={0x0, 0x8, 0xe1, {0xe1, 0x23, "68170e8bcd34a7178dd206601aad6b2b770faa8ffe9342179c3984bb338671c8eb444ed2d65d2c1b8004f999ebf3394bf5eacb8fc26665684e9a3eb0b1db53fa06ab1fb67f56671bb88e03dc765bb4b251cafb7dec183ea59197f27e6884103bcf927fe7164d879ca04324e3d679f1ce535b16d6cfffa116cdc60882843f4484edcfffb584ff29a6f7d41c4992894ba80c86234d69344dc7df2e5cc34205f1835a286b71ef796b5416d5c7f848c39e61b6d83dac1e71ca27d4b88c61b67830241fe78bdfbbc807498d12004427eebf1f8feb0960ba53b1d110a7cb757946de"}}, &(0x7f00000007c0)={0x0, 0x3, 0x41, @string={0x41, 0x3, "77e307d01d93b7451867efb054e14d9a4e3452d52cf250a87e01ec0869694924080f0738eebc6d66f51c01f1307a1669b9ac21ae9ac6fb01aabc75b8cfc3b0"}}, &(0x7f0000000840)={0x0, 0x22, 0xa, {[@global=@item_012={0x1, 0x1, 0x9, 'X'}, @global=@item_4={0x3, 0x1, 0x7, "77eb89d9"}, @main=@item_012={0x2, 0x0, 0x0, "cfe0"}]}}, &(0x7f0000000880)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x40, 0x1, {0x22, 0x66f}}}}, &(0x7f0000000b40)={0x2c, &(0x7f0000000900)={0x40, 0xb, 0x93, "57b6153d3bee6821854937657354834167133af18665501314f338af6f026747dfe26a9cbf6079b441bfec75f2f84b95807f706f36350c3760da866f6e7c2131e4119504a16e09d30ded053119ced1e90cdbca33469101298d7c431bed1c459152900d06d0510d1785e880343dc0ef967f2c49a534d1ac612f21684ebdb94b559039927126343a147680515306517955ed9d9b"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000a00)={0x0, 0x8, 0x1, 0xa}, &(0x7f0000000a40)={0x20, 0x1, 0xa9, "0ac1d7a4e6633552f474327cad4a4d70918997857fd72037a6514d4be64bd0841088310aaf6f14d274b7328d61a4be72fdc5e884c8f7eacd611f39eeebaa6e2613920ca6fe705f53eea839c2048dbb658fe7c7644a1ec979359a6c3847aaa8c7007620e19aca6d8bdf0e7874f9e5eaf92cd9747323550bbaff51b8a35617c53f56728a5eeaff082c84a55acdf60a4648d3ea599f2a661c13e77b9d170115d7e78b27c538e9adbb8e38"}, &(0x7f0000000b00)={0x20, 0x3, 0x1, 0x7}})
r3 = socket$netlink(0x10, 0x3, 0x4)
sendmsg$xdp(r1, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000000b80)="e4ff076e126e49331c60523223d496598f9cc52c05220dbfa51b7e55f09d09eef6f3b86d115b43dc98bfc48659515590fd567c72d5ae2fbdea456608ef4171bf0ec3694089c383cfd78d4dc0c8de7a64069ddc6676135bbd5b681254b91e9c98c9a6c5e056353c57aba19e81562130fc8028b5f25eafb52d5cd988c6421a59a0cae15fd97db60087883adec1fb40845d4f7c724c5c581282e60d9dc29d7ea334ca3f3aca6a651483a20157c9769b3d1be34586e243aed22979fa74a7b8e8cb4a6e47db6491f3626c94c12a567ccd5e1437df93f1d24ddcee9cd7a217983069dce18bb04d6811377b8b21febf35666074f8086152f8032a20cf55333a8b2afe5ae6d173f8719485eeb5cc3a4be9cb249dcad838b7de15d69113ffcbeef1834e4b9b4f883a1ffd6da33f258bed8b26aa414ed07a28dc8e7d74c1aa55c928c85a299eeb5cae8ca48018c9c60f994f81429a4d8b07842ea5091421679b54901aeb92eaef1d11a33603f13d87b2b8898bcbfdc7eb0f149d0f8192e7e53310a78a5b4573007a09f9b0280b1bfa74b3623a30d4456c086c840fe170637ddbe883d3e46bc184cf66c08ed4bfcc337d2f4c3503230ceb77e01bb8b0fbce72866752a7a6ec8bf718fa9a763b34ce376c716ca16d934158153d83cbe14e1602e83ee989735c859732829a0c0fe17b583d32fe6095b3faaa04e5e7d44a7f2534e9ff355548fb3f6693406170782406ba4f6013009d22aff28b73492938db067b0c90be742a0e9dd204bc5c38e3cc9b59479ed84b2379b1b76370b5bd156fb8160d1714515e93ef0a5fb2e915061c92befa905f6129e16530e89cb038f139182329756dda37279a55fa19f277d82575739abe2927737b2eaf1c2333b1f6a90dbbdda256927ac2f18058216fe1ec1a51ab6b8d61fd1b599bf0724fb8296d1350820264f4d4f93f97afac922f08dfb8fdb03ea4c7fe37eb089dea467a1c4b3028df87374ee8cecdcad1cccd16580f5c9c6df3dc8982a3261540ea76aa50a4980d56feaf8cc5413874a03292f384526988f5c4e37e6de6c3d9f7e48edaac8ef5ef191adbb0a29560f335756f4bfc57ec807dfd5f9b72712b41c549d7ee339af21e7a610749de4a0b698a561d66ab96cc9d30d2885d1c8862ed30c4d70a392680a43d71e0cf422705046205cb81ed38a191b7d6427d75c5579c505d57b61435d572c6f886ba5dbb10b3d92859313527a705536f1341927802ffd20cd82fc809ec2440628b4277720ecab7e93b21a15435ce98a968c900d4c8926ba934afec55aec4a6749455bc26b944f89efef4384137d95f1c52e5376e47cb9e33db37391d011f9905cebeb39021db26af8e7d7d0d89b8da9810c319e696b9dae66add97eaf641d07e9b67e4c71627904ae427d35bbf92820960e9bd9a87a47d0cb7a2d4f4b5e764de48b662d9a748a85da41caf6b5b296c486710b4c5a14c6a159127fbf7265f07e55007415ffc2359bfe34d2a6768298bebcea8b6728c637fc8dae847faaccf856ebb12d1790df920b35ee4191ba2d8e26f704064f522b00948eda0cb6c5dd57ab60c98c67105be2f91bec82f383c90c1260b8657806a023f4c728369112d2211e32d876ba115d5048f68101295a4456cdf3bd766f124c62d279ff836100d4cdbafbeba2894c3d3f21e924ab509e86cbf36d4f57f9e8cea2c944f37e6715a5b03d58a2c1d5e089cc5b82553105f9275b9572ef5322ebfd0f749e24073261a45957defa33ddbd71611fb554bcab23ca2ad5de098823e630799e0030d94e6ab4294e6fe34e3fc3136510f3cbf828cf2662609a546ed4ee14532eed8c068e0933bb1a49650de82907318382cea3658939453e46ed2aa68753d0ed06a33f2c275bf283a7794e9efe72c9611bb5f3ab183a29369ec28f9945205ddae8e0a730f0abbf3bd2012d5c5e958257893e9f8b8ecdbd2da517f0af1b2ca070780f1622157b6f2c86fead163eaf5595cb31d1935af5df49a414a10cd8e4599dc99a237923ae1b74cae7dff6bf586ccf9a98c30d7a1c4231e2d34807f30143149d4a7808b7bae6545f132b08f51651386c6855e8d77adca16161ca41f5edba89de7ee5cfc83d3d74599a66841f976ba326b8494a8f5b3eefe47ef78066e43c046ab42a17876e21741b39dbf3c825ba698d43b4fccc00b5ee7cc35a32ac7cf692c4776dc83ac8b6bf4c759d70f2908f4c16b55cef2996ed4c167b036743b6a598315c3d42c996413ef4b529ac18f0588f2f73d8eb154f7c98824342e709365394db49054f099e780db1f4f01a0dcfb6282cb3d76ce3977045acdd5d87711546db79f8fe11f18f4c022e193df07150c8aea55aa59cb4be2a2c071265d5dc769bd3445fa18c60534ccafac12c41ec7aef8f8c0b3bdda6b1c50278c1373211bfecfb99a75f88ead1c7a30b6f3a5853d60a6ef1104e0bc1c3cd571cb49b21b9290b185092f968cb08991f89e82bdb9f4626a11aef9840042f0b2121cff978c07279e592aa195a2f5d063adb86f843bd960615390614b89e53619eb37323b4b26aff0f5d0baadaa27c3e0e813e994acc78c878f8057d56ff866e39aeafa8896e02052d701de7ce9372eecc365a48c0e8b4d66afcedf7511cf47c2f388ce91fdc928e58b008c243af3e9dec7bd083160a7e575760c361c4756bff026220d9ee3e60fea3b43341e0a0aea1b9baaac5768ea2a8c99a1d6e775b46cd82ef58cfb544424ddf41e476cce8b731d19555b15448a5d7b79937fac9b68989db8d8a5a71623a45d860233c3c7965ed9713962d85c7a417662a2922ee5697ff6ccafc1e5584f456726e1742537720e05445c9cad9c11ecec65a3236546e9a524d243ae4f4cff8e3e04b3e58cbee2f93c618f1b6b8d13d32148e55b79376619ef90e138eeb4500baa36fa10ecc7384a7b0b1de8c28cb03a36b67b2f482558f1daf705b808f288702a6f7edc545942cfac7d41523b810d9a53bd5c9687719d252d33b3deaafb514c9311f26f57ecf3e6897590470b13596fc1b9c74f58e54552d0aafd6033f82f1012bcede9b9c9d2c2b4b87ff91cc8ebdbd156901126b779deac834be12193d243ada15d760381d9c75b24818f4e8a59cd16d532acf9c1c554fb424e83cca9aac4ab2f09e7704682e874bd07da468412862728c47902fc3e9ab9a64612d9eab1e7f816f284b247d929a2d75f8fc8fb65d92fbdd13b3f701a15cf776bb9f97405ce20325fbbe96a7ab655d1e507cd16fbf886ffb771c0f7da3320c974033d868ce28dbbbedee92653e149a58387bd2c14f6fbbb3adbcc08040dbc4654cf03541d62bf3fe611bbf8aee9ea7979c371fd55f281d96802dc9649f5e2c87dd9df42a9acf37d5ff1387d4200d3e5a2371a845cb39f23723ef93d220dd1c0a8cc9232c34964917374f97fa9263be493910dfa85b7a09214c259b12fb65d9eb3078ffde83eb3d3350dfb5de665a21128d7eface038f37c81d387d2c89bbbe3f2128d17b33f59166257e7edaaa41bb94a7fe3738e1f3ab765262ec606730f96caa6be2d94fcc16a5de3830ce65a3564539d7ac4143d8199ecd9f966b3b15898645ae30d1f42ce4d053e09cae3382e24d280fe84d28048b4b10c565103186e2e778c1ef0bb597f89327b385655b3a45a2c4d60b8c70345304eecc352a64aadf96768df0c717c1ddc305f123f170a5218e3016c14400ac762634c58a59ed3bc2d28c910718c94f735bff4c0be90855672e4e866f216caf4d9d9d9289e963190b41e91eb6a8f06e99a345f0532879e18eea86a59436cf900dfc1bc995271831e409c9c84956ab0261e6e681b9b81dc339ef1ee899d973cfb0f69bd7e9883139955efd3d341f8744ae5ecd9c07bb851114c2bfd26e68674f82066ba3c2d3f7b4e191a7d781384a0db28a11fef0189ba2c8e90e76eaa096653527b839afceb92de804574314d08c1dfdf0fef5ad22e0fd5d927b2e43dda351800fafeffcf1fdf7a7da89e29a8487db0519b2253d93a78d67609be113076e2824403347777f00f5aea6d0537119fc01938b400339d7c49210d882f6444e6a139ee1870cf2d54e681bdd2dd7672e3613c271d4cb7d25bf3a4a134f5df0b691393afa67fec9af2b04fcb75226ef3d5a385b2b7c2ff7c80e0d7143bdbbeff618ac124750167093f43e46dbeabbf76a62b39e7f17cb4483b5bfc98040e9ad988ec8a8f204bff659163a4b078d03132498bba5a00a23ac09856f93c8d0a572ff49898bc23e516e3888911b918be30e92feb066c94603ae5537a5fe2aa2778fdcb2432f0eafad11fb8e659df9620e456e8bc39885f77e080628ea4065835211286fb3e60b397c2236de9f2c8ebb5c9977c334c7a58e1ecaa733b98c5fc8c12b8c783351678cae8594d490fa11cc7eba52d384cdf2786415dd22673ad88e8ca4c4e21590611ad66e74fd4e286676c3c8387b4ef3e2c213ab365830b543dd06148f32b15ee34749dbbebca221c2e52e59a65e89cc62adfd5424e960b7b19d5da36f61bd3d39f7a15a6c62dd93e7d1be82f7c7e67f28387417e14915cc86f2bc000806e8e9c344a21531bf7882461147f266e7f214984e10a8feae8d58999dfc247fc3d6493332940d1f2290a17ce7874e735dd32cc1b28179e81a178ba2471019ce330cbc7282eb2ac6972bbfc7f2fbce3aef243a158069652fceb844ace1fbd7c93e3cba345dd106494fce494d92c761a86d0e02a3a73127a747f351ec6119b500c7554b234950f2b26c254b24375a09658a3abd63568cc71147ad89f888a71f50b818ac862c2832defb0a7b822b935d20e2e0169f66c7f94f625ad0a384ca917b89fb5e93d2cf05a92e000b3f36779aac5a37db010874dd833c1402bda3f835c7de72ca0fba157c651a880788151e67af60f5387d4d31891f0e83a626de15fced1b56d7f6253b49565954f2ea6e59da461bc96ace8eb1d7d46c099bd1a4020e83a012fc8c9707cfc403ab44bac07d298eb82f01b5533a6c1b1c93d46f28c78d672f702a7ce833257e2660f3766e4e8a8c81c18bd43dd76ed07660abf0a1a0944cf388164ec576b28b6a09cfd1aff5206074d3ecc45809ea8ba8d39719e305b6ab21f8d040f50579b0486384edcf6facb3b12e2e8126f7b62a685a4ffd9bb736bbb8b9395d1078884576d596fbf6de15ab14509e93f4343e6bb94b600ee43ccbcce4c8eb400b890ed7ee9ee99bf01e3264b05190dcb29d764952aa6fd40051f402dfab9f57bf8e09a2242625df3c6e5b194c9c654263cff29ecc55609604b9d359c501665353bba6766d26ea2ceaa64e783c0f49aa19c061a1970ea8cff072d90d076abca2086a6084769dcc710ffdb85d1d7c759a79fb3ca924bb5cd20873ec8b3bf568f966ada6cee8b07bb61dbbcf454dae9852f0f0246e93e2e7e6226e4681656b94c07653092e5908b6bd3894177c4f1820545f6e656108c2a35dcdd474f446ce072f6865190d2c4a407ea12189048e4eba92d27eed83d7d405dc0de93defc07da0b16c51be4d56182242e969f215efe2cec9b675a8470dcb8278f7dea743e7de84fc74fa7d7e29f28902c645d528daf76c8281333056cb407b4aa5a51f09b9fb84ea3da55fd26e9dce972e09b78e4d8d0ef5d486af414fbe2ebe864bbf1321e912916aa6aefda937d78c3961eac639dba0cd2b4d0b08c14dca6ee77c21d8638a931c692f798fa1a24ddf478b1f3344d27bb526e5fdaca8794b706935c596cfd77c2fbff65047313c4361f070235d807462a62aefccb5529ed759cc1aa8daa", 0x1000}, {&(0x7f0000001b80)="d9e3a567dc386dd463ffcb4525ad03a23824e277537e4da5acf3717b78f3ba4c76c1f32690c5d7d73dae7532d2358735a69c47035a100b979362e88b874a8cba2d5f7ed03e4cb4a641a886", 0x4b}], 0x2, 0x0, 0x0, 0x20004000}, 0x4)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001c80)=<r4=>0x0)
getpgrp(r4)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001d00)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000001dc0)={&(0x7f0000001cc0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001d80)={&(0x7f0000001d40)={0x3c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x2fd}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x8}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000004)
ioctl$AUTOFS_IOC_FAIL(r3, 0x9361, 0x1)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000001e00)={<r6=>0x0, 0x2, 0x7, 0xb, 0x1, 0x6}, &(0x7f0000001e40)=0x14)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000001e80)={r6, 0x6, 0xf8, "5e7c7629f228c41ea08109368f62cb6c724f573d6571d0bbc92fa6680f6cca16cd25119db2b460cc83192098b3d64af4157faea061dde5a8102b5da09d4f42b6b06e31c85ea2ef40b421f6ca260922fbd9d91817f45dc4e0ad0857ecb5cc02c3c23e832194dd899e90d903125d04ef174c4407ab563064090951693d9f1a96fa1e433efdea1f8bcf21153073c6ab21bfd019e2e09c6fbb7acef8670f03a22f59f6fac239acdbeeea50b19a1c75a08a8a457e8c9db7bedea1eb1e281e7dfe19cdec39dc7710b45d68486ae903e54742e0bba0699f3b3ffb3e3035cea3787a6bba33e21e2f66f7d0238ddf79f9d9fca3b9e48e84c4e9e48cc9"}, 0x100)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001f80), 0x60004, 0x0)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000001fc0)={0x1, 0x100, 0x10000})
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000002080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x5e8, 0xf0, 0x1c0, 0x2d8, 0x0, 0x420, 0x518, 0x518, 0x518, 0x518, 0x518, 0x6, &(0x7f0000002000), {[{{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@rand_addr=0x64010102, @ipv6=@mcast1, 0x27, 0x37, 0x80}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @remote, [0xffffffff, 0xffffff00, 0xffffff00], [0x0, 0xff, 0xffffff00], 'veth1_virt_wifi\x00', 'dvmrp0\x00', {}, {0xff}, 0x62, 0x2, 0x4, 0x8}, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x0, 0x40}}}, {{@ipv6={@private1, @ipv4={'\x00', '\xff\xff', @broadcast}, [0xff000000, 0x0, 0xffffffff], [0x0, 0x0, 0xff000000, 0xff], 'veth1_to_bond\x00', 'pim6reg\x00', {0xff}, {}, 0x0, 0x7, 0x2, 0x40}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x1, 0x1, [0x3, 0x2, 0x8001, 0x6, 0xa, 0x1, 0x3, 0x8, 0x5, 0x8, 0x2a, 0xe, 0x2, 0x35, 0x80, 0xa], 0x9}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@remote, @private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xffffffff, 0xffffffff, 0xff], [0xff000000, 0xffffffff, 0xffffffff, 0xffffff00], 'wg2\x00', 'veth0_to_bridge\x00', {}, {0xff}, 0x2, 0x8, 0x6, 0x10}, 0x0, 0x120, 0x148, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x1, 0xa, [0x4e22, 0x4e20, 0x4e22, 0x4e22, 0x4e23, 0x4e21, 0x4e23, 0x4e21, 0x4e20, 0x4e20, 0x4e20, 0x4e22, 0x4e22, 0x4e24, 0x4e22], [0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1], 0x1}}, @common=@unspec=@cpu={{0x28}, {0x7, 0x1}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}]}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0xc}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x648)
mkdirat(r1, &(0x7f0000002700)='./file0\x00', 0xc4)
r7 = syz_usb_connect$cdc_ncm(0x4, 0x8e, &(0x7f0000002740)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7c, 0x2, 0x1, 0xb6, 0x0, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "64629d7e706c"}, {0x5, 0x24, 0x0, 0x5e53}, {0xd, 0x24, 0xf, 0x1, 0xf, 0x0, 0x6, 0x1}, {0x6, 0x24, 0x1a, 0x80, 0x1e}, [@obex={0x5, 0x24, 0x15, 0x7}, @obex={0x5, 0x24, 0x15, 0x9}, @country_functional={0x10, 0x24, 0x7, 0xc1, 0x1ff, [0x9, 0x0, 0x73b, 0x18b, 0xb0]}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x5, 0x7f, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x1, 0x55, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x20, 0xff, 0x8f}}}}}}}]}}, &(0x7f0000002980)={0xa, &(0x7f0000002800)={0xa, 0x6, 0x310, 0x7, 0xc0, 0x6, 0x8, 0x40}, 0xc, &(0x7f0000002840)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x6, 0x7, 0x0, 0x3}]}, 0x3, [{0x4, &(0x7f0000002880)=@lang_id={0x4, 0x3, 0x420}}, {0x4, &(0x7f00000028c0)=@lang_id={0x4, 0x3, 0x416}}, {0x63, &(0x7f0000002900)=@string={0x63, 0x3, "90edcc6f6e4df283225da1f86728413b91b1f9a2d65cfca72b30cadb8af5690f85959fba1b0e35a72a0a51804a10d649b778eefa63e61407020dfb678de208b90ae53f424d73b999932fbf15500c7981bf87bc733a84529f0f73dd28b4fb90c299"}}]})
syz_usb_control_io$cdc_ncm(r7, 0xfffffffffffffffc, &(0x7f0000002c00)={0x44, &(0x7f00000029c0)={0x20, 0x15, 0x64, "e421035b885be8ef6e800713c51d0bddfe65d9bdf5dde236fbf68a8d7db9c966c468f632e576def5fb215f1c39b33d531eef498c6af602da2553b6a57273057e2150647ba2f03c3feab6f1b9ff17c55ebae84d169654a76298d93b21a77938b0823c74ba"}, &(0x7f0000002a40)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000002a80)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000002ac0)={0x20, 0x80, 0x1c, {0x8, 0x400, 0xe, 0x6, 0x40, 0x400, 0x7, 0x3, 0x8a3, 0x2, 0x6, 0x7}}, &(0x7f0000002b00)={0x20, 0x85, 0x4, 0xb932}, &(0x7f0000002b40)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000002b80)={0x20, 0x87, 0x2, 0x7}, &(0x7f0000002bc0)={0x20, 0x89, 0x2, 0x1}})
sendfile(r1, r3, &(0x7f0000002c80)=0x9, 0x140b7f37)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000002cc0)={r6, 0x9}, &(0x7f0000002d00)=0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000002f80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000002f40)={<r8=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000002fc0)={0x13, 0x10, 0xfa00, {&(0x7f0000002d40), r8}}, 0x18)
getdents(r1, &(0x7f0000003000)=""/4096, 0x1000)
read$msr(r1, &(0x7f0000004000), 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000004280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000004240)={<r9=>0xffffffffffffffff}, 0x2, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f00000042c0)={0x13, 0x10, 0xfa00, {&(0x7f0000004040), r9, 0x2}}, 0x18)

