last executing test programs:

23.780505992s ago: executing program 0 (id=3108):
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
timer_create(0x0, 0x0, 0x0)
timer_delete(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = timerfd_create(0x0, 0x0)
ioctl$TFD_IOC_SET_TICKS(r3, 0x40085400, &(0x7f00000001c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00')
read$FUSE(r5, &(0x7f0000002b40)={0x2020}, 0x2051)
ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000080)=0x5, 0x4)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0xffffffffffffffb2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r4, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0)
timer_create(0x4, &(0x7f0000000140)={0x0, 0x2b, 0x1, @thr={&(0x7f0000000540)="306e8db7d6f777ba04647b66a10ab988e6dfafc6db3a6dc64bccdca4f54640b5bd987d76fb7c9d4591d80f994e5b22e5fc5173dd187634608ea5cfaf5f7bb569dfe75216105f6d2821fdbc4afe03fdff2c1029f5dc4012681df9fb9f620f13f2d55213d7d34832a68e1d22c48824e4553e7c88a7ddd1f1e6aad30529ff84b679fc241c2030f1718451809e449f98a27f81584dea68ae6a0c659dc4d5f9a859b9f436c68c20f38edd97f4ac48cd40fab736", &(0x7f00000006c0)="390c6b4fd83ebd051a67e8c5eaadd077ae659f515fa1d712aac67373ebff76924b73aa71f0f847490f84ff4802f792ee73a46a5d7cf6a2da94ad980e2c99bc606dcb7b9e30b1b5dc5ec6f2d6dea8609e8d4859a90f6d7fe3b968a9af774f50d62f8469e891fa81ad578186a755bbaaaaa4f83670909673e932bf611edbff70001479ae6a62a46cb1a5feb3c6cfca1a9de3873d77c66962c677a9b9437afaaffd7582cd4bac2cedf4423ad625"}}, &(0x7f0000000180)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000280)={{}, {0x77359400}}, &(0x7f0000000300))
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
recvfrom$inet(r8, &(0x7f00000001c0)=""/145, 0x91, 0x0, &(0x7f0000000100)={0x2, 0x4e22, @multicast1}, 0x10)
ioctl$TIOCSTI(r0, 0x5412, 0x0)

21.6482017s ago: executing program 0 (id=3113):
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x10, 0x803, 0x0)
socket$unix(0x1, 0x5, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000140), 0x183501, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000200)={0x800, 0x360, 0xd02f02b7fcf78738, 0x10, 0x1, 0x7fff, 0x0, 0x1, {0x1, 0xffffffff}, {0x100, 0x3fffffff, 0x1}, {0x80, 0x9, 0x40000000}, {0x1, 0x2}, 0x2, 0x2, 0x3, 0x3, 0x0, 0xd74, 0x5, 0xe, 0x10, 0x4, 0x8, 0x6, 0x0, 0x2, 0x1, 0xc})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x24040084)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040))
r3 = open(&(0x7f0000000080)='./file0\x00', 0x4c27e, 0x2)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000580)=<r5=>0x0)
syz_clone3(&(0x7f0000000600)={0x9100, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340), {0x33}, &(0x7f00000003c0)=""/148, 0x94, &(0x7f0000000480)=""/232, &(0x7f00000005c0)=[r4, r5], 0x2, {r3}}, 0x58)
fallocate(r3, 0x0, 0x550d, 0x1000f4)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3a)
ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r3, 0x4068aea3, &(0x7f00000000c0)={0xc5, 0x0, r6})
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x77359400}}, 0x0)