7.954280946s ago: executing program 3 (id=1408):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x1403, 0x1, 0x70bd27, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x4000000}, 0x840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x40, 0x0, 0x7fffffff}]})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0x40082104, 0x0)

7.95386462s ago: executing program 4 (id=1409):
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000003480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000004bf1550a565fc426acc46b93190e97dcce71"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x33, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000003540)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000003700)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000300)=""/157, 0x9d}, {&(0x7f00000003c0)=""/140, 0x8c}, {&(0x7f0000000480)=""/145, 0x91}, {&(0x7f00000001c0)=""/4, 0x4}, {&(0x7f0000000540)=""/134, 0x86}, {&(0x7f0000000600)=""/51, 0x33}, {&(0x7f0000000640)=""/41, 0x29}], 0x7, &(0x7f0000000700)=""/6, 0x6}, 0x8}, {{&(0x7f0000000740)=@pppoe={0x18, 0x0, {0x0, @random}}, 0x80, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/64, 0x40}, {&(0x7f0000000800)=""/75, 0x4b}, {&(0x7f0000000880)=""/228, 0xe4}, {&(0x7f0000000980)=""/210, 0xd2}, {&(0x7f0000000a80)=""/201, 0xc9}], 0x5, &(0x7f0000000c00)=""/4096, 0x1000}, 0xffff}, {{&(0x7f0000001c00)=@tipc=@name, 0x80, &(0x7f0000003240)=[{&(0x7f0000001c80)=""/152, 0x98}, {&(0x7f0000001d40)=""/4096, 0x1000}, {&(0x7f0000002d40)}, {&(0x7f0000002d80)=""/100, 0x64}, {&(0x7f0000002e00)=""/75, 0x4b}, {&(0x7f0000002e80)=""/34, 0x22}, {&(0x7f0000002ec0)=""/120, 0x78}, {&(0x7f0000003800)=""/227, 0xe3}, {&(0x7f0000003040)=""/233, 0xe9}, {&(0x7f0000003140)=""/227, 0xe3}], 0xa, &(0x7f0000003300)=""/212, 0xd4}, 0x5}, {{&(0x7f0000003400)=@nfc_llcp={0x27, <r4=>0x0}, 0x80, &(0x7f0000003600), 0x0, &(0x7f0000003640)=""/143, 0x8f}, 0xfffffffc}], 0x4, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
getsockopt$PNPIPE_IFINDEX(r6, 0x113, 0x2, &(0x7f0000000100), &(0x7f00000000c0)=0xfe01)
write$UHID_CREATE2(r6, &(0x7f0000002d40)=ANY=[@ANYRESHEX=r0, @ANYRESDEC, @ANYRESHEX=r4], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
getsockopt$llc_int(r5, 0x10c, 0x3, 0x0, &(0x7f0000000000))
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r7, 0x4b3a, 0x1)
syz_open_dev$vcsa(0x0, 0x1, 0x40)
clock_gettime(0x0, 0x0)
ioctl$TCXONC(r7, 0x4b3a, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x22)
close(0xffffffffffffffff)
write$binfmt_misc(r6, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

7.802563169s ago: executing program 3 (id=1412):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003d40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x22}, @NFTA_SET_EXPR={0x18, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd8}}, 0x0)

7.611537281s ago: executing program 3 (id=1413):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000022c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = socket(0xa, 0x1, 0x0)
fgetxattr(r2, &(0x7f00000000c0)=@known='security.apparmor\x00', 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @private=0xa010501, 0x0, 0xfffffffd, 'none\x00'}, 0x2c)
socket$inet(0x2, 0x2000000080005, 0xffffffd2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x240080e4)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x29, &(0x7f0000000400)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3f}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0xa, 0x0, 0x2, 0x3}, {0x3, 0x0, 0x3, 0xa, 0x9, 0xfff8}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xb000000}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x3}, {0x46, 0x8, 0xfff0, 0x76}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}], {{0x7, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

7.032480087s ago: executing program 4 (id=1414):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r2, @ANYBLOB="0a000600080211000001000006006600c78800001a003300983d052050505050"], 0x50}}, 0x0)

6.784278875s ago: executing program 3 (id=1417):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = socket$inet6(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x7c, 0xc2, 0x54, 0x8, 0x112a, 0x5, 0xbe68, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1f, 0x0, 0x1, 0x97, 0xde, 0xbe, 0x0, [], [{{0x9, 0x5, 0x3, 0x0, 0x20, 0x7, 0xff, 0x80}}]}}]}}]}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414000800080004"], 0x2c}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

5.34776003s ago: executing program 2 (id=1422):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000004000000020000000c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000600000000000000000000000000000000000000000031189716d97aba6ac68d24f01a006d280c3e340c109028c3ede82269ae895490aab6c67011e0314e53de6d3cd7f794d5da00358842a7fd2a1321cba14118ff95635f908c5b745f2e421bcabd5b8271bdd347c6aa79f279282e197da7a2658efd5d38d66f965f7b36461ee41e4e00a502bc7e25e9ecb0"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000003000/0x2000)=nil)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="18080000080000000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="000016000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000180000000000000000000000ffffffff9500000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000700000085000000060000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000200)={r4, r0}, 0xc)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
r6 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r6, &(0x7f0000000000)={0x18, 0x0, {0x2, @remote, 'veth1_to_batadv\x00'}}, 0x1e)
socket$pppoe(0x18, 0x1, 0x0)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
socket(0x840000000002, 0x3, 0xff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)

5.224185182s ago: executing program 6 (id=1424):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
syz_emit_vhci(0x0, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_si_security={{0x2, 0x7}, {0x6, 0x9, 0x64, 0x9}}}, 0xa)
clock_gettime(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x0)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)

4.23333396s ago: executing program 6 (id=1425):
r0 = socket$packet(0x11, 0x2, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'xfrm0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xa0000001})
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=@newsa={0x138, 0x10, 0x1, 0x0, 0x25dfdbfd, {{@in6=@private2, @in6=@empty, 0x4000, 0x6, 0x3, 0x3, 0x0, 0x180}, {@in6=@mcast2, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, {0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x401, 0x0, 0x0, 0x4}, {}, {0x0, 0x18000000}, 0x0, 0x0, 0xa, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}]}, 0x138}}, 0x20000000)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000080)={0x6, 0x5b, 0x1, 0x4d393631, 0x11, "45025c416e02783f8c95dd4aaaad46a066591c"})
sendto$packet(r2, &(0x7f0000000180), 0x0, 0x60, &(0x7f0000000240)={0x2f, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

4.002380552s ago: executing program 2 (id=1426):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010) (async, rerun: 32)
sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x4004814) (async, rerun: 32)
r1 = accept(r0, &(0x7f00000001c0)=@x25, &(0x7f0000000000)=0x80)
ioctl$sock_qrtr_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000080)={'batadv_slave_0\x00'})

3.787890969s ago: executing program 2 (id=1427):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, 0x22, 0x3788ddd56ac63d1f}, 0x14}}, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
bind$bt_sco(r4, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000001a40)=""/102392, 0x18ff8)
add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca3000000000000240300ffc0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

3.022142009s ago: executing program 6 (id=1428):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$kcm(0x21, 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000480)={0xa, 0x0, 0x3c000, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x5}, 0x1c)
r4 = dup2(r3, r3)
sendmmsg$unix(r4, &(0x7f0000008380), 0x400000000000174, 0x4008890)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
fsync(r5)
io_uring_setup(0x1de0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000000000012150001c04ae6c62b56"])
close_range(r7, r7, 0x0)

2.893682142s ago: executing program 2 (id=1429):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40810}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x84ffffffffffffff, 0x80}, 0x800)

1.62575254s ago: executing program 6 (id=1430):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
unlink(&(0x7f0000000280)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)

1.557613827s ago: executing program 6 (id=1431):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000841}, 0x40044)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000440)=@o_path={0x0}, 0x18)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'})
socket$inet6(0xa, 0x3, 0x5)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x111, 0x3}}, 0x42)
socket$inet6_sctp(0xa, 0x5, 0x84)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f00000006c0)={0x15, 0x110, 0xfa00, {r2, 0x7, 0x30, 0x30, 0x0, @in6={0x1b, 0x0, 0x0, @loopback, 0x3ff}, @ib={0x1b, 0xffff, 0x0, {"0000000000000004001393000000dd00"}, 0x8074, 0x0, 0x7fff}}}, 0x118)

1.156078697s ago: executing program 6 (id=1432):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0xe8f, 0x12, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x5, 0xbf, &(0x7f00000005c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xad, 0x3, 0x1, 0x5, 0x40, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7fff, 0x3}, [@selector_unit={0x8, 0x24, 0x5, 0x4, 0x1, "e4491a"}, @mixer_unit={0xa, 0x24, 0x4, 0x1, 0x4, "b744168c49"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x3, 0x4, 0x9, 0xc, "67240f95ce0bb7"}, @as_header={0x7, 0x24, 0x1, 0x4, 0x9, 0x4}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x9, 0x4, 0xf7, {0x7, 0x25, 0x1, 0x80, 0xc0, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0xfd, 0x4, 0x5, 0x8}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x4, 0x1, 0x1, 0x80, "c970e4a7"}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0xff, 0x4, 0x9, 0x4, '}'}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0xfbff, 0x5000, 0x40}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x4, 0x6, 0x9d, {0x7, 0x25, 0x1, 0x2, 0xf, 0x9}}}}}}}]}}, &(0x7f0000000ac0)={0xa, &(0x7f0000000680)={0xa, 0x6, 0x310, 0xf, 0xe, 0x3, 0x8, 0x4}, 0x4d, &(0x7f00000006c0)={0x5, 0xf, 0x4d, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0xcb, 0xf7, 0xffc0}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "743be2896a1f51decb783eb7855a23f3"}, @wireless={0xb, 0x10, 0x1, 0x2, 0x50, 0x10, 0x4, 0x5, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "d427af2f31369aa0e310d522a449f1a7"}, @wireless={0xb, 0x10, 0x1, 0xc, 0xf4, 0x4, 0x1, 0x401, 0xff}]}, 0x8, [{0x64, &(0x7f0000000740)=@string={0x64, 0x3, "c71c4f42a8c0e2c888f2fd341cb94406f999e4064fbe72da7efae77dfdec43071fefbd4d76b60c547d536c56c46b92112b0d134d1fb367591bfaaf0bba16426a8fe7f2e374ec3a037a957491f21323e084f6a70a6dd17e008ccf434602c02ae0f396"}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0xc8e7}}, {0x19, &(0x7f0000000800)=@string={0x19, 0x3, "7ef3423548c94ca35fff868a8499cd81ac9a0fe1e59889"}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x421}}, {0xad, &(0x7f0000000880)=@string={0xad, 0x3, "75d2cde608d58a0a27f0aaadfc8054600684e59e0f9c7a37db5e1692b9935125c73befef4b11144073354da69191aa3e5829b2c80fa578f1ffe5deb57aff105906f64d20cb8c858810f0d371e6af76d9729fdced881bec18f81212675c5468f1e12cbb3412ba54f32f059613191faa7f6ce8892f5bd34fbffaf1d05cdbd5b0da9e3024064be5ea1acf868286cffc5826b6b3ebc77d4fbae34f97284f64cdce06773de16abdcc91981effa9"}}, {0x4, &(0x7f0000000940)=@lang_id={0x4, 0x3, 0x80c}}, {0xe3, &(0x7f0000000980)=@string={0xe3, 0x3, "039cec362e25af262db4098f82b8fbe3e4d694270ebdc6fb3331c4cb387d3145a3b67eb1d07ada02327c5b708c7398454b465a50ed5c56575026663609d6a434b831a4d6f38baf914cd6f3490e7da2f920302eeface29c3d200a30319f9a6b8143ae27eb5ec5eeaa554246098b19225e35fc8ef8243ab42b18ce20c66ba0bb4ae0887c56beb8c5e27075b797e137233299757638bf9c1c2101357b1874d9b592b47534b524af64b81f92d1ed4755582a283e77992f426e911401637d7c8f5cc2e98529c9a57924ee414fc95e8fe3c5805c3aa4f67636c32ee67dbb9248d2963808"}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x1c01}}]})
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
sendto(0xffffffffffffffff, &(0x7f0000000740)="12", 0x1, 0x0, 0x0, 0x0)
write$binfmt_aout(r2, 0x0, 0xffffffdb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)={0x0, 0xb, 0x101, {0x101, 0xc, "6e8db63b46666f64dd3dbeac469b8addaa0318ba41a657c8e5b78157a185baecd8d8b04a277108f7a6c791b738134106428112b5c703703e1549a6e9d61754304c598a130edafa1a459d680b7a12c21cd2e752940000046a6441eaf1a2c303a0b4f04c56fbe5cd68841209be5bebcc2ac6b2da5e4b75af34bc72db87c63c7aa7fef8c6a86b5989013afc143c699b6ee146de734fff6c6f895a39c1e0129ecd6a3e4969e6e5753a39a64f90d96f0c91c8d7a4bd80549c70dd9d79de4450c6bf8c642cc5369502bcfb87519bf2444eefbf520755700e54df078c7a69eb01fcaa54dfd867a5f8d94905f3a0c115ba4099db8b34292061c3f19aaf96e2d358023e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280)=0x4)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = dup(r5)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r7=>0xffffffffffffffff}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r8=>0xffffffffffffffff, {0x7fffffff}}, './file0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x7, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, [@ldst={0x2, 0x3, 0x3, 0x3, 0x3, 0x8, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @alu={0x7, 0x1, 0xb, 0x4, 0x6, 0x80, 0x8}]}, &(0x7f0000000200)='syzkaller\x00', 0x77, 0x0, 0x0, 0x41000, 0x74, '\x00', r3, 0x0, r6, 0x8, &(0x7f00000002c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000300)={0x2, 0xffffffff, 0xfff, 0x8}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[0xffffffffffffffff, r7, r8], &(0x7f0000000440)=[{0x5, 0x5, 0xe, 0x7}, {0x1, 0x5, 0xc, 0x8}, {0x1, 0x4, 0x0, 0x3}, {0x5, 0xc, 0x10, 0x5}, {0x24, 0x3, 0x9, 0x4}, {0x0, 0x2, 0x6, 0x9}, {0x3, 0x2, 0x7, 0x9}], 0x10, 0x7, @void, @value}, 0x94)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGDEV(r9, 0x80045432, &(0x7f0000000580))
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)

931.711096ms ago: executing program 3 (id=1433):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfb, 0x323, &(0x7f0000006680)) (async)
fcntl$getown(0xffffffffffffffff, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
chroot(0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
fcntl$setlease(r0, 0x400, 0x1) (async)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r3, 0x400455c8, 0x1) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0xdb) (async)
ioctl$TIOCSTI(r0, 0x5412, 0x0)

886.753688ms ago: executing program 4 (id=1434):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400030064766d727009000000000000000000001800128008000100707070000c00028008000100", @ANYRESHEX], 0x4c}, 0x1, 0x0, 0x8100000000000000}, 0x0)

748.241747ms ago: executing program 2 (id=1435):
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYRES32=0x0, @ANYRESHEX], 0x4c}}, 0x0)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000013c0), 0x4)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="e8", 0xfffffffffffffd79, 0x2000c850, 0x0, 0x4d)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1d, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x63, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x101, @void, @value}, 0x94)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FICLONE(r3, 0x40049409, r2)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000001600000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3213000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140080000120800024000000000080004400040000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000080)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0)

745.663132ms ago: executing program 4 (id=1436):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e0000000018000280067fff00010000000c000200540a00001800000008000500", @ANYRES32=r2], 0x50}, 0x1, 0xba01}, 0x0)

206.870653ms ago: executing program 4 (id=1437):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="50000000100001042dbd70000300000000000000", @ANYRES32=0x0, @ANYBLOB="2b8b030000810000280012800b00010067656e657665000018000280140007"], 0x50}, 0x1, 0x0, 0x0, 0x24004000}, 0x0)

166.167478ms ago: executing program 2 (id=1438):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000030000008500000086", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
syz_open_procfs(r3, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x2f)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8, 0x9, 0xffff}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, &(0x7f0000000040)=0x4, 0xfed, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x1000088}, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000680)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x30, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @multicast1}}}}}}}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)

0s ago: executing program 4 (id=1439):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x56, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
brk(0x400000ffc020)
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000003c0)={0x0, 0xffffffffffffff53, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x800000, 0x0, 0x0, 0x0, [<r5=>0x0], [0x0, 0x0, 0x0, 0xffffffff], [0x1000, 0x0, 0x0, 0xfffffffc], [0x1, 0x7]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f00000001c0)={r5, 0x80000, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r6})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

nterface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.410502][ T5918] usb 2-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  275.410523][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.412535][ T5918] usb 2-1: config 0 descriptor??
[  275.761389][   T30] audit: type=1400 audit(2000000119.030:561): avc:  denied  { write } for  pid=8597 comm="syz.4.758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  276.041141][   T30] audit: type=1800 audit(2000000119.410:562): pid=8613 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.760" name="bus" dev="overlay" ino=863 res=0 errno=0
[  276.281095][ T5918] greenasia 0003:0E8F:0012.000E: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.1-1/input0
[  276.321178][ T5918] greenasia 0003:0E8F:0012.000E: no inputs found
[  276.430601][ T8435] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  276.547536][ T5922] usb 2-1: USB disconnect, device number 18
[  276.627551][ T8435] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  276.647225][ T8435] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  276.661129][ T8435] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  276.882064][ T8435] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.892147][ T8640] netlink: 28 bytes leftover after parsing attributes in process `syz.4.768'.
[  276.907807][ T8435] 8021q: adding VLAN 0 to HW filter on device team0
[  276.920361][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.927520][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.952780][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.959962][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  277.144317][ T8642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.769'.
[  277.514473][ T8435] 8021q: adding VLAN 0 to HW filter on device batadv0
[  277.808899][ T8661] netlink: 4 bytes leftover after parsing attributes in process `syz.2.771'.
[  278.029934][ T8435] veth0_vlan: entered promiscuous mode
[  278.197267][ T8435] veth1_vlan: entered promiscuous mode
[  278.273675][ T8435] veth0_macvtap: entered promiscuous mode
[  278.310400][ T8435] veth1_macvtap: entered promiscuous mode
[  278.405391][ T8435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  278.449507][ T8435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.495572][ T8435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  278.517665][ T8435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.534475][ T8435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  278.695429][ T8435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.708208][ T8435] batman_adv: batadv0: Interface activated: batadv_slave_0
[  278.732736][ T8435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  279.239063][ T8435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  279.249498][ T8435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  279.287181][ T8435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  279.330448][ T8435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  279.361436][ T8435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  279.484654][ T8435] batman_adv: batadv0: Interface activated: batadv_slave_1
[  279.495965][ T8435] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  279.514970][ T8435] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  279.589714][ T8435] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  279.628998][ T8435] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  280.173193][ T5879] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  280.199747][ T8694] FAULT_INJECTION: forcing a failure.
[  280.199747][ T8694] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.279743][ T8694] CPU: 1 UID: 0 PID: 8694 Comm: syz.3.781 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  280.279771][ T8694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  280.279781][ T8694] Call Trace:
[  280.279792][ T8694]  <TASK>
[  280.279800][ T8694]  dump_stack_lvl+0x16c/0x1f0
[  280.279828][ T8694]  should_fail_ex+0x512/0x640
[  280.279850][ T8694]  _copy_to_user+0x32/0xd0
[  280.279872][ T8694]  simple_read_from_buffer+0xcb/0x170
[  280.279900][ T8694]  proc_fail_nth_read+0x197/0x270
[  280.279927][ T8694]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  280.279954][ T8694]  ? rw_verify_area+0xcf/0x680
[  280.279976][ T8694]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  280.280002][ T8694]  vfs_read+0x1de/0xc70
[  280.280030][ T8694]  ? __pfx___mutex_lock+0x10/0x10
[  280.280051][ T8694]  ? __pfx_vfs_read+0x10/0x10
[  280.280080][ T8694]  ? __fget_files+0x20e/0x3c0
[  280.280104][ T8694]  ksys_read+0x12a/0x240
[  280.280119][ T8694]  ? __pfx_ksys_read+0x10/0x10
[  280.280142][ T8694]  ? rcu_is_watching+0x12/0xc0
[  280.280169][ T8694]  do_syscall_64+0xcd/0x260
[  280.280194][ T8694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.280211][ T8694] RIP: 0033:0x7f711f58cb7c
[  280.280225][ T8694] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  280.280241][ T8694] RSP: 002b:00007f712033f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  280.280258][ T8694] RAX: ffffffffffffffda RBX: 00007f711f7b5fa0 RCX: 00007f711f58cb7c
[  280.280270][ T8694] RDX: 000000000000000f RSI: 00007f712033f0a0 RDI: 0000000000000007
[  280.280279][ T8694] RBP: 00007f712033f090 R08: 0000000000000000 R09: 0000000000000000
[  280.280289][ T8694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.280298][ T8694] R13: 0000000000000000 R14: 00007f711f7b5fa0 R15: 00007ffe41570328
[  280.280321][ T8694]  </TASK>
[  280.542005][ T5879] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  280.551324][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.579769][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.587737][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.606217][ T5879] usb 2-1: config 0 descriptor??
[  280.615392][ T5879] gspca_main: cpia1-2.14.0 probing 0813:0001
[  280.699933][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.708562][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.879409][   T30] audit: type=1400 audit(2000000124.230:563): avc:  denied  { mounton } for  pid=8435 comm="syz-executor" path="/root/syzkaller.fuGuor/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  280.906176][    C0] vkms_vblank_simulate: vblank timer overrun
[  281.007311][ T8704] FAT-fs (nullb0): bogus number of reserved sectors
[  281.014113][ T8704] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  281.077282][ T8704] hfsplus: unable to find HFS+ superblock
[  281.321741][   T30] audit: type=1400 audit(2000000124.240:564): avc:  denied  { mount } for  pid=8435 comm="syz-executor" name="/" dev="gadgetfs" ino=6621 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  281.370976][   T30] audit: type=1800 audit(2000000124.740:565): pid=8690 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.779" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  281.429479][ T5879] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  281.657956][ T8709] netlink: 44 bytes leftover after parsing attributes in process `syz.2.784'.
[  281.693349][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  281.846347][ T5879] gspca_cpia1: usb_control_msg 02, error -71
[  281.858894][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  281.859139][ T5879] gspca_cpia1: usb_control_msg 05, error -71
[  281.876300][ T5879] cpia1 2-1:0.0: unexpected systemstate: 00
[  281.886156][    T9] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  281.890550][ T5879] usb 2-1: USB disconnect, device number 19
[  281.998453][   T30] audit: type=1400 audit(2000000125.340:566): avc:  denied  { write } for  pid=8712 comm="syz.3.786" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  282.075010][ T8718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'.
[  282.126108][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.321507][    T9] usb 6-1: config 0 descriptor??
[  283.127230][    T9] keytouch 0003:0926:3333.000F: fixing up Keytouch IEC report descriptor
[  283.139306][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.000F/input/input13
[  283.256887][    T9] keytouch 0003:0926:3333.000F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  283.916264][ T8706] 9pnet_fd: Insufficient options for proto=fd
[  283.931846][ T8706] SELinux:  policydb string length 268435464 does not match expected length 8
[  284.393559][ T8706] SELinux: failed to load policy
[  284.418865][ T8728] overlayfs: disabling nfs_export due to verity=require
[  284.543790][    T9] usb 6-1: USB disconnect, device number 2
[  284.973014][   T80] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  285.133129][   T80] usb 5-1: Using ep0 maxpacket: 8
[  285.146066][   T80] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  285.265252][   T80] usb 5-1: config 0 has no interfaces?
[  285.319558][   T80] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  285.353157][   T80] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.455601][ T8757] loop8: detected capacity change from 0 to 1
[  285.483198][    T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  285.495115][   T80] usb 5-1: config 0 descriptor??
[  285.505174][ T8757] Dev loop8: unable to read RDB block 1
[  285.532888][ T8757]  loop8: unable to read partition table
[  285.600187][   T30] audit: type=1400 audit(2000000128.970:567): avc:  denied  { getopt } for  pid=8758 comm="syz.2.801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  285.626375][ T8757] loop8: partition table beyond EOD, truncated
[  285.673050][    T9] usb 2-1: Using ep0 maxpacket: 8
[  285.684370][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  285.707554][    T9] usb 2-1: config 0 has no interfaces?
[  285.726181][ T8757] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  285.744706][    T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  285.779294][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.803859][   T30] audit: type=1800 audit(2000000129.180:568): pid=8764 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.802" name="bus" dev="overlay" ino=45 res=0 errno=0
[  285.858706][    T9] usb 2-1: config 0 descriptor??
[  287.180105][ T8782] netlink: 'syz.5.808': attribute type 1 has an invalid length.
[  287.188402][ T8782] netlink: 224 bytes leftover after parsing attributes in process `syz.5.808'.
[  288.090846][ T5921] usb 5-1: USB disconnect, device number 24
[  288.191019][    T9] usb 2-1: USB disconnect, device number 20
[  288.948460][ T8800] netlink: 'syz.4.815': attribute type 1 has an invalid length.
[  288.974453][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.013682][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.153221][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.158966][   T80] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  289.176127][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.187077][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.196657][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.206080][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.215419][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.225840][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.4.815'.
[  289.328148][   T80] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  289.412015][   T80] usb 2-1: config 0 has no interface number 0
[  289.518121][   T80] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  289.533146][ T5918] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  289.673111][ T5918] usb 4-1: device descriptor read/64, error -71
[  289.685037][   T80] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  289.713191][   T80] usb 2-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00
[  289.739424][   T80] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.775135][   T80] usb 2-1: config 0 descriptor??
[  290.075000][ T8799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  290.102125][ T8799] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  290.215833][ T8814] overlayfs: failed to resolve './file1': -2
[  290.431000][   T30] audit: type=1400 audit(2000000133.580:569): avc:  denied  { create } for  pid=8812 comm="syz.4.819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  290.433364][ T5918] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  290.460199][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  290.463780][   T30] audit: type=1400 audit(2000000133.590:570): avc:  denied  { write } for  pid=8812 comm="syz.4.819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  290.532265][ T5834] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  290.727518][ T5918] usb 4-1: device descriptor read/64, error -71
[  290.823024][   T24] usb 6-1: Using ep0 maxpacket: 32
[  290.832254][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.936242][ T5918] usb usb4-port1: attempt power cycle
[  290.966269][   T24] usb 6-1: New USB device found, idVendor=0c52, idProduct=2841, bcdDevice= 3.0f
[  291.049620][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.071046][   T24] usb 6-1: config 0 descriptor??
[  291.082235][   T24] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  291.092328][   T24] ftdi_sio ttyUSB0: unknown device type: 0x30f
[  291.205467][   T80] usbhid 2-1:0.2: can't add hid device: -71
[  291.211437][   T80] usbhid 2-1:0.2: probe with driver usbhid failed with error -71
[  291.240999][   T80] usb 2-1: USB disconnect, device number 21
[  291.290274][   T30] audit: type=1400 audit(2000000134.660:571): avc:  denied  { create } for  pid=8804 comm="syz.5.816" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  291.346809][ T5918] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  291.375181][ T5918] usb 4-1: device descriptor read/8, error -71
[  291.390567][   T30] audit: type=1400 audit(2000000134.660:572): avc:  denied  { read } for  pid=8804 comm="syz.5.816" name="file0" dev="tmpfs" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  291.516341][   T30] audit: type=1400 audit(2000000134.660:573): avc:  denied  { open } for  pid=8804 comm="syz.5.816" path="/6/file0" dev="tmpfs" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  291.538935][   T30] audit: type=1400 audit(2000000134.660:574): avc:  denied  { ioctl } for  pid=8804 comm="syz.5.816" path="/newroot/6/file0" dev="tmpfs" ino=75 ioctlcmd=0x125d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  291.563355][    C0] vkms_vblank_simulate: vblank timer overrun
[  291.854389][ T5918] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  292.251353][ T8842] __nla_validate_parse: 25 callbacks suppressed
[  292.251400][ T8842] netlink: 16 bytes leftover after parsing attributes in process `syz.2.826'.
[  292.517816][    T9] usb 6-1: USB disconnect, device number 3
[  292.531261][   T30] audit: type=1400 audit(2000000135.900:575): avc:  denied  { unlink } for  pid=8435 comm="syz-executor" name="file0" dev="tmpfs" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  292.570535][ T5918] usb 4-1: device descriptor read/8, error -71
[  292.571382][    T9] ftdi_sio 6-1:0.0: device disconnected
[  292.632305][ T8847] tty tty2: ldisc open failed (-12), clearing slot 1
[  292.693261][ T5918] usb usb4-port1: unable to enumerate USB device
[  292.908809][ T8855] nbd1: detected capacity change from 0 to 12
[  292.975595][ T8860] fuse: Unknown parameter '00000000000000000003'
[  292.987434][   T30] audit: type=1400 audit(2000000136.360:576): avc:  denied  { create } for  pid=8857 comm="syz.5.831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  293.116256][   T30] audit: type=1400 audit(2000000136.480:577): avc:  denied  { accept } for  pid=8857 comm="syz.5.831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  293.223259][ T8863] overlayfs: missing 'lowerdir'
[  293.299563][ T8863] hsr_slave_0: left promiscuous mode
[  293.307591][ T8863] hsr_slave_1: left promiscuous mode
[  293.599263][ T5834] block nbd1: Receive control failed (result -104)
[  293.648704][ T5834] block nbd5: Receive control failed (result -107)
[  293.733645][ T8866] nbd5: detected capacity change from 0 to 12
[  293.813039][   T30] audit: type=1400 audit(2000000137.160:578): avc:  denied  { allowed } for  pid=8867 comm="syz.4.834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  293.838001][ T5938] block nbd5: Dead connection, failed to find a fallback
[  293.925596][ T5938] block nbd5: shutting down sockets
[  293.969995][ T5938] blk_print_req_error: 27 callbacks suppressed
[  293.970042][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  294.154805][ T5938] buffer_io_error: 26 callbacks suppressed
[  294.154825][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  294.197463][ T5918] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  294.327885][ T8866] nbd5: detected capacity change from 12 to 6
[  294.348298][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  294.433322][ T5918] usb 6-1: Using ep0 maxpacket: 16
[  294.470779][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  294.500478][ T5918] usb 6-1: unable to get BOS descriptor or descriptor too short
[  294.664544][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  294.679894][ T5918] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  294.700644][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  294.712005][ T5918] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  294.722301][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  294.735216][ T5918] usb 6-1: config 1 has no interface number 1
[  294.741398][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  294.749954][ T5918] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  294.764786][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  294.775569][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  294.788723][ T5918] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  294.801622][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.812400][ T5938] ldm_validate_partition_table(): Disk read failed.
[  294.883007][ T5918] usb 6-1: Product: syz
[  294.901836][ T5918] usb 6-1: Manufacturer: syz
[  294.914798][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  294.924611][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  294.939545][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  294.994826][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.025052][ T5918] usb 6-1: SerialNumber: syz
[  295.037501][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.078417][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.128274][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.143217][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.154969][ T5938] Dev nbd5: unable to read RDB block 0
[  295.161059][ T5938] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.174575][ T5938] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.185244][ T5938]  nbd5: unable to read partition table
[  295.192098][ T5938] nbd5: partition table beyond EOD, truncated
[  295.224806][ T5938] ldm_validate_partition_table(): Disk read failed.
[  295.353829][ T5938] Dev nbd5: unable to read RDB block 0
[  295.359642][ T5938]  nbd5: unable to read partition table
[  295.365944][ T5938] nbd5: partition table beyond EOD, truncated
[  295.383325][ T5918] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[  295.385022][ T5938] ldm_validate_partition_table(): Disk read failed.
[  295.859642][ T5938] Dev nbd5: unable to read RDB block 0
[  295.875011][ T5938]  nbd5: unable to read partition table
[  295.880404][ T5918] usb 6-1: USB disconnect, device number 4
[  295.887074][ T5938] nbd5: partition table beyond EOD, truncated
[  295.941417][ T5938] ldm_validate_partition_table(): Disk read failed.
[  295.965100][ T5938] Dev nbd5: unable to read RDB block 0
[  295.984464][ T5938]  nbd5: unable to read partition table
[  296.009617][ T5938] nbd5: partition table beyond EOD, truncated
[  296.114117][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  296.114133][   T30] audit: type=1400 audit(2000000139.490:580): avc:  denied  { module_request } for  pid=8884 comm="syz.2.839" kmod="netdev-hsr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  296.175579][ T8889] netlink: 'syz.2.839': attribute type 10 has an invalid length.
[  296.191312][ T5826] udevd[5826]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  296.637615][ T8894] loop8: detected capacity change from 0 to 1
[  296.664584][ T8894] Dev loop8: unable to read RDB block 1
[  296.680761][ T8894]  loop8: unable to read partition table
[  296.696887][ T8894] loop8: partition table beyond EOD, truncated
[  296.712700][ T8894] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  296.748421][ T8899] xt_time: unknown flags 0xc
[  296.972676][ T8908] netlink: 16 bytes leftover after parsing attributes in process `syz.4.846'.
[  298.643653][   T30] audit: type=1400 audit(2000000141.860:581): avc:  denied  { getopt } for  pid=8915 comm="syz.2.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  299.344235][   T30] audit: type=1400 audit(2000000142.720:582): avc:  denied  { read write } for  pid=8933 comm="syz.3.857" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  299.465988][   T30] audit: type=1400 audit(2000000142.720:583): avc:  denied  { open } for  pid=8933 comm="syz.3.857" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  299.894970][ T8944] input: syz1 as /devices/virtual/input/input14
[  300.540353][    T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  301.115074][    T9] usb 6-1: config 0 has an invalid interface number: 98 but max is 0
[  301.126738][    T9] usb 6-1: config 0 has no interface number 0
[  301.142048][    T9] usb 6-1: config 0 interface 98 has no altsetting 0
[  301.231447][    T9] usb 6-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[  301.241244][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.252972][    T9] usb 6-1: Product: syz