21.425265384s ago: executing program 0 (id=3117):
mount$overlay(0x0, 0x0, 0x0, 0x40000, &(0x7f0000000040)={[], [{@dont_appraise}], 0x3a})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000001080)=ANY=[@ANYBLOB="18020000030000000000000000000000850000002000000018010000090000000000000000202020731af8ff00000000bfa100000000000007010004f8ffffffb702000008000000b70300006c10094985000000060000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
r1 = getpid()
sched_setaffinity(r1, 0x8, &(0x7f0000000340)=0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xc, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0xd8, 0x170, 0xffffffff, 0xd8, 0x228, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010100, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3]}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
close(0xffffffffffffffff)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32, @ANYBLOB="0bb1000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000500), 0x40002, 0x0)
preadv(r4, &(0x7f0000004040)=[{&(0x7f0000002e00)=""/156, 0x9c}], 0x1, 0x401, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000240)=[0x7fff])
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0)
pipe(&(0x7f0000000540))
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r6)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='timerslack_ns\x00')
write$binfmt_format(r7, &(0x7f0000000180)='1\x00', 0x2)

21.215790276s ago: executing program 0 (id=3118):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x60000, 0x0)
ioctl$SNDCTL_MIDI_INFO(r1, 0xc074510c, &(0x7f0000000000)={"8a22a004f973bbd0e4e70fc00c438949951cefd90a46684024b2ccf3d865", 0x1, 0xa86d, 0xb2, [0x5, 0x4, 0xfc2, 0x1000007, 0x4, 0x1, 0x7, 0x0, 0xd, 0x7fffffff, 0x0, 0x5, 0x8, 0x6, 0xc, 0x1, 0x9, 0x7fff]})
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="640000000001010400000000000000000200001f240001801400018008000100e000000108000200000000000c0002800500010000000000240002800c00028005000100000000001400018008000100e000000114effc6ec066d8d24108000200000000000800074000000000bf415d05492af7f88ef951bda06910eea7987b20b0e082028f8276037e98"], 0x64}, 0x1, 0x0, 0x0, 0x40054}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000840), r2)
sendmsg$NLBL_CIPSOV4_C_LIST(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000880)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4010)
futex(&(0x7f000000cffc)=0x40000000, 0x80000000000d, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r6 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, r6, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}]}, 0x2c}}, 0xc0)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r9 = accept4(r8, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba12", 0x11}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r9, 0x12, 0x2, &(0x7f00000003c0)=""/127, &(0x7f0000000440)=0x7f)
recvmsg(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="0100041e00000100000009000000"], 0x14}, 0x1, 0x0, 0x0, 0x48c1}, 0x0)

6.903190861s ago: executing program 1 (id=3167):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x1ba1, 0x10100, 0x2000000, 0x132}, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000380)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x23}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x10, 0x4004, @fd_index=0x9, 0x8, 0x0, 0x0, 0x2})
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x0, 0x40000101, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8000, &(0x7f00000001c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000200)="9a9c94a4", 0x4, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
r5 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r5, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4)

6.835970734s ago: executing program 4 (id=3169):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
readv(r1, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x40000000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
lsetxattr$security_selinux(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f0000000340)='system_u:object_r:cron_spool_t:s0\x00', 0x22, 0x1)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4000)
r4 = socket$xdp(0x2c, 0x3, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00'})
bind$xdp(r4, &(0x7f0000000180)={0x2c, 0xa, 0x0, 0x1a, r5}, 0x10)
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r6=>0x0})
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000080)={@remote, r6}, 0x14)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
get_robust_list(0x0, 0x0, &(0x7f0000000580))
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x448d0)
r8 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x0, 0x100)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r8, 0xc0844123, &(0x7f0000000000))
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