[  301.257140][    T9] usb 6-1: Manufacturer: syz
[  301.261732][    T9] usb 6-1: SerialNumber: syz
[  301.274877][    T9] usb 6-1: config 0 descriptor??
[  301.720976][    T9] usb 6-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[  301.838634][   T30] audit: type=1400 audit(2000000145.200:584): avc:  denied  { map } for  pid=8957 comm="syz.3.865" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  302.223152][    T9] usb 6-1: reset high-speed USB device number 5 using dummy_hcd
[  302.344324][ T8976] netlink: 'syz.2.871': attribute type 1 has an invalid length.
[  302.393969][   T30] audit: type=1400 audit(2000000145.770:585): avc:  denied  { create } for  pid=8973 comm="syz.4.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  302.647771][    T9] usb 6-1: [ueagle-atm] pre-firmware device, uploading firmware
[  304.228937][    T9] usb 6-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[  304.240894][ T5922] usb 6-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[  304.262205][ T5922] usb 6-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[  304.275652][   T30] audit: type=1400 audit(2000000145.770:586): avc:  denied  { ioctl } for  pid=8973 comm="syz.4.870" path="socket:[24449]" dev="sockfs" ino=24449 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  304.303229][    T9] usb 6-1: USB disconnect, device number 5
[  304.334505][   T30] audit: type=1400 audit(2000000145.770:587): avc:  denied  { map } for  pid=8973 comm="syz.4.870" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  304.359746][   T30] audit: type=1400 audit(2000000145.810:588): avc:  denied  { connect } for  pid=8973 comm="syz.4.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  304.379777][   T30] audit: type=1400 audit(2000000145.820:589): avc:  denied  { read } for  pid=8973 comm="syz.4.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  304.399402][   T30] audit: type=1800 audit(2000000145.910:590): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.872" name="bus" dev="overlay" ino=1069 res=0 errno=0
[  304.420936][    C0] vkms_vblank_simulate: vblank timer overrun
[  304.492043][   T30] audit: type=1400 audit(2000000147.550:591): avc:  denied  { mounton } for  pid=8939 comm="syz.5.860" path="/proc/41/task" dev="proc" ino=24862 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  304.513101][ T8987] netlink: 12 bytes leftover after parsing attributes in process `syz.4.875'.
[  304.857922][   T53] Bluetooth: hci5: Frame reassembly failed (-84)
[  305.218864][ T9000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.879'.
[  305.329793][ T1163] af_packet: tpacket_rcv: packet too big, clamped from 52 to 4294967272. macoff=96
[  305.743095][    T9] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  306.278208][   T30] audit: type=1400 audit(2000000149.290:592): avc:  denied  { create } for  pid=9011 comm="syz.4.885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  306.307483][   T30] audit: type=1400 audit(2000000149.300:593): avc:  denied  { write } for  pid=9011 comm="syz.4.885" path="socket:[24924]" dev="sockfs" ino=24924 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  306.333336][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  306.350604][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  306.362047][    T9] usb 6-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  306.371717][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.382870][    T9] usb 6-1: config 0 descriptor??
[  306.817793][    T9] hid-led 0003:1D34:0004.0010: unknown main item tag 0x0
[  306.923072][ T5844] Bluetooth: hci5: command 0x1003 tx timeout
[  306.930651][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  307.079086][    T9] hid-led 0003:1D34:0004.0010: hidraw0: USB HID v0.00 Device [HID 1d34:0004] on usb-dummy_hcd.5-1/input0
[  307.146705][    T9] hid-led 0003:1D34:0004.0010: Dream Cheeky Webmail Notifier initialized
[  307.225238][    T9] usb 6-1: USB disconnect, device number 6
[  307.332248][ T9052] netlink: 40 bytes leftover after parsing attributes in process `syz.3.898'.
[  308.742115][    T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  308.914571][    T9] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  308.929098][    T9] usb 3-1: config 0 has no interface number 0
[  308.977998][    T9] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.027877][    T9] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  309.083658][    T9] usb 3-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00
[  309.129816][ T9078] netlink: 'syz.5.909': attribute type 1 has an invalid length.
[  309.152888][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.185955][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  309.185970][   T30] audit: type=1400 audit(2000000152.550:596): avc:  denied  { connect } for  pid=9079 comm="syz.4.910" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  309.197553][ T9076] Bluetooth: MGMT ver 1.23
[  309.232229][    T9] usb 3-1: config 0 descriptor??
[  309.239072][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  309.248495][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  309.256906][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  309.267779][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  309.279418][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  309.463030][   T80] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  309.527657][ T9063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  309.563223][ T9063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  309.693012][   T80] usb 4-1: Using ep0 maxpacket: 8
[  309.699742][   T80] usb 4-1: config 150 has an invalid interface number: 11 but max is 0
[  309.709158][   T80] usb 4-1: config 150 has no interface number 0
[  309.719504][   T80] usb 4-1: config 150 interface 11 has no altsetting 0
[  310.685600][   T80] usb 4-1: New USB device found, idVendor=071d, idProduct=1005, bcdDevice=af.d3
[  310.688156][    T9] usbhid 3-1:0.2: can't add hid device: -71
[  310.703652][    T9] usbhid 3-1:0.2: probe with driver usbhid failed with error -71
[  310.711817][ T5834] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  310.724915][    T9] usb 3-1: USB disconnect, device number 24
[  310.732026][   T80] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.749764][   T80] usb 4-1: Product: syz
[  310.754128][   T80] usb 4-1: Manufacturer: syz
[  310.758830][   T80] usb 4-1: SerialNumber: syz
[  310.966580][ T9080] chnl_net:caif_netlink_parms(): no params data found
[  310.997579][   T80] HFC-S_USB 4-1:150.11: probe with driver HFC-S_USB failed with error -5
[  311.007225][   T30] audit: type=1400 audit(2000000154.360:597): avc:  denied  { listen } for  pid=9074 comm="syz.3.907" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  311.027538][    C1] vkms_vblank_simulate: vblank timer overrun
[  311.041422][   T80] usb 4-1: USB disconnect, device number 35
[  311.342634][ T9112] hfsplus: unable to find HFS+ superblock
[  311.513866][ T5834] Bluetooth: hci5: command tx timeout
[  311.583772][ T9080] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.591001][ T9080] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.598367][ T9080] bridge_slave_0: entered allmulticast mode
[  311.605134][ T9080] bridge_slave_0: entered promiscuous mode
[  311.612265][ T9080] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.621551][ T9080] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.629091][ T9080] bridge_slave_1: entered allmulticast mode
[  311.637781][ T9080] bridge_slave_1: entered promiscuous mode
[  311.664818][ T9080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  311.675745][ T9080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  311.833353][ T9080] team0: Port device team_slave_0 added
[  311.841733][ T9080] team0: Port device team_slave_1 added
[  311.898575][ T9080] batman_adv: batadv0: Adding interface: batadv_slave_0
[  311.906816][ T9080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  311.953774][ T9080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  311.979660][ T9121] netlink: 12 bytes leftover after parsing attributes in process `syz.2.920'.
[  312.082098][ T9080] batman_adv: batadv0: Adding interface: batadv_slave_1
[  312.099959][ T5921] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  312.146613][ T9080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  312.734605][ T9080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  313.028439][ T5921] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  313.037596][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.049002][ T5921] usb 5-1: config 0 descriptor??
[  313.055823][ T5921] gspca_main: cpia1-2.14.0 probing 0813:0001
[  313.259304][ T9080] hsr_slave_0: entered promiscuous mode
[  313.265731][ T9080] hsr_slave_1: entered promiscuous mode
[  313.271818][ T9080] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  313.279454][ T9080] Cannot create hsr debugfs directory
[  313.322522][ T9136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.926'.
[  313.563797][ T5834] Bluetooth: hci5: command tx timeout
[  313.598682][   T30] audit: type=1800 audit(2000000156.970:598): pid=9116 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.918" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  313.762560][ T5921] cpia1 5-1:0.0: unexpected state after lo power cmd: 00
[  313.870378][ T9080] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  313.887484][ T9080] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  313.902641][ T9080] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  313.918623][ T9080] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  314.037468][ T9080] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.044506][   T24] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  314.080454][ T9080] 8021q: adding VLAN 0 to HW filter on device team0
[  314.100778][ T1163] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.107914][ T1163] bridge0: port 1(bridge_slave_0) entered forwarding state
[  314.135614][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.142760][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state
[  314.160236][ T9146] netlink: 'syz.5.929': attribute type 10 has an invalid length.
[  314.172788][ T9146] hsr_slave_0: left promiscuous mode
[  314.179093][ T5921] gspca_cpia1: usb_control_msg 02, error -71
[  314.191617][ T5921] gspca_cpia1: usb_control_msg 05, error -71
[  314.201132][ T5921] cpia1 5-1:0.0: unexpected systemstate: 00
[  314.211460][ T9146] hsr_slave_1: left promiscuous mode
[  314.220846][ T5921] usb 5-1: USB disconnect, device number 25
[  314.303027][   T24] usb 4-1: Using ep0 maxpacket: 8
[  314.310106][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  314.330430][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  314.353842][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 239, changing to 11
[  314.386296][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 9059, setting to 1024
[  314.411487][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  314.437289][   T24] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  314.446987][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.463995][   T24] usb 4-1: Product: syz
[  314.473914][   T24] usb 4-1: Manufacturer: syz
[  314.493341][   T24] usb 4-1: SerialNumber: syz
[  314.504309][   T24] usb 4-1: config 0 descriptor??
[  314.524557][   T24] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input15
[  314.647319][ T9080] 8021q: adding VLAN 0 to HW filter on device batadv0
[  314.726883][ T9141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.747916][ T9141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.756143][ T9158] netlink: 8 bytes leftover after parsing attributes in process `syz.5.931'.
[  314.783581][    C0] kbtab 4-1:0.0: kbtab_irq - usb_submit_urb failed with result -1
[  314.806525][    C1] kbtab 4-1:0.0: kbtab_irq - usb_submit_urb failed with result -1
[  314.817971][ T9158] geneve2: entered promiscuous mode
[  315.390606][ T9080] veth0_vlan: entered promiscuous mode
[  315.427753][ T9080] veth1_vlan: entered promiscuous mode
[  315.488457][ T9080] veth0_macvtap: entered promiscuous mode
[  315.507969][ T9080] veth1_macvtap: entered promiscuous mode
[  315.550351][ T9080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.571795][ T9080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.582189][ T9080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.593186][ T9080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.603548][ T9080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.614552][ T9080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.636191][ T9080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.676013][ T5834] Bluetooth: hci5: command tx timeout
[  315.690837][ T9080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.702430][ T9080] batman_adv: batadv0: Interface activated: batadv_slave_0
[  316.548123][ T9080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  316.564182][ T9080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  316.586551][ T9080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  316.612987][ T9080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  316.638160][ T9080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  316.649515][   T30] audit: type=1400 audit(2000000160.030:599): avc:  denied  { getopt } for  pid=9191 comm="syz.4.941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  316.664883][ T9080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  316.697164][ T9080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  316.718463][ T9080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  316.782157][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  316.791223][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  317.033663][ T9080] batman_adv: batadv0: Interface activated: batadv_slave_1
[  317.037392][ T9201] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  317.047876][ T9080] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  317.081169][ T9080] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  317.085841][   T24] usb 4-1: USB disconnect, device number 36
[  317.097714][ T9080] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  317.115374][ T9080] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  317.365486][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.543507][ T9212] autofs: Unknown parameter 'fd'
[  317.602290][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.731307][ T5834] Bluetooth: hci5: command tx timeout
[  317.732997][ T5921] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  317.767031][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.776353][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  318.403684][ T5921] usb 5-1: Using ep0 maxpacket: 8
[  318.419863][ T5921] usb 5-1: config 0 has an invalid interface number: 186 but max is 0
[  318.434228][ T5921] usb 5-1: config 0 has no interface number 0
[  318.441006][ T5921] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  318.455388][ T5921] usb 5-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  318.467971][ T5921] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  318.479572][ T5921] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  318.564274][ T5921] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  318.587307][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.615184][ T5921] usb 5-1: Product: syz
[  318.629593][ T5921] usb 5-1: Manufacturer: syz
[  318.642682][ T5921] usb 5-1: SerialNumber: syz
[  318.650642][ T9228] netlink: 28 bytes leftover after parsing attributes in process `syz.2.951'.
[  318.676106][ T5921] usb 5-1: config 0 descriptor??
[  318.789431][   T30] audit: type=1400 audit(2000000162.160:600): avc:  denied  { accept } for  pid=9226 comm="syz.6.905" path="socket:[25564]" dev="sockfs" ino=25564 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  318.824323][ T9233] netlink: 12 bytes leftover after parsing attributes in process `syz.6.905'.
[  318.890273][ T5921] iowarrior 5-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  319.115759][ T9206] SELinux:  policydb magic number 0xf978ff8c does not match expected magic number 0xf97cff8c
[  319.181703][ T9206] SELinux: failed to load policy
[  319.186915][ T9238] Bluetooth: MGMT ver 1.23
[  319.400254][   T30] audit: type=1400 audit(2000000162.770:601): avc:  denied  { checkpoint_restore } for  pid=9243 comm="syz.5.954" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  320.828369][    T9] usb 5-1: USB disconnect, device number 26
[  321.275250][ T9265] bridge0: port 3(vlan2) entered blocking state
[  321.283760][ T9265] bridge0: port 3(vlan2) entered disabled state
[  321.352895][ T9265] vlan2: entered allmulticast mode
[  321.362651][ T9265] bridge0: entered allmulticast mode
[  321.397212][ T9265] vlan2: left allmulticast mode
[  321.402132][ T9265] bridge0: left allmulticast mode
[  321.435962][ T9273] sch_fq: defrate 2147483647 ignored.
[  321.563101][   T30] audit: type=1800 audit(2000000164.940:602): pid=9281 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.966" name="bus" dev="overlay" ino=47 res=0 errno=0
[  321.609535][ T9283] netlink: 204 bytes leftover after parsing attributes in process `syz.5.967'.
[  324.057432][   T11] block nbd1: Possible stuck request ffff888026307000: control (read@0,4096B). Runtime 30 seconds
[  324.209607][ T9305] x_tables: duplicate underflow at hook 1
[  324.403288][ T5877] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  324.653252][ T5877] usb 3-1: Using ep0 maxpacket: 32
[  324.671036][ T5877] usb 3-1: config 0 has an invalid interface number: 219 but max is 0
[  324.692048][ T9317] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  324.694713][ T5877] usb 3-1: config 0 has no interface number 0
[  324.714618][ T5877] usb 3-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  324.763909][   T30] audit: type=1800 audit(2000000168.130:603): pid=9323 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.978" name="bus" dev="overlay" ino=71 res=0 errno=0
[  324.813921][ T5877] usb 3-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  324.830722][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.834886][ T9327] x_tables: ip6_tables: tcp match: only valid for protocol 6
[  324.839607][ T5877] usb 3-1: Product: syz
[  324.852405][ T5877] usb 3-1: Manufacturer: syz
[  324.857404][ T5877] usb 3-1: SerialNumber: syz
[  324.889223][ T5877] usb 3-1: config 0 descriptor??
[  325.098349][   T30] audit: type=1326 audit(2000000168.470:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.6.981" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f83f938e169 code=0x0
[  325.136146][ T5877] etas_es58x 3-1:0.219: Starting syz syz (Serial Number syz)
[  325.417223][   T10] usb 3-1: USB disconnect, device number 25
[  326.647075][    T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  327.233232][    T9] usb 7-1: Using ep0 maxpacket: 8
[  327.245444][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  327.258822][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  327.267800][ T9365] netlink: 8 bytes leftover after parsing attributes in process `syz.4.991'.
[  327.269402][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  327.288061][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  327.319114][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  327.346215][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.975439][    T9] usb 7-1: GET_CAPABILITIES returned 0
[  327.980963][    T9] usbtmc 7-1:16.0: can't read capabilities
[  328.264637][    T9] usb 7-1: USB disconnect, device number 2
[  329.714197][   T30] audit: type=1400 audit(2000000173.000:605): avc:  denied  { read write } for  pid=9375 comm="syz.2.994" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  329.816660][   T30] audit: type=1400 audit(2000000173.000:606): avc:  denied  { open } for  pid=9375 comm="syz.2.994" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  330.498490][ T9397] x_tables: duplicate underflow at hook 1
[  330.512558][ T9397] bridge0: port 3(gretap0) entered blocking state
[  330.519409][ T9397] bridge0: port 3(gretap0) entered disabled state
[  330.526575][ T9397] gretap0: entered allmulticast mode
[  330.539182][ T9397] gretap0: entered promiscuous mode
[  330.546063][ T9397] bridge0: port 3(gretap0) entered blocking state
[  330.552592][ T9397] bridge0: port 3(gretap0) entered forwarding state
[  330.623761][ T9397] gretap0: left allmulticast mode
[  330.628853][ T9397] gretap0: left promiscuous mode
[  330.634743][ T9397] bridge0: port 3(gretap0) entered disabled state
[  331.203487][    T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  331.694427][    T9] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  331.713002][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.781540][   T30] audit: type=1800 audit(2000000175.150:607): pid=9421 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.1007" name="bus" dev="overlay" ino=110 res=0 errno=0
[  332.548502][    T9] usb 5-1: config 0 descriptor??
[  332.557317][    T9] gspca_main: cpia1-2.14.0 probing 0813:0001
[  332.683074][ T5881] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  332.903531][ T9429] x_tables: duplicate underflow at hook 1
[  332.912364][ T9429] bridge0: port 3(gretap0) entered blocking state
[  332.919212][ T9429] bridge0: port 3(gretap0) entered disabled state
[  332.926392][ T9429] gretap0: entered allmulticast mode
[  332.936758][ T9429] gretap0: entered promiscuous mode
[  332.943281][ T9429] bridge0: port 3(gretap0) entered blocking state
[  332.949765][ T9429] bridge0: port 3(gretap0) entered forwarding state
[  332.968088][ T9429] gretap0: left allmulticast mode
[  332.973202][ T9429] gretap0: left promiscuous mode
[  332.978690][ T9429] bridge0: port 3(gretap0) entered disabled state
[  333.110300][   T30] audit: type=1800 audit(2000000176.450:608): pid=9405 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1002" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  333.268719][    T9] cpia1 5-1:0.0: unexpected state after lo power cmd: 00
[  333.284926][ T5881] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  333.310216][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.325072][ T5881] usb 3-1: config 0 descriptor??
[  333.336408][ T5881] gspca_main: cpia1-2.14.0 probing 0813:0001