6.743526821s ago: executing program 3 (id=3170):
prctl$PR_GET_NAME(0x10, &(0x7f0000000000)=""/221)
prctl$PR_GET_NAME(0x10, &(0x7f0000000100)=""/46)
prctl$PR_GET_NAME(0x10, &(0x7f0000000140)=""/171)
prctl$PR_GET_NAME(0x10, &(0x7f0000000200)=""/49)
prctl$PR_GET_NAME(0x10, &(0x7f0000000240)=""/56)
prctl$PR_GET_NAME(0x10, &(0x7f0000000280)=""/103)
prctl$PR_GET_NAME(0x10, &(0x7f0000000300)=""/151)
prctl$PR_GET_NAME(0x10, &(0x7f00000003c0)=""/99)
prctl$PR_GET_NAME(0x10, &(0x7f0000000440)=""/186)
prctl$PR_GET_NAME(0x10, &(0x7f0000000500)=""/5)
prctl$PR_GET_NAME(0x10, &(0x7f0000000540)=""/131)
prctl$PR_GET_NAME(0x10, &(0x7f0000000600)=""/218)
prctl$PR_GET_NAME(0x10, &(0x7f0000000700)=""/13)
prctl$PR_GET_NAME(0x10, &(0x7f0000000740)=""/91)
prctl$PR_GET_NAME(0x10, &(0x7f00000007c0)=""/13)
prctl$PR_GET_NAME(0x10, &(0x7f0000000800)=""/4096)
prctl$PR_GET_NAME(0x10, &(0x7f0000001800)=""/164)
prctl$PR_GET_NAME(0x10, &(0x7f00000018c0)=""/133)
prctl$PR_GET_NAME(0x10, &(0x7f0000001980)=""/22)
prctl$PR_GET_NAME(0x10, &(0x7f00000019c0)=""/20)
prctl$PR_GET_NAME(0x10, &(0x7f0000001a00)=""/164)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
getresuid(&(0x7f0000001ac0)=<r1=>0x0, &(0x7f0000001b00), &(0x7f0000001b40))
ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f0000001b80)={0x3, @bcast, r1})
prctl$PR_GET_NAME(0x10, &(0x7f0000001bc0)=""/142)
prctl$PR_GET_NAME(0x10, &(0x7f0000001c80)=""/14)
prctl$PR_GET_NAME(0x10, &(0x7f0000001cc0)=""/89)
prctl$PR_GET_NAME(0x10, &(0x7f0000001d40)=""/15)
prctl$PR_GET_NAME(0x10, &(0x7f0000001d80)=""/160)
prctl$PR_GET_NAME(0x10, &(0x7f0000001e40))

6.700417837s ago: executing program 3 (id=3171):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_dev$vim2m(0x0, 0x5, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201100153a42908f00a71729188110203010902240001060000000904020002ff"], 0x0)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000076000d0b27bd7000fdffffff030000000000000008000500", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x2008c000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000ac0)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2d, 0x25dfdbfb, {0x60, 0x0, 0x0, r4, {0x0, 0xc}, {0xffe0, 0xa}, {0x1, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x55}, 0xc010)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x8}, {0x0, [0x61, 0x0, 0x5f, 0x61, 0x2e, 0x61]}}, &(0x7f00000001c0)=""/14, 0x20, 0xe, 0x1, 0xc0ec, 0x10000}, 0x28)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00')
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000002c0), 0x1080, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg$can_raw(r1, &(0x7f0000000580)={&(0x7f0000000380)=@sco, 0x80, &(0x7f0000000300)=[{&(0x7f0000000080)=""/50, 0x32}, {&(0x7f0000000400)=""/159, 0x9f}], 0x2, &(0x7f00000004c0)=""/167, 0xa7}, 0x2)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000140))
pwritev(r6, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000000", 0x6}], 0x1, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000070000030900011c73797a30000000002c000000030a01010000000000000000010000040900010073797a30000000000900030073797a320000000098000000060a010400000000000000000100000008000b40000000007074686472000004000280580001800c000100626974776973650048000280080003400000000208000140000000142c000780280002800900020073797a30000000000800034000000002080003400000000408000180fffffffc080006400000000309000100000000140000001100010000000000000000000700000a"], 0x10c}}, 0x0)