[  333.654469][    T9] gspca_cpia1: usb_control_msg 02, error -71
[  333.673764][    T9] gspca_cpia1: usb_control_msg 05, error -71
[  333.680082][   T30] audit: type=1400 audit(2000000177.050:609): avc:  denied  { read } for  pid=9440 comm="syz.3.1013" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  333.815796][ T9444] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1012'.
[  333.844864][   T30] audit: type=1400 audit(2000000177.080:610): avc:  denied  { open } for  pid=9440 comm="syz.3.1013" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  333.868414][    C1] vkms_vblank_simulate: vblank timer overrun
[  334.018433][   T30] audit: type=1400 audit(2000000177.080:611): avc:  denied  { ioctl } for  pid=9440 comm="syz.3.1013" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  334.147478][ T5881] cpia1 3-1:0.0: unexpected state after lo power cmd: 00
[  334.612345][   T30] audit: type=1400 audit(2000000177.960:612): avc:  denied  { ioctl } for  pid=9448 comm="syz.3.1014" path="socket:[27036]" dev="sockfs" ino=27036 ioctlcmd=0x9422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  334.616208][    T9] cpia1 5-1:0.0: unexpected systemstate: 00
[  334.671496][ T9450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.717529][   T30] audit: type=1400 audit(2000000177.960:613): avc:  denied  { ioctl } for  pid=9448 comm="syz.3.1014" path="socket:[27036]" dev="sockfs" ino=27036 ioctlcmd=0x9422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  334.746918][    T9] usb 5-1: USB disconnect, device number 27
[  334.754924][ T9450] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  334.953427][ T5881] gspca_cpia1: usb_control_msg 02, error -71
[  334.961738][ T5881] gspca_cpia1: usb_control_msg 05, error -71
[  334.970909][ T5881] cpia1 3-1:0.0: unexpected systemstate: 00
[  334.983573][ T5877] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  335.478802][ T5881] usb 3-1: USB disconnect, device number 26
[  335.926189][ T9467] netlink: 288 bytes leftover after parsing attributes in process `syz.3.1018'.
[  336.110181][ T9477] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1021'.
[  336.454736][   T30] audit: type=1400 audit(2000000179.810:614): avc:  denied  { bind } for  pid=9480 comm="syz.3.1023" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  336.474684][ T5881] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  336.745213][ T5881] usb 5-1: Using ep0 maxpacket: 32
[  336.932426][ T9489] overlayfs: failed to resolve './file0': -2
[  336.955652][   T30] audit: type=1400 audit(2000000180.330:615): avc:  denied  { shutdown } for  pid=9483 comm="syz.2.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  336.994804][ T5877] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[  337.149458][ T5881] usb 5-1: config 0 interface 0 has no altsetting 0
[  337.171040][ T5881] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  337.300611][ T5877] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  337.311742][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.312105][ T5877] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  337.322976][ T5881] usb 5-1: Product: syz
[  337.380398][ T5877] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  337.392025][ T5877] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  337.405841][ T5877] usb 4-1: config 1 interface 1 has no altsetting 0
[  337.423567][ T9493] misc userio: Invalid payload size
[  337.602843][ T5881] usb 5-1: Manufacturer: syz
[  337.607688][ T5881] usb 5-1: SerialNumber: syz
[  337.613062][ T5877] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  337.622673][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.635874][ T5881] usb 5-1: config 0 descriptor??
[  337.642068][ T5877] usb 4-1: Product: syz
[  337.648434][ T5877] usb 4-1: Manufacturer: syz
[  337.672365][ T5877] usb 4-1: SerialNumber: syz
[  337.843891][ T9498] autofs: Unknown parameter 'fd'
[  337.943765][ T9481] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  337.969647][ T5877] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing
[  338.014963][ T5877] cdc_ncm 4-1:1.0: bind() failure
[  338.124357][ T5881] gs_usb 5-1:0.0: Couldn't send data format (err=-71)
[  338.141399][ T5881] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71
[  338.193423][ T5881] usb 5-1: USB disconnect, device number 28
[  338.237672][ T5877] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71
[  338.253855][   T30] audit: type=1400 audit(2000000181.630:616): avc:  denied  { map } for  pid=9502 comm="syz.2.1030" path="/dev/bsg" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  338.312301][ T5877] usb 4-1: USB disconnect, device number 38
[  339.360540][   T30] audit: type=1400 audit(2000000182.730:617): avc:  denied  { read } for  pid=9511 comm="syz.3.1033" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  339.833812][ T5877] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  340.693021][ T5877] usb 4-1: Using ep0 maxpacket: 16
[  340.733319][ T5877] usb 4-1: config 8 has an invalid interface number: 138 but max is 0
[  340.752634][ T5877] usb 4-1: config 8 has no interface number 0
[  340.764403][ T5877] usb 4-1: config 8 interface 138 altsetting 1 bulk endpoint 0xC has invalid maxpacket 64
[  340.796384][ T5877] usb 4-1: config 8 interface 138 has no altsetting 0
[  340.798902][ T9525] overlayfs: failed to resolve './file0': -2
[  340.815524][ T5877] usb 4-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=3f.8c
[  340.836795][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.873337][ T5877] usb 4-1: Product: syz
[  340.886213][ T5877] usb 4-1: Manufacturer: syz
[  340.911175][ T5877] usb 4-1: SerialNumber: syz
[  340.936592][ T9512] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  340.946476][ T9532] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1039'.
[  340.995212][ T9534] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  341.189977][ T5921] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  341.324948][ T5881] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  341.415083][ T9540] =======================================================
[  341.415083][ T9540] WARNING: The mand mount option has been deprecated and
[  341.415083][ T9540]          and is ignored by this kernel. Remove the mand
[  341.415083][ T9540]          option from the mount to silence this warning.
[  341.415083][ T9540] =======================================================
[  341.455508][ T9540] bio_check_eod: 2 callbacks suppressed
[  341.455521][ T9540] syz.3.1033: attempt to access beyond end of device
[  341.455521][ T9540] loop3: rw=0, sector=64, nr_sectors = 1 limit=0
[  341.460035][ T5921] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  341.469495][ T9540] syz.3.1033: attempt to access beyond end of device
[  341.469495][ T9540] loop3: rw=0, sector=256, nr_sectors = 1 limit=0
[  341.519683][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.530490][ T5921] usb 5-1: config 0 descriptor??
[  341.548478][ T5921] gspca_main: cpia1-2.14.0 probing 0813:0001
[  341.566168][ T9540] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  341.580054][ T9540] syz.3.1033: attempt to access beyond end of device
[  341.580054][ T9540] loop3: rw=0, sector=512, nr_sectors = 1 limit=0
[  341.593847][ T5881] usb 3-1: Using ep0 maxpacket: 16
[  341.603364][ T9540] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  341.618596][ T9540] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  341.626997][ T5881] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  341.646828][ T9540] UDF-fs: Scanning with blocksize 512 failed
[  341.683886][ T5881] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  341.704008][ T9540] syz.3.1033: attempt to access beyond end of device
[  341.704008][ T9540] loop3: rw=0, sector=64, nr_sectors = 2 limit=0
[  341.729515][ T5881] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22
[  341.746076][ T9540] syz.3.1033: attempt to access beyond end of device
[  341.746076][ T9540] loop3: rw=0, sector=512, nr_sectors = 2 limit=0
[  341.769885][ T5881] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  341.780050][ T9540] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  341.820236][ T9540] syz.3.1033: attempt to access beyond end of device
[  341.820236][ T9540] loop3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  341.956528][ T9540] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  342.147020][ T9540] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  342.229361][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  342.237767][ T5881] usb 3-1: SerialNumber: syz
[  342.239543][ T9540] UDF-fs: Scanning with blocksize 1024 failed
[  342.242753][ T5921] cpia1 5-1:0.0: unexpected state after lo power cmd: 00
[  342.260188][ T5881] cdc_acm 3-1:1.0: skipping garbage
[  342.269603][ T9540] syz.3.1033: attempt to access beyond end of device
[  342.269603][ T9540] loop3: rw=0, sector=64, nr_sectors = 4 limit=0
[  342.293244][ T9540] syz.3.1033: attempt to access beyond end of device
[  342.293244][ T9540] loop3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  342.306877][ T9540] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  342.316694][ T9540] syz.3.1033: attempt to access beyond end of device
[  342.316694][ T9540] loop3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  342.330320][ T9540] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  342.340018][ T9540] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  342.348044][ T9540] UDF-fs: Scanning with blocksize 2048 failed
[  342.355704][ T9540] syz.3.1033: attempt to access beyond end of device
[  342.355704][ T9540] loop3: rw=0, sector=64, nr_sectors = 8 limit=0
[  342.372159][ T9540] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  342.386154][ T9540] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  342.397237][ T9540] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  342.405679][ T9540] UDF-fs: Scanning with blocksize 4096 failed
[  342.411966][ T9540] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[  342.474188][ T5877] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  342.524079][ T9534] tc_dump_action: action bad kind
[  342.535626][ T5877] snd-usb-audio 4-1:8.138: probe with driver snd-usb-audio failed with error -2
[  342.546868][ T9534] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1041'.
[  342.570401][ T9551] vlan2: entered promiscuous mode
[  342.584462][ T9551] bridge0: entered promiscuous mode
[  342.593828][ T9551] vlan2: entered allmulticast mode
[  342.599013][ T9551] bridge0: entered allmulticast mode
[  342.625176][ T5881] usb 3-1: USB disconnect, device number 27
[  342.639435][ T9533] delete_channel: no stack
[  342.670717][ T5921] gspca_cpia1: usb_control_msg 02, error -71
[  342.681074][ T5877] usb 4-1: USB disconnect, device number 39
[  342.682367][ T5921] gspca_cpia1: usb_control_msg 05, error -71
[  342.704327][ T5921] cpia1 5-1:0.0: unexpected systemstate: 00
[  342.772635][ T5921] usb 5-1: USB disconnect, device number 29
[  342.854543][ T5938] udevd[5938]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.138/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  343.238286][   T30] audit: type=1400 audit(2000000186.610:618): avc:  denied  { listen } for  pid=9556 comm="syz.3.1048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  343.295548][   T30] audit: type=1400 audit(2000000186.670:619): avc:  denied  { write } for  pid=9556 comm="syz.3.1048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  343.532995][   T30] audit: type=1400 audit(2000000186.880:620): avc:  denied  { execute } for  pid=9561 comm="syz.5.1051" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  347.106295][ T9598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1060'.
[  347.153256][ T9598] geneve2: entered promiscuous mode
[  348.122751][   T30] audit: type=1400 audit(2000000191.490:621): avc:  denied  { bind } for  pid=9613 comm="syz.2.1065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  348.497719][ T9624] netlink: 'syz.3.1067': attribute type 1 has an invalid length.
[  348.508981][ T9622] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.551086][ T9624] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1067'.
[  349.052448][ T9622] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.699274][ T9640] netlink: 'syz.6.1068': attribute type 10 has an invalid length.
[  349.756191][ T9641] FAULT_INJECTION: forcing a failure.
[  349.756191][ T9641] name failslab, interval 1, probability 0, space 0, times 0
[  349.768920][ T9641] CPU: 0 UID: 0 PID: 9641 Comm: syz.4.1072 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  349.768943][ T9641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  349.768950][ T9641] Call Trace:
[  349.768953][ T9641]  <TASK>
[  349.768957][ T9641]  dump_stack_lvl+0x16c/0x1f0
[  349.768976][ T9641]  should_fail_ex+0x512/0x640
[  349.768987][ T9641]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  349.769005][ T9641]  should_failslab+0xc2/0x120
[  349.769017][ T9641]  __kmalloc_cache_noprof+0x6a/0x3e0
[  349.769032][ T9641]  ? v4l2_open+0x1c8/0x490
[  349.769047][ T9641]  ? subdev_open+0x7f/0x560
[  349.769060][ T9641]  subdev_open+0x7f/0x560
[  349.769073][ T9641]  v4l2_open+0x222/0x490
[  349.769087][ T9641]  ? __pfx_v4l2_open+0x10/0x10
[  349.769102][ T9641]  chrdev_open+0x231/0x6a0
[  349.769113][ T9641]  ? __pfx_chrdev_open+0x10/0x10
[  349.769129][ T9641]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  349.769148][ T9641]  do_dentry_open+0x741/0x1c10
[  349.769158][ T9641]  ? __pfx_chrdev_open+0x10/0x10
[  349.769171][ T9641]  vfs_open+0x82/0x3f0
[  349.769185][ T9641]  path_openat+0x1e5e/0x2d40
[  349.769200][ T9641]  ? __pfx_path_openat+0x10/0x10
[  349.769213][ T9641]  do_filp_open+0x20b/0x470
[  349.769223][ T9641]  ? __pfx_do_filp_open+0x10/0x10
[  349.769242][ T9641]  ? alloc_fd+0x471/0x7d0
[  349.769256][ T9641]  do_sys_openat2+0x11b/0x1d0
[  349.769268][ T9641]  ? __pfx_do_sys_openat2+0x10/0x10
[  349.769282][ T9641]  ? __fget_files+0x20e/0x3c0
[  349.769293][ T9641]  __x64_sys_openat+0x174/0x210
[  349.769306][ T9641]  ? __pfx___x64_sys_openat+0x10/0x10
[  349.769318][ T9641]  ? ksys_write+0x1b9/0x240
[  349.769332][ T9641]  do_syscall_64+0xcd/0x260
[  349.769347][ T9641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.769358][ T9641] RIP: 0033:0x7f3ef678cad0
[  349.769372][ T9641] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  349.769382][ T9641] RSP: 002b:00007f3ef75a0b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  349.769392][ T9641] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3ef678cad0
[  349.769398][ T9641] RDX: 0000000000000000 RSI: 00007f3ef75a0c10 RDI: 00000000ffffff9c
[  349.769405][ T9641] RBP: 00007f3ef75a0c10 R08: 0000000000000000 R09: 0000000000000000
[  349.769411][ T9641] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  349.769417][ T9641] R13: 0000000000000000 R14: 00007f3ef69b6080 R15: 00007ffdd3f0af58
[  349.769429][ T9641]  </TASK>
[  350.283834][ T9640] team0: Port device dummy0 added
[  350.351305][ T9622] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.619950][ T9656] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1075'.
[  350.629032][ T9656] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1075'.
[  351.402979][ T5918] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  351.541508][ T9622] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.621852][ T5918] usb 6-1: Using ep0 maxpacket: 32
[  351.636374][ T5918] usb 6-1: config 0 has an invalid interface number: 118 but max is 0
[  351.649743][ T5918] usb 6-1: config 0 has no interface number 0
[  351.658621][ T5918] usb 6-1: New USB device found, idVendor=04fc, idProduct=0201, bcdDevice=1e.11
[  351.676982][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.685401][ T5918] usb 6-1: Product: syz
[  351.703467][ T5918] usb 6-1: Manufacturer: syz
[  351.718313][ T5918] usb 6-1: SerialNumber: syz
[  351.738792][ T5918] usb 6-1: config 0 descriptor??
[  351.762626][ T9622] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  351.774300][ T5918] spcp8x5 6-1:0.118: required endpoints missing
[  351.920361][ T9622] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  351.949923][ T9622] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  352.044534][ T9667] FAT-fs (nullb0): bogus number of reserved sectors
[  352.051197][ T9667] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  352.105329][ T9667] hfsplus: unable to find HFS+ superblock
[  352.153210][ T5881] usb 6-1: USB disconnect, device number 7
[  352.440094][ T9622] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  352.495292][ T9669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1081'.
[  352.865101][ T9676] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1085'.
[  353.954127][ T5918] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  354.189730][ T9695] loop2: detected capacity change from 0 to 7
[  354.194373][ T5918] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  354.200239][ T9695]  loop2: [POWERTEC] p1
[  354.209358][ T9695] loop2: p1 start 1869770799 is beyond EOD, truncated
[  354.225817][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.249064][   T30] audit: type=1400 audit(2000000197.620:622): avc:  denied  { setopt } for  pid=9698 comm="syz.4.1093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  354.265760][ T9701] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1094'.
[  354.271443][ T5918] usb 4-1: config 0 descriptor??
[  354.308838][ T5918] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  354.488963][ T9707] FAULT_INJECTION: forcing a failure.
[  354.488963][ T9707] name failslab, interval 1, probability 0, space 0, times 0
[  354.500202][ T9709] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1097'.
[  354.510881][ T9707] CPU: 0 UID: 0 PID: 9707 Comm: syz.6.1095 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  354.510902][ T9707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  354.510911][ T9707] Call Trace:
[  354.510917][ T9707]  <TASK>
[  354.510922][ T9707]  dump_stack_lvl+0x16c/0x1f0
[  354.510949][ T9707]  should_fail_ex+0x512/0x640
[  354.510964][ T9707]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  354.510992][ T9707]  should_failslab+0xc2/0x120
[  354.511009][ T9707]  __kmalloc_cache_noprof+0x6a/0x3e0
[  354.511031][ T9707]  ? __v4l2_subdev_state_alloc+0x53/0x400
[  354.511055][ T9707]  __v4l2_subdev_state_alloc+0x53/0x400
[  354.511076][ T9707]  subdev_open+0xa6/0x560
[  354.511096][ T9707]  v4l2_open+0x222/0x490
[  354.511118][ T9707]  ? __pfx_v4l2_open+0x10/0x10
[  354.511138][ T9707]  chrdev_open+0x231/0x6a0
[  354.511156][ T9707]  ? __pfx_chrdev_open+0x10/0x10
[  354.511174][ T9707]  ? __pfx_chrdev_open+0x10/0x10
[  354.511195][ T9707]  do_dentry_open+0x741/0x1c10
[  354.511211][ T9707]  ? __pfx_chrdev_open+0x10/0x10
[  354.511231][ T9707]  vfs_open+0x82/0x3f0
[  354.511253][ T9707]  path_openat+0x1e5e/0x2d40
[  354.511277][ T9707]  ? __pfx_path_openat+0x10/0x10
[  354.511301][ T9707]  do_filp_open+0x20b/0x470
[  354.511317][ T9707]  ? __pfx_do_filp_open+0x10/0x10
[  354.511350][ T9707]  ? alloc_fd+0x471/0x7d0
[  354.511379][ T9707]  do_sys_openat2+0x11b/0x1d0
[  354.511400][ T9707]  ? __pfx_do_sys_openat2+0x10/0x10
[  354.511421][ T9707]  ? kvm_sched_clock_read+0x11/0x20
[  354.511441][ T9707]  ? sched_clock+0x38/0x60
[  354.511461][ T9707]  __x64_sys_openat+0x174/0x210
[  354.511482][ T9707]  ? __pfx___x64_sys_openat+0x10/0x10
[  354.511504][ T9707]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[  354.511534][ T9707]  do_syscall_64+0xcd/0x260
[  354.511557][ T9707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.511574][ T9707] RIP: 0033:0x7f83f938cad0
[  354.511589][ T9707] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  354.511604][ T9707] RSP: 002b:00007f83fa179b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  354.511621][ T9707] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f83f938cad0
[  354.511632][ T9707] RDX: 0000000000000000 RSI: 00007f83fa179c10 RDI: 00000000ffffff9c
[  354.511642][ T9707] RBP: 00007f83fa179c10 R08: 0000000000000000 R09: 0000000000000000
[  354.511652][ T9707] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  354.511661][ T9707] R13: 0000000000000000 R14: 00007f83f95b6080 R15: 00007ffc69767548
[  354.511682][ T9707]  </TASK>
[  354.961320][   T11] block nbd1: Possible stuck request ffff888026307000: control (read@0,4096B). Runtime 60 seconds
[  355.140073][ T9714] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1098'.
[  355.399134][ T9724] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1099'.
[  355.408281][ T9724] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1099'.
[  355.852593][ T9725] FAT-fs (nullb0): bogus number of reserved sectors
[  355.859360][ T9725] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  356.070068][ T9726] hfsplus: unable to find HFS+ superblock
[  357.296592][ T9742] overlayfs: failed to resolve './file0': -2
[  357.500654][ T5918] usb 4-1: USB disconnect, device number 40
[  357.560248][ T9753] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1108'.
[  358.925208][ T9775] FAT-fs (nullb0): bogus number of reserved sectors
[  358.931873][ T9775] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  359.069392][ T9775] hfsplus: unable to find HFS+ superblock
[  359.873012][ T5877] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  360.537954][ T9779] overlayfs: failed to resolve './file0': -2
[  360.615893][   T30] audit: type=1400 audit(2000000203.990:623): avc:  denied  { append } for  pid=9783 comm="syz.2.1119" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  360.679571][ T5877] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  360.688823][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.700642][ T5877] usb 4-1: Product: syz
[  360.704880][ T5877] usb 4-1: Manufacturer: syz
[  360.709479][ T5877] usb 4-1: SerialNumber: syz
[  360.717900][ T5877] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  360.737518][ T5917] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  360.753338][   T24] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  360.773234][ T5918] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  360.915135][   T24] usb 6-1: config 0 has an invalid interface number: 98 but max is 0
[  360.923966][   T24] usb 6-1: config 0 has no interface number 0
[  360.930091][   T24] usb 6-1: config 0 interface 98 has no altsetting 0
[  360.941975][ T5918] usb 7-1: Using ep0 maxpacket: 16
[  360.951626][ T5918] usb 7-1: config 0 interface 0 has no altsetting 0
[  360.959100][   T24] usb 6-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[  360.968469][ T5918] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  360.977624][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.985722][ T5918] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.993772][   T24] usb 6-1: Product: syz
[  360.997950][   T24] usb 6-1: Manufacturer: syz
[  361.004828][   T24] usb 6-1: SerialNumber: syz
[  361.004922][ T5918] usb 7-1: config 0 descriptor??
[  361.018849][   T24] usb 6-1: config 0 descriptor??
[  361.210084][   T30] audit: type=1400 audit(2000000204.580:624): avc:  denied  { map } for  pid=9763 comm="syz.3.1113" path="socket:[29940]" dev="sockfs" ino=29940 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  361.233719][    C1] vkms_vblank_simulate: vblank timer overrun
[  361.251368][   T24] usb 6-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[  361.306559][ T5918] usbhid 7-1:0.0: can't add hid device: -71
[  361.312618][ T5918] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  361.350574][ T5918] usb 7-1: USB disconnect, device number 3
[  361.454412][   T80] usb 4-1: USB disconnect, device number 41
[  361.559703][ T9798] netlink: 'syz.6.1122': attribute type 5 has an invalid length.
[  361.910183][   T24] usb 6-1: reset high-speed USB device number 8 using dummy_hcd
[  362.052582][ T9803] netlink: 'syz.4.1124': attribute type 1 has an invalid length.
[  362.060708][ T5917] usb 4-1: Service connection timeout for: 256
[  362.161704][ T5917] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[  362.286103][ T9803] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1124'.
[  362.315981][ T5917] ath9k_htc: Failed to initialize the device
[  362.344645][   T80] usb 4-1: ath9k_htc: USB layer deinitialized
[  362.720223][   T24] usb 6-1: [ueagle-atm] pre-firmware device, uploading firmware
[  362.772373][   T24] usb 6-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[  362.984107][ T9815] overlayfs: failed to resolve './file0': -2
[  362.995875][   T24] usb 6-1: USB disconnect, device number 8
[  363.379778][ T9821] FAT-fs (nullb0): bogus number of reserved sectors
[  363.386481][ T9821] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  364.125281][ T9821] hfsplus: unable to find HFS+ superblock
[  364.498462][ T9826] overlayfs: missing 'lowerdir'
[  364.574361][ T9828] bridge0: port 3(vlan3) entered blocking state
[  364.588295][ T9828] bridge0: port 3(vlan3) entered disabled state
[  364.740418][ T9828] vlan3: entered allmulticast mode
[  364.786156][ T9828] vlan3: left allmulticast mode
[  365.591405][   T30] audit: type=1400 audit(2000000208.960:625): avc:  denied  { setopt } for  pid=9841 comm="syz.4.1136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  365.922672][ T9856] FAULT_INJECTION: forcing a failure.
[  365.922672][ T9856] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  365.987977][ T9856] CPU: 1 UID: 0 PID: 9856 Comm: syz.3.1141 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  365.988003][ T9856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  365.988013][ T9856] Call Trace:
[  365.988018][ T9856]  <TASK>
[  365.988025][ T9856]  dump_stack_lvl+0x16c/0x1f0
[  365.988052][ T9856]  should_fail_ex+0x512/0x640
[  365.988073][ T9856]  _copy_from_user+0x2e/0xd0
[  365.988093][ T9856]  copy_msghdr_from_user+0x98/0x160
[  365.988113][ T9856]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  365.988142][ T9856]  ___sys_sendmsg+0xfe/0x1d0
[  365.988163][ T9856]  ? __pfx____sys_sendmsg+0x10/0x10
[  365.988199][ T9856]  __sys_sendmsg+0x16d/0x220
[  365.988212][ T9856]  ? __pfx___sys_sendmsg+0x10/0x10
[  365.988228][ T9856]  ? rcu_is_watching+0x12/0xc0
[  365.988245][ T9856]  do_syscall_64+0xcd/0x260
[  365.988260][ T9856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.988271][ T9856] RIP: 0033:0x7f711f58e169
[  365.988280][ T9856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.988290][ T9856] RSP: 002b:00007f712033f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  365.988300][ T9856] RAX: ffffffffffffffda RBX: 00007f711f7b5fa0 RCX: 00007f711f58e169
[  365.988307][ T9856] RDX: 000000000400c844 RSI: 0000200000000c40 RDI: 0000000000000004
[  365.988313][ T9856] RBP: 00007f712033f090 R08: 0000000000000000 R09: 0000000000000000
[  365.988319][ T9856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.988324][ T9856] R13: 0000000000000000 R14: 00007f711f7b5fa0 R15: 00007ffe41570328
[  365.988337][ T9856]  </TASK>
[  366.150989][    C1] vkms_vblank_simulate: vblank timer overrun
[  366.513537][ T9868] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1145'.
[  366.615535][   T24] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  367.183070][   T24] usb 3-1: Using ep0 maxpacket: 32
[  367.185715][   T24] usb 3-1: config 0 has an invalid interface number: 219 but max is 0
[  367.185739][   T24] usb 3-1: config 0 has no interface number 0
[  367.185777][   T24] usb 3-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  367.188387][   T24] usb 3-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  367.188410][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.188428][   T24] usb 3-1: Product: syz
[  367.188440][   T24] usb 3-1: Manufacturer: syz
[  367.188455][   T24] usb 3-1: SerialNumber: syz
[  367.191573][   T24] usb 3-1: config 0 descriptor??
[  367.396940][   T24] etas_es58x 3-1:0.219: Starting syz syz (Serial Number syz)
[  367.539123][ T9879] 9pnet_fd: Insufficient options for proto=fd
[  367.548729][   T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  367.654121][    T9] usb 3-1: USB disconnect, device number 28
[  367.679718][ T9883] 9pnet_fd: Insufficient options for proto=fd
[  367.695187][   T10] usb 6-1: Using ep0 maxpacket: 32
[  367.696638][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  367.697384][   T10] usb 6-1: config 1 interface 0 altsetting 53 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  367.697402][   T10] usb 6-1: config 1 interface 0 has no altsetting 0
[  367.698863][   T10] usb 6-1: New USB device found, idVendor=0461, idProduct=4e05, bcdDevice= 0.60
[  367.698878][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.698893][   T10] usb 6-1: Product: syz
[  367.698901][   T10] usb 6-1: Manufacturer: syz
[  367.698909][   T10] usb 6-1: SerialNumber: syz
[  367.807308][ T9889] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1152'.
[  367.906427][   T10] usbhid 6-1:1.0: can't add hid device: -22
[  367.906489][   T10] usbhid 6-1:1.0: probe with driver usbhid failed with error -22
[  367.907841][   T10] usb 6-1: USB disconnect, device number 9
[  367.964175][ T5881] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  367.965596][ T5922] usb 6-1: [UEAGLE-ATM] firmware is not available
[  367.965920][ T5917] usb 6-1: [UEAGLE-ATM] firmware is not available
[  368.114472][ T5881] usb 4-1: config 0 has an invalid interface number: 98 but max is 0
[  368.114494][ T5881] usb 4-1: config 0 has no interface number 0
[  368.114509][ T5881] usb 4-1: config 0 interface 98 has no altsetting 0
[  368.214729][ T5881] usb 4-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[  368.214757][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.214775][ T5881] usb 4-1: Product: syz
[  368.214786][ T5881] usb 4-1: Manufacturer: syz
[  368.214799][ T5881] usb 4-1: SerialNumber: syz
[  368.234374][ T5881] usb 4-1: config 0 descriptor??
[  368.432518][ T9901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65445 sclass=netlink_route_socket pid=9901 comm=syz.6.1154
[  368.728242][ T5881] usb 4-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[  368.867810][ T9906] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1157'.
[  369.494632][ T9911] FAULT_INJECTION: forcing a failure.
[  369.494632][ T9911] name failslab, interval 1, probability 0, space 0, times 0
[  369.494660][ T9911] CPU: 1 UID: 0 PID: 9911 Comm: syz.5.1158 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  369.494681][ T9911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  369.494690][ T9911] Call Trace:
[  369.494696][ T9911]  <TASK>
[  369.494702][ T9911]  dump_stack_lvl+0x16c/0x1f0
[  369.494733][ T9911]  should_fail_ex+0x512/0x640
[  369.494750][ T9911]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  369.494770][ T9911]  should_failslab+0xc2/0x120
[  369.494790][ T9911]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  369.494806][ T9911]  ? __alloc_skb+0x2b2/0x380
[  369.494828][ T9911]  __alloc_skb+0x2b2/0x380
[  369.494845][ T9911]  ? __pfx___alloc_skb+0x10/0x10
[  369.494866][ T9911]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  369.494893][ T9911]  netlink_alloc_large_skb+0x69/0x130
[  369.494915][ T9911]  netlink_sendmsg+0x6a1/0xdd0
[  369.494942][ T9911]  ? __pfx_netlink_sendmsg+0x10/0x10
[  369.494973][ T9911]  ____sys_sendmsg+0xa95/0xc70
[  369.494998][ T9911]  ? copy_msghdr_from_user+0x10a/0x160
[  369.495017][ T9911]  ? __pfx_____sys_sendmsg+0x10/0x10
[  369.495053][ T9911]  ___sys_sendmsg+0x134/0x1d0
[  369.495072][ T9911]  ? __pfx____sys_sendmsg+0x10/0x10
[  369.495121][ T9911]  __sys_sendmsg+0x16d/0x220
[  369.495141][ T9911]  ? __pfx___sys_sendmsg+0x10/0x10
[  369.495174][ T9911]  ? rcu_is_watching+0x12/0xc0
[  369.495203][ T9911]  do_syscall_64+0xcd/0x260
[  369.495227][ T9911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.495243][ T9911] RIP: 0033:0x7fe6e978e169
[  369.495256][ T9911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.495271][ T9911] RSP: 002b:00007fe6ea628038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  369.495287][ T9911] RAX: ffffffffffffffda RBX: 00007fe6e99b5fa0 RCX: 00007fe6e978e169
[  369.495297][ T9911] RDX: 000000000400c844 RSI: 0000200000000c40 RDI: 0000000000000004
[  369.495307][ T9911] RBP: 00007fe6ea628090 R08: 0000000000000000 R09: 0000000000000000
[  369.495317][ T9911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.495326][ T9911] R13: 0000000000000000 R14: 00007fe6e99b5fa0 R15: 00007ffd4ff9d218
[  369.495347][ T9911]  </TASK>
[  369.782992][   T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  370.613394][ T5881] usb 4-1: reset high-speed USB device number 42 using dummy_hcd
[  370.703802][   T10] usb 7-1: Using ep0 maxpacket: 32
[  370.723228][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.735231][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.753081][ T5881] usb 4-1: device descriptor read/64, error -71
[  370.856603][ T9926] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1162'.
[  371.604864][   T10] usb 7-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  371.621598][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.640938][   T10] usb 7-1: config 0 descriptor??
[  371.815386][ T9931] autofs: Unknown parameter 'fd'
[  372.047353][ T9913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  372.068881][ T9913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  372.143953][ T9913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  372.167445][ T9913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  372.265726][ T9937] overlay: ./file0 is not a directory
[  372.533064][   T24] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  372.888746][ T9913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.030883][ T5881] usb 4-1: [ueagle-atm] pre-firmware device, uploading firmware
[  373.041072][ T5881] usb 4-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[  373.049949][    T9] usb 4-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[  373.059838][    T9] usb 4-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[  373.070921][ T5881] usb 4-1: USB disconnect, device number 42
[  373.116210][ T9913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.134786][   T24] usb 6-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  373.142245][ T9913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.170649][ T9913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.173793][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.216049][   T10] greenasia 0003:0E8F:0012.0011: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.6-1/input0
[  373.263769][   T24] usb 6-1: config 0 descriptor??
[  373.289984][   T10] greenasia 0003:0E8F:0012.0011: no inputs found
[  373.291226][   T24] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  373.490629][   T24] gp8psk: usb in 128 operation failed.
[  373.857157][   T24] gp8psk: FW Version = 48.28.159 (0x301c9f)  Build 2206/163/118
[  374.143068][ T5918] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  374.363840][ T5918] usb 3-1: Using ep0 maxpacket: 32
[  374.371002][ T5918] usb 3-1: config 0 has an invalid interface number: 219 but max is 0
[  374.385573][ T5918] usb 3-1: config 0 has no interface number 0
[  374.401092][ T5918] usb 3-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  374.422330][ T5918] usb 3-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  374.437700][ T9963] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  374.449387][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.472350][ T5918] usb 3-1: Product: syz
[  374.484468][ T5918] usb 3-1: Manufacturer: syz
[  374.489442][ T5918] usb 3-1: SerialNumber: syz
[  374.589171][ T5918] usb 3-1: config 0 descriptor??
[  374.718568][ T9967] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1177'.
[  374.941548][ T5918] etas_es58x 3-1:0.219: Starting syz syz (Serial Number syz)
[  375.540628][   T24] gp8psk: usb in 149 operation failed.
[  375.566576][   T24] gp8psk: failed to get FPGA version
[  375.588216][   T24] gp8psk: usb in 138 operation failed.
[  375.594075][   T24] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  375.604944][   T24] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  375.617379][ T5881] usb 3-1: USB disconnect, device number 29
[  375.634887][   T24] usb 6-1: USB disconnect, device number 10
[  375.968019][ T5881] usb 7-1: USB disconnect, device number 4
[  376.412177][ T9990] netlink: 'syz.6.1182': attribute type 26 has an invalid length.
[  376.477544][ T9990] bridge1: entered promiscuous mode
[  376.482825][ T9990] bridge1: entered allmulticast mode
[  377.003267][ T9994] overlayfs: missing 'lowerdir'
[  378.228060][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  378.234606][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  378.343005][   T24] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  378.369313][T10013] netlink: 'syz.3.1189': attribute type 1 has an invalid length.
[  378.448367][T10015] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1188'.
[  378.564933][T10016] x_tables: ip_tables: ah match: only valid for protocol 51
[  378.603684][   T24] usb 6-1: Using ep0 maxpacket: 32
[  378.698365][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  378.835142][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  378.870335][   T24] usb 6-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  378.898662][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.052504][   T24] usb 6-1: config 0 descriptor??
[  379.596600][T10026] 9pnet_fd: Insufficient options for proto=fd
[  380.249643][T10032] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1195'.
[  380.276777][   T24] usb 6-1: can't set config #0, error -71
[  380.291688][T10019] misc userio: Invalid payload size
[  380.302831][   T24] usb 6-1: USB disconnect, device number 11
[  380.628633][   T30] audit: type=1400 audit(2000000224.000:626): avc:  denied  { mount } for  pid=10030 comm="syz.4.1195" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  380.674540][T10038] loop2: detected capacity change from 0 to 7
[  380.681409][T10038]  loop2: [POWERTEC] p1
[  380.689731][T10038] loop2: p1 start 1869770799 is beyond EOD, truncated
[  381.359972][ T5922] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  381.587566][ T5922] usb 7-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  381.640439][ T5922] usb 7-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  381.883163][ T5922] usb 7-1: config 0 interface 0 has no altsetting 0
[  381.915172][ T5922] usb 7-1: New USB device found, idVendor=227d, idProduct=0a19, bcdDevice= 0.00
[  381.937153][ T5922] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.967839][ T5922] usb 7-1: config 0 descriptor??
[  381.987158][T10040] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  382.704279][T10058] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1196'.
[  382.766555][ T5922] hid-generic 0003:227D:0A19.0012: unknown main item tag 0x0
[  382.784727][ T5922] hid-generic 0003:227D:0A19.0012: unknown main item tag 0x0
[  382.793603][ T5922] hid-generic 0003:227D:0A19.0012: unknown main item tag 0x0
[  382.805516][ T5922] hid-generic 0003:227D:0A19.0012: hidraw0: USB HID v0.00 Device [HID 227d:0a19] on usb-dummy_hcd.6-1/input0
[  383.285713][T10063] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1205'.
[  383.468790][T10064] XFS (nullb0): Invalid superblock magic number
[  383.783274][ T5918] usb 7-1: USB disconnect, device number 5
[  383.814942][T10077] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1206'.
[  385.388353][T10076] block nbd1: Possible stuck request ffff888026307000: control (read@0,4096B). Runtime 90 seconds
[  385.993333][ T5918] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  386.717489][ T5918] usb 7-1: unable to get BOS descriptor or descriptor too short
[  386.741898][T10089] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1209'.
[  386.768417][ T5918] usb 7-1: unable to read config index 0 descriptor/start: -71
[  386.794867][ T5918] usb 7-1: can't read configurations, error -71
[  388.079397][   T30] audit: type=1400 audit(2000000231.450:627): avc:  denied  { map } for  pid=10106 comm="syz.5.1215" path="socket:[30990]" dev="sockfs" ino=30990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  388.123007][ T5918] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  388.223175][ T5922] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  388.263036][   T30] audit: type=1400 audit(2000000231.450:628): avc:  denied  { read } for  pid=10106 comm="syz.5.1215" path="socket:[30990]" dev="sockfs" ino=30990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  388.606136][ T5918] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  388.617407][ T5922] usb 3-1: Using ep0 maxpacket: 32
[  388.617626][ T5918] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.666641][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  388.678520][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.692468][ T5922] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  388.710304][ T5918] usb 7-1: config 0 descriptor??
[  388.720952][T10116] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1217'.
[  388.730596][ T5918] gspca_main: cpia1-2.14.0 probing 0813:0001
[  388.817302][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.836298][ T5922] usb 3-1: config 0 descriptor??
[  389.186559][T10125] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1220'.
[  389.218371][ T5918] cpia1 7-1:0.0: unexpected state after lo power cmd: 00
[  390.163464][ T5918] gspca_cpia1: usb_control_msg 02, error -71
[  390.173038][ T5918] gspca_cpia1: usb_control_msg 05, error -71
[  390.179045][ T5918] cpia1 7-1:0.0: unexpected systemstate: 00
[  390.254174][ T5918] usb 7-1: USB disconnect, device number 8
[  390.320610][ T5922] hkems 0003:2006:0118.0013: hidraw0: USB HID v0.03 Device [HID 2006:0118] on usb-dummy_hcd.2-1/input0
[  390.332649][ T5922] hkems 0003:2006:0118.0013: no inputs found
[  390.363065][ T5922] hkems 0003:2006:0118.0013: force feedback init failed
[  390.465606][ T5922] usb 3-1: USB disconnect, device number 30
[  390.525370][ T5844] Bluetooth: hci0: command 0x0406 tx timeout
[  390.692526][T10139] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1223'.
[  391.448056][   T30] audit: type=1400 audit(2000000234.820:629): avc:  denied  { write } for  pid=10142 comm="syz.3.1222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  391.960177][ T5877] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  392.153376][ T5877] usb 3-1: device descriptor read/64, error -71
[  392.253148][   T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  392.453020][ T5877] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  392.800460][   T10] usb 7-1: config 0 has an invalid interface number: 41 but max is 0
[  392.880436][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  393.016335][   T10] usb 7-1: config 0 has no interface number 0
[  393.103212][   T10] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  393.193608][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.261341][   T30] audit: type=1400 audit(2000000236.630:630): avc:  denied  { connect } for  pid=10163 comm="syz.3.1231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  393.261622][   T10] usb 7-1: Product: syz
[  393.299320][   T10] usb 7-1: Manufacturer: syz
[  393.319313][   T10] usb 7-1: SerialNumber: syz
[  393.326724][   T10] usb 7-1: config 0 descriptor??
[  393.349273][   T10] ims_pcu 7-1:0.41: Missing CDC union descriptor
[  393.356855][   T30] audit: type=1400 audit(2000000236.740:631): avc:  denied  { ioctl } for  pid=10168 comm="syz.4.1233" path="socket:[31064]" dev="sockfs" ino=31064 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  393.367000][   T10] ims_pcu 7-1:0.41: probe with driver ims_pcu failed with error -22
[  393.408054][ T5877] usb 3-1: device descriptor read/64, error -71
[  393.439821][T10171] loop2: detected capacity change from 0 to 7
[  393.450056][T10171]  loop2: [POWERTEC] p1
[  393.456068][T10171] loop2: p1 start 1869770799 is beyond EOD, truncated
[  393.537860][ T5877] usb usb3-port1: attempt power cycle
[  393.553803][ T5830] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  393.597697][ T5918] usb 7-1: USB disconnect, device number 9
[  393.719727][ T5830] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  393.729129][ T5830] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.750350][ T5830] usb 4-1: Product: syz
[  393.759967][ T5830] usb 4-1: Manufacturer: syz
[  393.770078][ T5830] usb 4-1: SerialNumber: syz
[  393.797543][ T5830] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  393.850305][ T5922] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  394.015752][ T5877] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  394.055713][ T5877] usb 3-1: device descriptor read/8, error -71