6.149829605s ago: executing program 1 (id=3172):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)=<r1=>0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000080)={@private, @initdev, <r3=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=@delqdisc={0x4a8, 0x25, 0x2, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x8, 0x10}, {0xb, 0x1}, {0xfff2, 0xf}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xdca4}, @qdisc_kind_options=@q_blackhole={0xe}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0x4}}}, @TCA_RATE={0x6, 0x5, {0xf3, 0xd}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x2, 0x1, 0x6, 0x0, 0x4, 0xfffffffc, 0x2}}, {0x8, 0x2, [0x2, 0x98f6]}}]}, @qdisc_kind_options=@q_tbf={{0x8}, {0x41c, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0x966f23ee0f32dcea}, @TCA_TBF_BURST={0x8, 0x6, 0x3}, @TCA_TBF_PTAB={0x404, 0x3, [0xe, 0x4, 0x6, 0x1, 0x5, 0x4, 0x9, 0x5, 0x0, 0x5, 0x3, 0x8001, 0x4, 0xfff, 0x63ad2641, 0x4, 0x7f, 0x10001, 0x7be90c24, 0xa, 0x40, 0x4, 0x8, 0x2, 0xf, 0x3, 0x4, 0x6, 0x9, 0x0, 0x8, 0x2, 0x3, 0x1, 0x1, 0x9, 0x61, 0x2, 0x8, 0xc, 0x4, 0x6, 0x17, 0x2, 0x6, 0x0, 0x6, 0x0, 0x2, 0x1, 0x7, 0x3ff, 0x2, 0x1000, 0xf7, 0x10001, 0x9, 0xff92, 0x40, 0xadc, 0x8, 0x4, 0x9ced, 0x1, 0x4, 0x10000, 0xfa, 0x6, 0x8, 0xf8, 0x7, 0xff, 0x9, 0x88, 0xff, 0x0, 0x3, 0x8001, 0x8, 0x0, 0x4, 0x34ff, 0x9, 0x5, 0x4, 0x6, 0x10, 0x7, 0x88, 0x1, 0xfff, 0xfd7, 0x400, 0x6, 0x100, 0x1, 0x4, 0x5, 0x2, 0x6, 0xb, 0x3, 0x400, 0x2, 0x6, 0x4, 0x5, 0x400, 0x6, 0x9, 0x400, 0x4, 0x3, 0x9, 0x400, 0x8, 0xd, 0x9, 0x75b, 0x401, 0x3, 0x800, 0xfffffff1, 0x8, 0x3, 0x845, 0x661, 0x5, 0x8, 0x3, 0x200, 0x1, 0x92, 0x3, 0x4b85, 0x4, 0x5, 0xfffffff9, 0x8, 0x80000001, 0x4, 0x2, 0x2, 0x3, 0xffff416d, 0x0, 0x8, 0xb, 0x3, 0x3, 0x7fff, 0x8cf, 0x7, 0x2, 0x3, 0x1, 0x101, 0xfffffdc9, 0x20000000, 0x401, 0x6, 0x81, 0x4bc, 0x5, 0x2, 0xffffffff, 0x3ff, 0x4, 0x6, 0x10, 0x798, 0x3ff, 0x0, 0xd7, 0xefc, 0x0, 0x8, 0x2, 0x7fff, 0x8000, 0x9, 0x401, 0x1, 0x2, 0x0, 0x3, 0x102000, 0x2, 0x5, 0xff, 0x3, 0xfffffff8, 0x5, 0x5, 0x4, 0x9, 0x223c, 0x0, 0x7, 0x7, 0x81, 0x6, 0x8, 0x4, 0x7, 0x10000, 0x1, 0xf, 0x3, 0x5, 0x9, 0x2, 0x9, 0xfff, 0x7, 0x10000, 0x2, 0x8, 0x6, 0x1, 0x8, 0x2, 0x7, 0x0, 0x6, 0x6, 0x8001, 0x5e, 0x7, 0x1, 0x3ff, 0xffffffff, 0x9, 0x1ff, 0x2, 0x0, 0x2, 0x9, 0x6, 0x2, 0xa5, 0x6, 0x0, 0x4, 0x5, 0x0, 0x1ff, 0x800, 0xff, 0x80000001, 0x40, 0x4, 0x8000, 0x8, 0x4, 0x8]}]}}]}, 0x4a8}, 0x1, 0x0, 0x0, 0x48000}, 0x400)
ioctl$MEDIA_REQUEST_IOC_QUEUE(r1, 0x7c80, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0x10, &(0x7f0000000200)=0x1c, 0x4)
bind$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r4, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
getsockopt$inet6_int(r0, 0x29, 0x42, 0x0, &(0x7f00000002c0))
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
pwrite64(r5, 0x0, 0x0, 0x4)