[  394.065956][T10164] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  394.106222][T10164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  394.115976][T10164] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  394.136592][ T5830] usb 4-1: USB disconnect, device number 43
[  394.258983][   T24] IPVS: starting estimator thread 0...
[  394.421793][ T5877] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  394.518780][T10193] IPVS: using max 41 ests per chain, 98400 per kthread
[  394.789549][ T5877] usb 3-1: device descriptor read/8, error -71
[  394.927416][ T5922] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  395.002413][ T5877] usb usb3-port1: unable to enumerate USB device
[  395.786314][T10201] lo speed is unknown, defaulting to 1000
[  395.794049][T10201] lo speed is unknown, defaulting to 1000
[  395.800933][T10201] lo speed is unknown, defaulting to 1000
[  395.881893][T10201] infiniband s
z1: set active
[  395.886996][T10201] infiniband s
z1: added lo
[  396.171041][ T5917] lo speed is unknown, defaulting to 1000
[  396.195552][ T5922] ath9k_htc: Failed to initialize the device
[  396.208753][T10201] RDS/IB: s
z1: added
[  396.216852][T10201] smc: adding ib device s
z1 with port count 1
[  396.226674][T10201] smc:    ib device s
z1 port 1 has pnetid 
[  396.237519][T10201] lo speed is unknown, defaulting to 1000
[  396.327260][T10201] lo speed is unknown, defaulting to 1000
[  396.408830][T10201] lo speed is unknown, defaulting to 1000
[  396.489429][T10201] lo speed is unknown, defaulting to 1000
[  396.569859][T10201] lo speed is unknown, defaulting to 1000
[  396.650253][T10201] lo speed is unknown, defaulting to 1000
[  396.820265][ T5917] lo speed is unknown, defaulting to 1000
[  396.843017][ T5830] usb 4-1: ath9k_htc: USB layer deinitialized
[  396.993350][T10208] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1244'.
[  400.159906][T10248] fuse: Bad value for 'user_id'
[  400.371306][T10248] fuse: Bad value for 'user_id'
[  402.282497][T10270] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1260'.
[  403.403011][ T5922] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  403.933429][ T5922] usb 3-1: device descriptor read/64, error -71
[  404.071568][ T5830] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  404.212985][ T5922] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  404.317659][ T5830] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  404.347425][ T5830] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.363006][ T5922] usb 3-1: device descriptor read/64, error -71
[  404.389997][ T5830] usb 5-1: Product: syz
[  404.406539][ T5830] usb 5-1: Manufacturer: syz
[  404.421332][ T5830] usb 5-1: SerialNumber: syz
[  404.443039][ T5830] usb 5-1: config 0 descriptor??
[  404.473403][ T5922] usb usb3-port1: attempt power cycle
[  404.485127][ T5830] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 030
[  404.590039][T10308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1273'.
[  404.602018][T10308] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1273'.
[  405.246031][ T5830]  (null): failure reading functionality
[  405.253566][ T5922] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  405.261270][ T5921] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  405.343903][ T5830] i2c i2c-1: failure reading functionality
[  405.357279][ T5922] usb 3-1: device descriptor read/8, error -71
[  405.367097][ T5830] i2c i2c-1: connected i2c-tiny-usb device
[  405.423823][   T30] audit: type=1400 audit(2000000248.790:632): avc:  denied  { connect } for  pid=10320 comm="syz.3.1277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  405.429148][T10321] bond0: option resend_igmp: invalid value (7540)
[  405.450418][T10321] bond0: option resend_igmp: allowed values 0 - 255
[  405.460529][   T30] audit: type=1400 audit(2000000248.830:633): avc:  denied  { append } for  pid=10320 comm="syz.3.1277" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  405.488145][ T5917] lo speed is unknown, defaulting to 1000
[  405.496838][   T30] audit: type=1400 audit(2000000248.870:634): avc:  denied  { remount } for  pid=10318 comm="syz.5.1276" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  405.519900][ T5917] s
z1: Port: 1 Link DOWN
[  405.524551][ T5921] usb 7-1: Using ep0 maxpacket: 16
[  405.530404][   T30] audit: type=1400 audit(2000000248.900:635): avc:  denied  { setopt } for  pid=10320 comm="syz.3.1277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  405.531517][ T5918] lo speed is unknown, defaulting to 1000
[  405.560000][ T5921] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  405.584677][ T5921] usb 7-1: config 0 has no interface number 0
[  405.602243][ T5921] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  405.622011][ T5921] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.631760][ T5921] usb 7-1: Product: syz
[  405.636659][ T5922] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  405.645414][ T5921] usb 7-1: Manufacturer: syz
[  405.660425][ T5921] usb 7-1: SerialNumber: syz
[  405.686523][ T5922] usb 3-1: device descriptor read/8, error -71
[  405.709729][ T5921] usb 7-1: config 0 descriptor??
[  405.746568][ T5921] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  405.789700][   T30] audit: type=1800 audit(2000000249.160:636): pid=10328 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.1278" name="bus" dev="overlay" ino=591 res=0 errno=0
[  405.822095][ T5922] usb usb3-port1: unable to enumerate USB device
[  406.630232][ T5918] usb 5-1: USB disconnect, device number 30
[  407.778119][ T5921] gspca_spca1528: reg_w err -110
[  407.783171][ T5834] Bluetooth: hci5: command tx timeout
[  407.789004][ T5921] spca1528 7-1:0.1: probe with driver spca1528 failed with error -110
[  407.982875][T10344] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1284'.
[  408.339757][T10348] netlink: 'syz.5.1282': attribute type 39 has an invalid length.
[  408.455418][T10355] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  409.094440][T10370] vivid-000: disconnect
[  409.443221][ T5918] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  409.587467][T10368] vivid-000: reconnect
[  409.672319][ T5918] usb 6-1: unable to get BOS descriptor or descriptor too short
[  409.695493][ T5921] usb 7-1: USB disconnect, device number 10
[  409.703049][ T5918] usb 6-1: config 107 has an invalid interface number: 165 but max is 0
[  409.733355][ T5918] usb 6-1: config 107 has an invalid descriptor of length 0, skipping remainder of the config
[  409.754112][ T5918] usb 6-1: config 107 has no interface number 0
[  409.760478][ T5918] usb 6-1: config 107 interface 165 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  409.788100][ T5918] usb 6-1: config 107 interface 165 altsetting 5 has 4 endpoint descriptors, different from the interface descriptor's value: 6
[  409.802333][ T5918] usb 6-1: config 107 interface 165 has no altsetting 0
[  409.810426][T10381] loop2: detected capacity change from 0 to 7
[  409.820801][T10381]  loop2: [POWERTEC] p1
[  409.826361][T10381] loop2: p1 start 1869770799 is beyond EOD, truncated
[  409.833302][ T5918] usb 6-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=23.29
[  409.842714][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.875762][ T5918] usb 6-1: Product: syz
[  409.893578][ T5918] usb 6-1: Manufacturer: syz
[  409.905454][ T5918] usb 6-1: SerialNumber: syz
[  410.457356][   T30] audit: type=1400 audit(2000000253.830:637): avc:  denied  { setcheckreqprot } for  pid=10373 comm="syz.5.1293" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  410.501759][ T1107] nci: nci_rx_work: unknown MT 0x7
[  411.451715][   T30] audit: type=1400 audit(2000000254.820:638): avc:  denied  { bind } for  pid=10413 comm="syz.4.1306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  411.581295][T10417] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65445 sclass=netlink_route_socket pid=10417 comm=syz.6.1305
[  412.149209][T10421] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1307'.
[  413.196712][T10431] overlayfs: missing 'lowerdir'
[  413.321331][ T5918] gspca_main: jl2005bcd-2.14.0 probing 0979:0227
[  413.424811][ T5918] command write [95] error -22
[  413.613934][ T5918] usb 6-1: USB disconnect, device number 12
[  414.548321][T10446] netlink: 'syz.2.1315': attribute type 16 has an invalid length.
[  414.583142][T10446] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1315'.
[  415.042509][T10459] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  415.073619][T10459] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65445 sclass=netlink_route_socket pid=10459 comm=syz.3.1319
[  415.965225][T10076] block nbd1: Possible stuck request ffff888026307000: control (read@0,4096B). Runtime 120 seconds
[  416.083353][ T5917] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  416.435783][T10487] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1325'.
[  417.096204][ T5917] usb 5-1: Using ep0 maxpacket: 32
[  417.202074][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  417.260091][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  417.344367][ T5917] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0004, bcdDevice= 0.00
[  417.409150][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.439574][ T5917] usb 5-1: config 0 descriptor??
[  417.461198][   T30] audit: type=1400 audit(2000000260.830:639): avc:  denied  { ioctl } for  pid=10488 comm="syz.5.1327" path="socket:[32173]" dev="sockfs" ino=32173 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  418.052705][T10507] overlayfs: missing 'lowerdir'
[  418.059771][ T5917] hid-generic 0003:0E8F:0004.0014: hidraw0: USB HID v0.00 Device [HID 0e8f:0004] on usb-dummy_hcd.4-1/input0
[  418.159668][T10509] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  418.207503][T10509] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65445 sclass=netlink_route_socket pid=10509 comm=syz.3.1331
[  418.530233][ T5921] usb 5-1: USB disconnect, device number 31
[  418.577301][T10513] netlink: 'syz.5.1334': attribute type 39 has an invalid length.
[  420.133576][   T30] audit: type=1400 audit(2000000262.760:640): avc:  denied  { sqpoll } for  pid=10518 comm="syz.3.1336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  420.333868][   T30] audit: type=1400 audit(2000000263.550:641): avc:  denied  { watch } for  pid=10526 comm="syz.2.1339" path="/281" dev="tmpfs" ino=1564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  420.557849][   T30] audit: type=1400 audit(2000000263.560:642): avc:  denied  { watch_sb } for  pid=10526 comm="syz.2.1339" path="/281" dev="tmpfs" ino=1564 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  420.592349][T10538] overlayfs: missing 'lowerdir'
[  421.360472][T10547] overlayfs: missing 'lowerdir'
[  421.646358][T10556] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'.
[  421.655356][T10556] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1346'.
[  422.119662][T10552] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1347'.
[  422.715792][T10570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.815642][T10570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.829418][T10564] Cannot find add_set index 0 as target
[  422.983222][ T5921] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  423.221331][T10582] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.228837][T10582] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.289106][T10587] overlayfs: missing 'workdir'
[  423.317655][T10582] bridge0: entered allmulticast mode
[  423.699068][   T30] audit: type=1400 audit(2000000267.060:643): avc:  denied  { setopt } for  pid=10583 comm="syz.6.1354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  423.872604][ T5921] usb 6-1: device not accepting address 13, error -71
[  424.034275][T10601] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  424.317588][T10608] overlayfs: missing 'lowerdir'
[  425.060512][ T5921] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  425.284160][ T5921] usb 6-1: no configurations
[  425.288847][ T5921] usb 6-1: can't read configurations, error -22
[  425.306234][T10610] autofs: Unknown parameter 'fd'
[  425.337940][ T5921] usb usb6-port1: attempt power cycle
[  425.349968][   T30] audit: type=1326 audit(2000000268.720:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10621 comm="syz.6.1367" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f83f938e169 code=0x0
[  425.372786][    C0] vkms_vblank_simulate: vblank timer overrun
[  425.520750][T10628] xt_hashlimit: Unknown mode mask 4802, kernel too old?
[  425.803011][ T5921] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  425.914301][ T5921] usb 6-1: no configurations
[  425.918976][ T5921] usb 6-1: can't read configurations, error -22
[  426.423136][ T5921] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  426.453871][ T5921] usb 6-1: no configurations
[  426.458574][ T5921] usb 6-1: can't read configurations, error -22
[  426.465172][ T5921] usb usb6-port1: unable to enumerate USB device
[  427.981648][T10651] overlayfs: missing 'lowerdir'
[  428.515742][T10663] overlay: filesystem on ./file1 not supported
[  428.523665][   T30] audit: type=1400 audit(2000000271.890:645): avc:  denied  { mounton } for  pid=10662 comm="syz.5.1380" path="/117/file0/bus" dev="afs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  428.604103][T10665] loop2: detected capacity change from 0 to 7
[  428.614594][T10665]  loop2: [POWERTEC] p1
[  428.636544][T10665] loop2: p1 start 1869770799 is beyond EOD, truncated
[  429.268319][   T30] audit: type=1400 audit(2000000272.640:646): avc:  denied  { unmount } for  pid=8435 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  430.155890][ T1163] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.428601][T10683] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1388'.
[  431.288996][T10690] loop8: detected capacity change from 0 to 1
[  431.303117][T10690] Dev loop8: unable to read RDB block 1
[  431.343907][T10690]  loop8: unable to read partition table
[  431.349808][T10690] loop8: partition table beyond EOD, truncated
[  431.356651][T10690] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  431.416924][T10695] netlink: 452 bytes leftover after parsing attributes in process `syz.4.1392'.
[  431.428166][ T1163] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.441536][   T30] audit: type=1400 audit(2000000274.790:647): avc:  denied  { nlmsg_read } for  pid=10694 comm="syz.4.1392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  431.474202][T10695] xt_hashlimit: size too large, truncated to 1048576
[  431.549893][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  431.564250][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  431.630103][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  431.645818][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  431.665623][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  431.839557][T10695] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1392'.
[  431.882170][ T1163] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.428986][T10714] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1395'.
[  433.276082][ T1163] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  433.317469][   T30] audit: type=1400 audit(2000000276.680:648): avc:  denied  { setattr } for  pid=10721 comm="syz.3.1400" name="[io_uring]" dev="anon_inodefs" ino=33054 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  433.343806][T10699] lo speed is unknown, defaulting to 1000
[  433.630104][ T5918] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  433.830430][ T5844] Bluetooth: hci0: command tx timeout
[  434.148891][ T5830] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  434.304621][ T5830] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  434.313905][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.326399][ T5830] usb 3-1: config 0 descriptor??
[  434.340960][ T5830] gspca_main: cpia1-2.14.0 probing 0813:0001
[  434.412755][ T5918] usb 4-1: device descriptor read/64, error -71
[  434.528524][    T9] usb 4-1: [UEAGLE-ATM] firmware is not available
[  434.642766][T10699] chnl_net:caif_netlink_parms(): no params data found
[  434.669998][ T1163] bridge_slave_1: left allmulticast mode
[  434.685002][ T1163] bridge_slave_1: left promiscuous mode
[  434.694996][ T1163] bridge0: port 2(bridge_slave_1) entered disabled state
[  434.706972][ T1163] bridge_slave_0: left allmulticast mode
[  434.712979][ T5918] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  434.720725][ T1163] bridge_slave_0: left promiscuous mode
[  434.728158][ T1163] bridge0: port 1(bridge_slave_0) entered disabled state
[  434.762782][   T30] audit: type=1800 audit(2000000278.130:649): pid=10726 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1401" name="bus" dev="tmpfs" ino=1637 res=0 errno=0
[  434.855153][ T5918] usb 4-1: device descriptor read/64, error -71
[  434.974157][ T5918] usb usb4-port1: attempt power cycle
[  435.047578][ T5830] cpia1 3-1:0.0: unexpected state after lo power cmd: 00
[  435.349796][ T5918] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  435.394499][ T5918] usb 4-1: device descriptor read/8, error -71
[  435.406666][T10744] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1405'.
[  435.468893][ T1163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  435.480053][ T1163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  435.493532][ T1163] bond0 (unregistering): Released all slaves
[  435.508406][ T1163] bond1 (unregistering): Released all slaves
[  435.608881][ T5830] gspca_cpia1: usb_control_msg 02, error -71
[  435.633248][ T5918] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  435.633267][ T5830] gspca_cpia1: usb_control_msg 05, error -71
[  435.633280][ T5830] cpia1 3-1:0.0: unexpected systemstate: 00
[  435.663934][ T5918] usb 4-1: device descriptor read/8, error -71
[  435.688949][ T5830] usb 3-1: USB disconnect, device number 39
[  435.746975][T10699] bridge0: port 1(bridge_slave_0) entered blocking state
[  435.758276][T10699] bridge0: port 1(bridge_slave_0) entered disabled state
[  435.768591][T10699] bridge_slave_0: entered allmulticast mode
[  435.784795][T10699] bridge_slave_0: entered promiscuous mode
[  435.793680][ T5918] usb usb4-port1: unable to enumerate USB device
[  435.810178][T10699] bridge0: port 2(bridge_slave_1) entered blocking state
[  435.825109][T10699] bridge0: port 2(bridge_slave_1) entered disabled state
[  435.832450][T10699] bridge_slave_1: entered allmulticast mode
[  435.842112][T10699] bridge_slave_1: entered promiscuous mode
[  435.894860][ T5844] Bluetooth: hci0: command tx timeout
[  436.147019][T10699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  436.264013][T10699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  436.616825][   T30] audit: type=1400 audit(2000000279.970:650): avc:  denied  { getopt } for  pid=10754 comm="syz.4.1409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  437.275984][T10699] team0: Port device team_slave_0 added
[  437.283893][T10699] team0: Port device team_slave_1 added
[  437.396485][T10776] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1414'.
[  437.465368][ T1163] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  437.472825][ T1163] batman_adv: batadv0: Removing interface: batadv_slave_0
[  437.501862][ T1163] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  437.510360][ T1163] batman_adv: batadv0: Removing interface: batadv_slave_1
[  437.747337][ T1163] veth1_macvtap: left promiscuous mode
[  437.760466][ T1163] veth0_macvtap: left promiscuous mode
[  437.793227][ T1163] veth1_vlan: left promiscuous mode
[  437.798887][ T1163] veth0_vlan: left promiscuous mode
[  437.843024][ T5877] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  437.963189][ T5844] Bluetooth: hci0: command tx timeout
[  438.452969][ T5877] usb 4-1: Using ep0 maxpacket: 8
[  438.460144][ T5877] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  438.468560][ T5877] usb 4-1: config 0 has no interface number 0
[  438.476818][ T5877] usb 4-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=be.68
[  438.492731][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.501866][ T5877] usb 4-1: Product: syz
[  438.508692][ T5877] usb 4-1: Manufacturer: syz
[  438.513556][ T5877] usb 4-1: SerialNumber: syz
[  438.527702][ T5877] usb 4-1: config 0 descriptor??
[  438.539156][ T5877] redrat3 4-1:0.31: Couldn't find all endpoints
[  438.860410][T10782] netlink: 71 bytes leftover after parsing attributes in process `syz.3.1417'.
[  439.799146][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  439.809873][ T5844] Bluetooth: hci5: Malformed Event: 0x02
[  440.038940][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  440.042990][ T5844] Bluetooth: hci0: command tx timeout
[  440.326266][   T30] audit: type=1400 audit(2000000283.700:651): avc:  denied  { accept } for  pid=10805 comm="syz.2.1426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  442.454632][ T1163] team0 (unregistering): Port device team_slave_1 removed
[  442.629225][ T1163] team0 (unregistering): Port device team_slave_0 removed
[  442.691563][T10832] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  442.701307][T10832] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  443.310999][T10699] batman_adv: batadv0: Adding interface: batadv_slave_0
[  443.318081][T10699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.353036][ T5921] usb 4-1: USB disconnect, device number 48
[  443.363829][ T5918] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  443.373310][T10699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  443.389379][T10699] batman_adv: batadv0: Adding interface: batadv_slave_1
[  443.413501][T10699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.466820][T10699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  443.563020][ T5918] usb 7-1: Using ep0 maxpacket: 32
[  443.581256][ T5918] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  443.608294][ T5918] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  443.619458][ T5918] usb 7-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  443.636417][T10847] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1436'.