6.023574252s ago: executing program 1 (id=3173):
mount$overlay(0x0, 0x0, 0x0, 0x40000, &(0x7f0000000040)={[], [{@dont_appraise}], 0x3a})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000001080)=ANY=[@ANYBLOB="18020000030000000000000000000000850000002000000018010000090000000000000000202020731af8ff00000000bfa100000000000007010004f8ffffffb702000008000000b70300006c10094985000000060000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
r1 = getpid()
sched_setaffinity(r1, 0x8, &(0x7f0000000340)=0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xc, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0xd8, 0x170, 0xffffffff, 0xd8, 0x228, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010100, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3]}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
close(0xffffffffffffffff)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32, @ANYBLOB="0bb1000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000500), 0x40002, 0x0)
preadv(r4, &(0x7f0000004040)=[{&(0x7f0000002e00)=""/156, 0x9c}], 0x1, 0x401, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000240)=[0x7fff])
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0)
pipe(&(0x7f0000000540))
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0)
r6 = gettid()
r7 = syz_open_procfs(r6, &(0x7f0000000040)='timerslack_ns\x00')
write$binfmt_format(r7, &(0x7f0000000180)='1\x00', 0x2)

5.965545249s ago: executing program 1 (id=3174):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
ptrace$ARCH_MAP_VDSO_X32(0x1e, r0, 0x6, 0x2001)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
pipe(0x0)
close(0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r11, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r12 = accept4(r11, 0x0, 0x0, 0x800)
sendmmsg$alg(r12, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)

5.89047528s ago: executing program 4 (id=3175):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="18000000000300000000000000"], &(0x7f0000001700)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
setsockopt$inet6_group_source_req(r2, 0x29, 0x2d, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private2}}}, 0x108)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(r0, r0, 0x0)
r6 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f0000000100)=0x3)
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa8f, 0x86c, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x8, 0x2800, 0x6, 0x2, 0xba2, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)

5.643449504s ago: executing program 4 (id=3176):
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
write$tun(0xffffffffffffffff, &(0x7f00000006c0)=ANY=[@ANYBLOB="010086ddde00120000000000000063b9e7a900000001fc020000000000000000000000000001ff02"], 0x36)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r2, &(0x7f0000000580)='1\x00', 0x2)
write$sysctl(r2, &(0x7f00000000c0)='2\x00', 0x2)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430", 0xf)
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000009c0)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="ece600", 0x3}], 0x1, 0x0, 0x0, 0x20000000}], 0x1, 0x24000040)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004090}, {0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000e40)="c4ae7c0462b7d5d0f701a4979574ff8a5d74bf45c9e878972a42062f9b70e92f76ed2c49e2e8a043016efca580e1e24cbf53ef2fdb0d3810e8359c20b3938b1cb8574e51adc3cac209dd1c3b0fa44d9ca5ffbccfd95395", 0x57}, {&(0x7f0000000fc0)="26166583e37c8b7d00ab5146a77c416387ef936b5c5d71546721b5fe2369b8b7009262933b2d3280235aff09fc6b0d14ad0d2336b4f21ed53375838ff7f6c567b372b0124a5f1bc6ca1eef4cfdfe8e97b9cadc99cc2a87", 0x57}], 0x2, 0x0, 0x0, 0x84090}], 0x2, 0x4004000)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-aesni\x00'}, 0x58)
r3 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x20, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffffffff}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

5.510354495s ago: executing program 4 (id=3177):
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x50009405, &(0x7f0000000180))
syz_emit_ethernet(0x0, 0x0, 0x0) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r2, &(0x7f0000005200)=[{{&(0x7f0000000480)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x0, &(0x7f0000000900)=[{&(0x7f0000000500)=""/133}, {&(0x7f0000001140)=""/4096}, {&(0x7f00000005c0)=""/191}, {&(0x7f0000000680)=""/238}, {&(0x7f0000000780)=""/221, 0xfffffffffffffec5}, {&(0x7f0000000880)=""/99}, {&(0x7f0000000040)=""/14}], 0x0, &(0x7f0000000980)=""/27}, 0x401}, {{&(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000a40)=""/243}, {&(0x7f0000000b40)=""/241}]}}, {{&(0x7f0000000c80)=@caif=@util, 0x0, &(0x7f0000000fc0)=[{&(0x7f0000000d00)=""/45}, {&(0x7f0000000d40)=""/241}, {&(0x7f0000000e40)=""/2}, {&(0x7f0000000e80)=""/75}, {&(0x7f0000005400)=""/4111}, {&(0x7f0000000f00)=""/78}, {&(0x7f0000000f80)=""/26}], 0x0, &(0x7f0000001040)=""/126}, 0x73}, {{&(0x7f0000003140)=@in6={0xa, 0x0, 0x0, @private1}, 0x0, &(0x7f0000004480)=[{&(0x7f00000031c0)=""/4096}, {&(0x7f00000041c0)=""/13}, {&(0x7f0000004200)=""/225}, {&(0x7f0000004300)=""/27}, {&(0x7f0000004340)=""/52}, {&(0x7f0000004380)=""/222}], 0x0, &(0x7f0000004500)=""/214}, 0xff}, {{&(0x7f0000004600)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0xfffffffffffffe33, &(0x7f0000004a40)=[{&(0x7f0000004680)=""/11}, {&(0x7f00000046c0)=""/136}, {&(0x7f0000004780)=""/126}, {&(0x7f0000005380)=""/128}, {&(0x7f0000004880)=""/237}, {&(0x7f0000004980)=""/163}], 0x0, &(0x7f0000004ac0)=""/250}, 0x804}, {{&(0x7f0000004bc0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x0, &(0x7f0000005080)=[{&(0x7f0000004c40)=""/177}, {&(0x7f0000004d00)=""/208}, {&(0x7f0000004e00)=""/72}, {&(0x7f0000004e80)=""/186}, {&(0x7f0000004f40)=""/54}, {&(0x7f0000004f80)=""/176}, {&(0x7f0000005040)=""/15}], 0x0, &(0x7f0000005100)=""/196}, 0x8}], 0xca, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
lsm_get_self_attr(0x69, 0x0, &(0x7f0000000040)=0xfffffffffffffd9c, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001900010000000000000000001c140000fe00fa143b31268d"], 0x1c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="64009f071d8f92890c947e58470849b2290000", @ANYRES16=r7, @ANYBLOB="0100000000000000000017000000500006803c00040067636d2861657329000000000000000000000000000000000000000000000000140000006da1b5b55386947658778ef975c0996cf4bcaa0608000600020000000800010009000000"], 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000001100)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000010c0)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELCHAIN={0x34, 0x5, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x27e9185a}, @NFTA_HOOK_DEV={0x14, 0x3, 'bond_slave_1\x00'}]}]}, @NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELOBJ={0x14, 0x14, 0xa, 0x905, 0x0, 0x0, {0x1, 0x0, 0x6}}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}}, @NFT_MSG_NEWOBJ={0x48, 0x12, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x1}, @NFT_OBJECT_CT_HELPER=@NFTA_OBJ_DATA={0x34, 0x4, 0x0, 0x1, [@NFTA_CT_HELPER_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf6}, @NFTA_CT_HELPER_L4PROTO={0x5, 0x3, 0x88}, @NFTA_CT_HELPER_L4PROTO={0x5, 0x3, 0x84}, @NFTA_CT_HELPER_L4PROTO={0x5, 0x3, 0x2f}, @NFTA_CT_HELPER_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8848}, @NFTA_CT_HELPER_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xfd}]}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xec}, 0x1, 0x0, 0x0, 0x4000000}, 0x40880)
ioctl$SNDCTL_SEQ_PANIC(r5, 0x5111)