[  443.684736][ T5918] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.769060][ T5918] usb 7-1: config 0 descriptor??
[  443.854987][   T36] Bluetooth: Error in BCSP hdr checksum
[  444.010091][T10699] hsr_slave_0: entered promiscuous mode
[  444.016413][T10699] hsr_slave_1: entered promiscuous mode
[  444.145719][T10852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1437'.
[  444.198842][T10852] geneve2: entered promiscuous mode
[  444.346134][T10837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  444.357138][T10837] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  445.300932][   T31] INFO: task udevd:5846 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  445.353151][   T31]       Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0
[  446.329363][ T5844] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  446.352953][T10076] block nbd1: Possible stuck request ffff888026307000: control (read@0,4096B). Runtime 150 seconds
[  446.538554][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  446.619949][   T31] task:udevd           state:D stack:24664 pid:5846  tgid:5846  ppid:5197   task_flags:0x400140 flags:0x00000002
[  446.723131][   T31] Call Trace:
[  446.726462][   T31]  <TASK>
[  446.729407][   T31]  __schedule+0x116f/0x5de0
[  446.756410][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  446.761435][   T31]  ? __pfx___schedule+0x10/0x10
[  446.782532][   T31]  ? find_held_lock+0x2b/0x80
[  446.792962][   T31]  ? schedule+0x2d7/0x3a0
[  446.817001][   T31]  schedule+0xe7/0x3a0
[  446.821235][   T31]  schedule_preempt_disabled+0x13/0x30
[  446.842908][   T31]  __mutex_lock+0x6c7/0xb90
[  446.847467][   T31]  ? bdev_open+0x41a/0xe40
[  446.851903][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  446.861150][   T31]  ? ilookup+0x1ce/0x320
[  446.873122][   T31]  ? __pfx_ilookup+0x10/0x10
[  446.877750][   T31]  ? find_held_lock+0x2b/0x80
[  446.882455][   T31]  ? bdev_open+0x41a/0xe40
[  446.903076][   T31]  bdev_open+0x41a/0xe40
[  446.907382][   T31]  blkdev_open+0x27b/0x3f0
[  446.911819][   T31]  do_dentry_open+0x741/0x1c10
[  446.922903][   T31]  ? __pfx_blkdev_open+0x10/0x10
[  446.927898][   T31]  vfs_open+0x82/0x3f0
[  446.931989][   T31]  path_openat+0x1e5e/0x2d40
[  446.952920][   T31]  ? __pfx_path_openat+0x10/0x10
[  446.957926][   T31]  do_filp_open+0x20b/0x470
[  446.962438][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  446.971725][   T31]  ? alloc_fd+0x471/0x7d0
[  446.976151][   T31]  do_sys_openat2+0x11b/0x1d0
[  446.980823][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  446.986484][   T31]  ? __sys_recvmsg+0x196/0x220
[  446.991290][   T31]  ? __pfx___sys_recvmsg+0x10/0x10
[  446.996452][   T31]  __x64_sys_openat+0x174/0x210
[  447.001318][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  447.006751][   T31]  ? rcu_is_watching+0x12/0xc0
[  447.011526][   T31]  do_syscall_64+0xcd/0x260
[  447.016051][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.022052][   T31] RIP: 0033:0x7f86357169a4
[  447.026617][   T31] RSP: 002b:00007ffd2780fff0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  447.035094][   T31] RAX: ffffffffffffffda RBX: 000055ae586228e0 RCX: 00007f86357169a4
[  447.043107][   T31] RDX: 00000000000a0800 RSI: 000055ae585f7300 RDI: 00000000ffffff9c
[  447.051111][   T31] RBP: 000055ae585f7300 R08: 0000000000000001 R09: 00007f8635c54000
[  447.059149][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800
[  447.067138][   T31] R13: 000055ae586613d0 R14: 0000000000000001 R15: 000055ae585eb2c0
[  447.075266][   T31]  </TASK>
[  447.078406][   T31] INFO: task syz.1.829:8852 blocked for more than 145 seconds.
[  447.086913][   T31]       Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0
[  447.098021][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  447.108163][   T31] task:syz.1.829       state:D stack:27560 pid:8852  tgid:8851  ppid:5838   task_flags:0x400140 flags:0x00004004
[  447.120255][   T31] Call Trace:
[  447.123608][   T31]  <TASK>
[  447.126620][   T31]  __schedule+0x116f/0x5de0
[  447.131118][   T31]  ? __lock_acquire+0xaa4/0x1ba0
[  447.136107][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  447.141050][   T31]  ? __pfx___schedule+0x10/0x10
[  447.145959][   T31]  ? find_held_lock+0x2b/0x80
[  447.150650][   T31]  ? schedule+0x2d7/0x3a0
[  447.155019][   T31]  schedule+0xe7/0x3a0
[  447.159107][   T31]  schedule_preempt_disabled+0x13/0x30
[  447.164628][   T31]  __mutex_lock+0x6c7/0xb90
[  447.169162][   T31]  ? nbd_ioctl+0x30a/0xda0
[  447.173615][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  447.178653][   T31]  ? rcu_is_watching+0x12/0xc0
[  447.183603][   T31]  ? nbd_ioctl+0x30a/0xda0
[  447.188046][   T31]  nbd_ioctl+0x30a/0xda0
[  447.192292][   T31]  ? __pfx_nbd_ioctl+0x10/0x10
[  447.197082][   T31]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  447.204004][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[  447.210085][   T31]  ? __pfx_nbd_ioctl+0x10/0x10
[  447.214878][   T31]  blkdev_ioctl+0x274/0x6d0
[  447.219389][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  447.224481][   T31]  ? selinux_file_ioctl+0x180/0x270
[  447.229765][   T31]  ? selinux_file_ioctl+0xb4/0x270
[  447.234914][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  447.239947][   T31]  __x64_sys_ioctl+0x190/0x200
[  447.244778][   T31]  do_syscall_64+0xcd/0x260
[  447.249303][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.255230][   T31] RIP: 0033:0x7f72cb38e169
[  447.259652][   T31] RSP: 002b:00007f72c91f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  447.268120][   T31] RAX: ffffffffffffffda RBX: 00007f72cb5b5fa0 RCX: 00007f72cb38e169
[  447.276138][   T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000006
[  447.284189][   T31] RBP: 00007f72cb410a68 R08: 0000000000000000 R09: 0000000000000000
[  447.292177][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  447.300322][   T31] R13: 0000000000000000 R14: 00007f72cb5b5fa0 R15: 00007ffc09ec09b8
[  447.308343][   T31]  </TASK>
[  447.413468][   T31] INFO: task syz.1.829:8855 blocked for more than 145 seconds.
[  447.421117][   T31]       Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0
[  447.504525][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  447.513490][   T31] task:syz.1.829       state:D stack:28728 pid:8855  tgid:8851  ppid:5838   task_flags:0x480140 flags:0x00000004
[  447.525751][   T31] Call Trace:
[  447.529073][   T31]  <TASK>
[  447.532028][   T31]  __schedule+0x116f/0x5de0
[  447.539368][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  447.544726][   T31]  ? __pfx___schedule+0x10/0x10
[  447.549616][   T31]  ? find_held_lock+0x2b/0x80
[  447.554703][   T31]  ? schedule+0x2d7/0x3a0
[  447.559087][   T31]  schedule+0xe7/0x3a0
[  447.566710][   T31]  blk_mq_freeze_queue_wait+0x143/0x1b0
[  447.572306][   T31]  ? __pfx_blk_mq_freeze_queue_wait+0x10/0x10
[  447.582900][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[  447.589012][   T31]  ? blk_freeze_queue_start+0xec/0x140
[  447.612933][   T31]  queue_limits_commit_update_frozen+0x93/0x110
[  447.619242][   T31]  nbd_set_size+0x4e2/0x720
[  447.652970][   T31]  ? __pfx_nbd_set_size+0x10/0x10
[  447.658060][   T31]  ? __mutex_lock+0x1ca/0xb90
[  447.662753][   T31]  ? cred_has_capability.isra.0+0x193/0x2f0
[  447.692915][   T31]  ? cap_capable+0xb3/0x250
[  447.697478][   T31]  ? bpf_lsm_capable+0x9/0x10
[  447.702187][   T31]  nbd_ioctl+0xd34/0xda0
[  447.723365][   T31]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[  447.729937][   T31]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  447.752914][   T31]  ? __pfx_nbd_ioctl+0x10/0x10
[  447.757753][   T31]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  447.777816][   T31]  ? __pfx_nbd_ioctl+0x10/0x10
[  447.782637][   T31]  blkdev_ioctl+0x274/0x6d0
[  447.790869][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  447.796184][   T31]  ? selinux_file_ioctl+0x180/0x270
[  447.801433][   T31]  ? selinux_file_ioctl+0xb4/0x270
[  447.808564][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  447.814953][   T31]  __x64_sys_ioctl+0x190/0x200
[  447.819771][   T31]  do_syscall_64+0xcd/0x260
[  447.824636][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.830552][   T31] RIP: 0033:0x7f72cb38e169
[  447.835331][   T31] RSP: 002b:00007f72c91d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  447.844233][   T31] RAX: ffffffffffffffda RBX: 00007f72cb5b6080 RCX: 00007f72cb38e169
[  447.852243][   T31] RDX: 0000000000000003 RSI: 000000000000ab07 RDI: 0000000000000004
[  447.860685][   T31] RBP: 00007f72cb410a68 R08: 0000000000000000 R09: 0000000000000000
[  447.868920][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  447.882904][   T31] R13: 0000000000000000 R14: 00007f72cb5b6080 R15: 00007ffc09ec09b8
[  447.890944][   T31]  </TASK>
[  447.903803][   T31] INFO: task syz.1.829:8856 blocked for more than 146 seconds.
[  447.911837][   T31]       Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0
[  447.920122][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  447.932367][   T31] task:syz.1.829       state:D stack:24728 pid:8856  tgid:8851  ppid:5838   task_flags:0x400140 flags:0x00004004
[  447.947615][   T31] Call Trace:
[  447.950903][   T31]  <TASK>
[  447.954379][   T31]  __schedule+0x116f/0x5de0
[  447.958899][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  447.966857][   T31]  ? __pfx___schedule+0x10/0x10
[  447.971748][   T31]  ? find_held_lock+0x2b/0x80
[  447.977481][   T31]  ? schedule+0x2d7/0x3a0
[  447.981827][   T31]  schedule+0xe7/0x3a0
[  447.990987][   T31]  io_schedule+0xbf/0x130
[  447.995371][   T31]  folio_wait_bit_common+0x3d6/0x9e0
[  448.000655][   T31]  ? folio_wait_bit_common+0x13a/0x9e0
[  448.009057][   T31]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  448.015448][   T31]  ? filemap_read_folio+0xe1/0x2a0
[  448.020759][   T31]  ? __pfx_filemap_read_folio+0x10/0x10
[  448.029314][   T31]  ? __pfx_wake_page_function+0x10/0x10
[  448.034933][   T31]  ? __filemap_get_folio+0x333/0xc10
[  448.040230][   T31]  do_read_cache_folio+0x342/0x5c0
[  448.048404][   T31]  ? __pfx_blkdev_read_folio+0x10/0x10
[  448.053950][   T31]  read_part_sector+0xd4/0x310
[  448.058719][   T31]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[  448.067767][   T31]  adfspart_check_POWERTEC+0x8a/0x710
[  448.073309][   T31]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[  448.080008][   T31]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[  448.088927][   T31]  bdev_disk_changed+0x720/0x1520
[  448.096228][   T31]  ? __pfx_bdev_disk_changed+0x10/0x10
[  448.101731][   T31]  blkdev_get_whole+0x187/0x290
[  448.109550][   T31]  bdev_open+0x2c7/0xe40
[  448.113841][   T31]  bdev_file_open_by_dev+0x17d/0x210
[  448.119160][   T31]  setup_bdev_super+0x78/0x730
[  448.127126][   T31]  get_tree_bdev_flags+0x363/0x620
[  448.132442][   T31]  ? __pfx_udf_fill_super+0x10/0x10
[  448.137718][   T31]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  448.146344][   T31]  ? bpf_lsm_capable+0x9/0x10
[  448.151132][   T31]  ? security_capable+0x7e/0x260
[  448.156127][   T31]  vfs_get_tree+0x8b/0x340
[  448.160549][   T31]  path_mount+0x14d4/0x1f30
[  448.168199][   T31]  ? kmem_cache_free+0x2d4/0x4d0
[  448.173183][   T31]  ? __pfx_path_mount+0x10/0x10
[  448.178036][   T31]  ? putname+0x154/0x1a0
[  448.185996][   T31]  __x64_sys_mount+0x28d/0x310
[  448.190782][   T31]  ? __pfx___x64_sys_mount+0x10/0x10
[  448.196315][   T31]  do_syscall_64+0xcd/0x260
[  448.200836][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.211811][   T31] RIP: 0033:0x7f72cb38e169
[  448.216289][   T31] RSP: 002b:00007f72c91b4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  448.227611][   T31] RAX: ffffffffffffffda RBX: 00007f72cb5b6160 RCX: 00007f72cb38e169
[  448.235840][   T31] RDX: 0000200000000040 RSI: 0000200000004a00 RDI: 0000200000000500
[  448.247006][   T31] RBP: 00007f72cb410a68 R08: 0000000000000000 R09: 0000000000000000
[  448.255180][   T31] R10: 0000000000008007 R11: 0000000000000246 R12: 0000000000000000
[  448.266255][   T31] R13: 0000000000000001 R14: 00007f72cb5b6160 R15: 00007ffc09ec09b8
[  448.274336][   T31]  </TASK>
[  448.277565][   T31] 
[  448.277565][   T31] Showing all locks held in the system:
[  448.289943][   T31] 3 locks held by kworker/0:0/9:
[  448.303480][   T31]  #0: ffff88801b478d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  448.314057][   T31]  #1: ffffc900000e7d18 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  448.323795][   T31]  #2: ffffffff8e3caaf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  448.333985][   T31] 1 lock held by khungtaskd/31:
[  448.338857][   T31]  #0: ffffffff8e3bf5c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  448.348800][   T31] 4 locks held by kworker/u8:8/1163:
[  448.354331][   T31]  #0: ffff88801c2f3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  448.367615][   T31]  #1: ffffc9000416fd18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  448.377788][   T31]  #2: ffffffff90114fd0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xc9/0xb30
[  448.390822][   T31]  #3: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: gate_exit_net+0x24/0x130
[  448.400152][   T31] 2 locks held by getty/5582:
[  448.408726][   T31]  #0: ffff8880329be0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  448.418713][   T31]  #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  448.428980][   T31] 1 lock held by udevd/5846:
[  448.433598][   T31]  #0: ffff888025c9c358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  448.443476][   T31] 5 locks held by kworker/1:7/5918:
[  448.448993][   T31]  #0: ffff888144a89548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  448.460226][   T31]  #1: ffffc9000456fd18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  448.471685][   T31]  #2: ffff8880296ad198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0
[  448.480609][   T31]  #3: ffff8880258e6198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[  448.490259][   T31]  #4: ffff8880602e1160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[  448.499586][   T31] 4 locks held by udevd/5938:
[  448.504283][   T31]  #0: ffff888026d8f8b8 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0
[  448.513229][   T31]  #1: ffff88802b15e888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4d/0x240
[  448.522757][   T31]  #2: ffff888049836b48 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x71/0x240
[  448.532192][   T31]  #3: ffff8880258e6198 (&dev->mutex){....}-{4:4}, at: uevent_show+0x187/0x3b0
[  448.541193][   T31] 1 lock held by syz.4.395/7342:
[  448.546146][   T31]  #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  448.555203][   T31] 1 lock held by syz.1.829/8852:
[  448.560196][   T31]  #0: ffff888025896998 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x30a/0xda0
[  448.569544][   T31] 4 locks held by syz.1.829/8855:
[  448.574573][   T31]  #0: ffff888025896998 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x150/0xda0
[  448.583895][   T31]  #1: ffff888142bd9a78 (&q->limits_lock){+.+.}-{4:4}, at: nbd_set_size+0x2be/0x720
[  448.593351][   T31]  #2: ffff888142bd9428 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  448.605085][   T31]  #3: ffff888142bd9460 (&q->q_usage_counter(queue)#2){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  448.616976][   T31] 2 locks held by syz.1.829/8856:
[  448.621982][   T31]  #0: ffff88807d70a0e0 (&type->s_umount_key#67/1){+.+.}-{4:4}, at: alloc_super+0x235/0xbd0
[  448.632120][   T31]  #1: ffff888025c9c358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xa2/0xe40
[  448.641435][   T31] 5 locks held by syz-executor/10699:
[  448.646840][   T31]  #0: ffff888037ca4d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  448.656467][   T31]  #1: ffff888037ca4078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  448.666582][   T31]  #2: ffffffff90399f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[  448.676648][   T31]  #3: ffff88804a78eb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730
[  448.686250][   T31]  #4: ffffffff8e3caaf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  448.700305][   T31] 2 locks held by syz.6.1432/10837:
[  448.705657][   T31]  #0: ffff8880608e8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  448.715285][   T31]  #1: ffff8880608e8078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  448.726839][   T31] 
[  448.729183][   T31] =============================================
[  448.729183][   T31] 
[  448.737928][   T31] NMI backtrace for cpu 0
[  448.737943][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  448.737963][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  448.737973][   T31] Call Trace:
[  448.737978][   T31]  <TASK>
[  448.737984][   T31]  dump_stack_lvl+0x116/0x1f0
[  448.738011][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  448.738028][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  448.738059][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  448.738078][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  448.738098][   T31]  watchdog+0xf70/0x12c0
[  448.738119][   T31]  ? __pfx_watchdog+0x10/0x10
[  448.738135][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  448.738158][   T31]  ? __kthread_parkme+0x19e/0x250
[  448.738183][   T31]  ? __pfx_watchdog+0x10/0x10
[  448.738200][   T31]  kthread+0x3c2/0x780
[  448.738215][   T31]  ? __pfx_kthread+0x10/0x10
[  448.738229][   T31]  ? __pfx_kthread+0x10/0x10
[  448.738244][   T31]  ? __pfx_kthread+0x10/0x10
[  448.738259][   T31]  ? __pfx_kthread+0x10/0x10
[  448.738273][   T31]  ? rcu_is_watching+0x12/0xc0
[  448.738294][   T31]  ? __pfx_kthread+0x10/0x10
[  448.738310][   T31]  ret_from_fork+0x45/0x80
[  448.738326][   T31]  ? __pfx_kthread+0x10/0x10
[  448.738342][   T31]  ret_from_fork_asm+0x1a/0x30
[  448.738375][   T31]  </TASK>
[  448.738383][   T31] Sending NMI from CPU 0 to CPUs 1:
[  448.876526][    C1] NMI backtrace for cpu 1
[  448.876540][    C1] CPU: 1 UID: 0 PID: 1133 Comm: kworker/u8:7 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  448.876556][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  448.876564][    C1] Workqueue: bat_events batadv_nc_worker
[  448.876584][    C1] RIP: 0010:mark_held_locks+0x0/0x80
[  448.876598][    C1] Code: 48 c7 c7 40 e1 2b 8e e8 2e aa 69 03 e9 6f fd ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <8b> 87 e8 0a 00 00 85 c0 7e 5e 41 55 4c 8d af f0 0a 00 00 41 54 41
[  448.876613][    C1] RSP: 0018:ffffc9000408fa80 EFLAGS: 00000002
[  448.876622][    C1] RAX: 0000000000000001 RBX: ffff888027f12440 RCX: ffffffff81c3133f
[  448.876631][    C1] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff888027f12440
[  448.876639][    C1] RBP: ffffffff8b400324 R08: 0000000000000000 R09: 0000000000000001
[  448.876646][    C1] R10: ffffffff90864917 R11: 0000000000000000 R12: ffffffff8b400500
[  448.876654][    C1] R13: ffff88805f709740 R14: ffff88805f6e8d80 R15: 0000000000000000
[  448.876663][    C1] FS:  0000000000000000(0000) GS:ffff888124ab2000(0000) knlGS:0000000000000000
[  448.876676][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  448.876684][    C1] CR2: 00007fbc2327a990 CR3: 000000000e180000 CR4: 00000000003526f0
[  448.876692][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  448.876700][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  448.876707][    C1] Call Trace:
[  448.876712][    C1]  <TASK>
[  448.876716][    C1]  lockdep_hardirqs_on_prepare+0xb8/0x1d0
[  448.876729][    C1]  trace_hardirqs_on+0x36/0x40
[  448.876742][    C1]  __local_bh_enable_ip+0xa4/0x120
[  448.876759][    C1]  batadv_nc_purge_paths+0x1d4/0x3a0
[  448.876777][    C1]  batadv_nc_worker+0x958/0x1030
[  448.876792][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  448.876808][    C1]  ? __pfx_batadv_nc_worker+0x10/0x10
[  448.876825][    C1]  ? rcu_is_watching+0x12/0xc0
[  448.876841][    C1]  process_one_work+0x9cc/0x1b70
[  448.876858][    C1]  ? __pfx_batadv_nc_worker+0x10/0x10
[  448.876872][    C1]  ? __pfx_process_one_work+0x10/0x10
[  448.876889][    C1]  ? assign_work+0x1a0/0x250
[  448.876902][    C1]  worker_thread+0x6c8/0xf10
[  448.876921][    C1]  ? __pfx_worker_thread+0x10/0x10
[  448.876934][    C1]  kthread+0x3c2/0x780
[  448.876946][    C1]  ? __pfx_kthread+0x10/0x10
[  448.876958][    C1]  ? __pfx_kthread+0x10/0x10
[  448.876969][    C1]  ? __pfx_kthread+0x10/0x10
[  448.876980][    C1]  ? __pfx_kthread+0x10/0x10
[  448.876991][    C1]  ? rcu_is_watching+0x12/0xc0
[  448.877005][    C1]  ? __pfx_kthread+0x10/0x10
[  448.877017][    C1]  ret_from_fork+0x45/0x80
[  448.877030][    C1]  ? __pfx_kthread+0x10/0x10
[  448.877042][    C1]  ret_from_fork_asm+0x1a/0x30
[  448.877065][    C1]  </TASK>
[  448.879490][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  449.153802][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  449.165584][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  449.175631][   T31] Call Trace:
[  449.178890][   T31]  <TASK>
[  449.181802][   T31]  dump_stack_lvl+0x3d/0x1f0
[  449.186381][   T31]  panic+0x71c/0x800
[  449.190257][   T31]  ? __pfx_panic+0x10/0x10
[  449.194651][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  449.200008][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  449.205969][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  449.211321][   T31]  ? watchdog+0xdda/0x12c0
[  449.215719][   T31]  ? watchdog+0xdcd/0x12c0
[  449.220117][   T31]  watchdog+0xdeb/0x12c0
[  449.224344][   T31]  ? __pfx_watchdog+0x10/0x10
[  449.229000][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  449.234185][   T31]  ? __kthread_parkme+0x19e/0x250
[  449.239199][   T31]  ? __pfx_watchdog+0x10/0x10
[  449.243857][   T31]  kthread+0x3c2/0x780
[  449.247913][   T31]  ? __pfx_kthread+0x10/0x10
[  449.252483][   T31]  ? __pfx_kthread+0x10/0x10
[  449.257057][   T31]  ? __pfx_kthread+0x10/0x10
[  449.261635][   T31]  ? __pfx_kthread+0x10/0x10
[  449.266219][   T31]  ? rcu_is_watching+0x12/0xc0
[  449.270967][   T31]  ? __pfx_kthread+0x10/0x10
[  449.275539][   T31]  ret_from_fork+0x45/0x80
[  449.279936][   T31]  ? __pfx_kthread+0x10/0x10
[  449.284507][   T31]  ret_from_fork_asm+0x1a/0x30
[  449.289267][   T31]  </TASK>
[  449.292475][   T31] Kernel Offset: disabled
[  449.296777][   T31] Rebooting in 86400 seconds..