5.254300318s ago: executing program 2 (id=3178):
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
r1 = userfaultfd(0x80801)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000080)={&(0x7f0000ffc000/0x4000)=nil, 0x4000})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x7, 0xfffffffb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x7f, 0x2402)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000/0x3000)=nil})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/igmp\x00')
preadv(r8, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/205, 0xcd}], 0x1, 0x2, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042fff01"], 0x102)
syz_clone(0x401000, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000120005f700000000004a000000000000", @ANYRES32=0x0, @ANYBLOB="1100000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x9, 0x1000, 0x800})
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/127, 0x7f}, {&(0x7f0000000bc0)=""/84, 0x54}], 0x2, 0x6, 0x0)

5.039600712s ago: executing program 3 (id=3179):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x101e01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_ID={0x8}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x58}}, 0x0)
r4 = socket$inet(0x2, 0x3, 0x4)
socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0xc, 0x6, "37a07e", 0x0, 0x2c, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @local}}}}, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000003c0)={0x3, 0x0, 0x0, 'queue1\x00', 0x200000})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCGLCKTRMIOS(r6, 0x5456, &(0x7f00000006c0)={0x10001, 0x1, 0x9, 0x1, 0x11, "8d3f1642f1bc2c7e16f158d7c8cda5d2b465b5"})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x2, 0x0, 0x0, 0x1}, 0x76e0})
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
sync_file_range(0xffffffffffffffff, 0x889, 0x8, 0x3)
write$sndseq(r7, &(0x7f0000000000)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r8, 0xffffffffffffffff, 0x0)

4.918190031s ago: executing program 2 (id=3180):
socket$packet(0x11, 0x2, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x2, 0xb2, &(0x7f0000000640)=""/178, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = socket$netlink(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0xb, &(0x7f0000000100)=0x800000, 0x48)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000cc0)=@newtaction={0x18, 0x1c, 0x1, 0x0, 0xffffffff, {0x0, 0x0, 0x1300}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0x200000fff, 0x5)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, &(0x7f0000000600)='GPL\x00', 0xd, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBDIACR(r5, 0x4b4a, &(0x7f0000001000)=""/73)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB='$\x00', @ANYRES32=r3, @ANYBLOB="0500fdffffffffffffff0600000008000300", @ANYRES16=r3, @ANYBLOB="0800050003000000"], 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x4040884)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r7, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r8, @ANYBLOB="4b000e0080000000ffffffffffffffffffffffff5050505050500000000000000000000064000100060206003c04010fa10472060303030303037107ff00ff01010000760600012b00060000080026006c09000008000c006400000008000d00000000000c005a80080002800400010070da332e905896e758e6eb738fbfb13de691d342268697934cce66e5f8429ed8414bba499af709f6ca75fcb0ed599c7dead48d929aeb9ffaedf0117cac8d13ac042a40d6ef83f6a9ef8e8a6c6e19ef386cc0606731ca520710fa0157eede4c364110ca6a2e297545c72bd28cfdeae07320b9bad5aa349cb5dac2165b29e7307320"], 0x8c}, 0x1, 0x0, 0x0, 0x84}, 0x1)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'gretap0\x00', 0x6101})
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'ip6_vti0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x2, 0xd}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x0)

4.584674777s ago: executing program 1 (id=3181):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x1ba1, 0x10100, 0x2000000, 0x132}, &(0x7f0000000100)=<r0=>0x0, &(0x7f0000000380)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x23}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x10, 0x4004, @fd_index=0x9, 0x8, 0x0, 0x0, 0x2})
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x0, 0x40000101, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8000, &(0x7f00000001c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000200)="9a9c94a4", 0x4, 0x20000800, &(0x7f0000001080)={0x2, 0x4e24, @multicast1}, 0x10)
r5 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r5, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4)

3.470873999s ago: executing program 3 (id=3182):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x1, 0xf, 0x4, 0x21, 0x29, 0x81, 0x0})
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x9, &(0x7f0000000040)=0x3b4, 0x4)

3.291742758s ago: executing program 4 (id=3183):
mount$overlay(0x0, 0x0, 0x0, 0x40000, &(0x7f0000000040)={[], [{@dont_appraise}], 0x3a})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000001080)=ANY=[@ANYBLOB="18020000030000000000000000000000850000002000000018010000090000000000000000202020731af8ff00000000bfa100000000000007010004f8ffffffb702000008000000b70300006c10094985000000060000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
r1 = getpid()
sched_setaffinity(r1, 0x8, &(0x7f0000000340)=0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xc, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000600)=@nat={'nat\x00', 0x670, 0x5, 0x368, 0xd8, 0x170, 0xffffffff, 0xd8, 0x228, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010100, @rand_addr=0x64010101, 0xff, 0x0, 'veth1_macvtap\x00', 'ipvlan1\x00', {0xff}, {}, 0x33, 0x2, 0x14}, 0x0, 0xa0, 0xd8, 0x48, {}, [@common=@ah={{0x30}, {[0x1, 0x3]}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x67, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @empty, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @gre_key=0xe, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
close(0xffffffffffffffff)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32, @ANYBLOB="0bb1000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000500), 0x40002, 0x0)
preadv(r4, &(0x7f0000004040)=[{&(0x7f0000002e00)=""/156, 0x9c}], 0x1, 0x401, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000240)=[0x7fff])
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0)
pipe(&(0x7f0000000540))
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0)
r6 = gettid()
r7 = syz_open_procfs(r6, &(0x7f0000000040)='timerslack_ns\x00')
write$binfmt_format(r7, &(0x7f0000000180)='1\x00', 0x2)

3.271290277s ago: executing program 3 (id=3184):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
gettid()
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
clock_gettime(0x0, &(0x7f0000000080))
mknodat$loop(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1004, 0x1)
socket(0x10, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e23, 0x20000000, @loopback}, @in={0x2, 0x4e21, @loopback}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x16}}, @in6={0xa, 0x4e24, 0xec, @remote, 0x10000}, @in={0x2, 0x4e20, @local}], 0x68)
sync()
sync()
sync()

2.986611452s ago: executing program 2 (id=3185):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000580)={0x1}, 0x8)
sendto$inet6(r0, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0x2, 0x4e24}, 0x1c)
mkdirat(0xffffffffffffff9c, 0x0, 0x110)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f00000000c0)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r2, 0x7af, &(0x7f0000000080)={@my=0x1})
socket$xdp(0x2c, 0x3, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

2.851458637s ago: executing program 4 (id=3186):
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000040000000030a09020000000000000000020000000900010073797a30000000000900030073797a3200000000140004800800014000000000080002400000000014000000110001"], 0x88}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}}, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "f4cb985d86dd6266b5efb88a2c87eda081bac8b2f9a49d564054f1c9218f47b3", "cf8743eb4d9e776f94a6a58d36e006ac614f6f7bce9217cbfea31675d4a860cf6003977b1e4dbb16dc31cc76522bf19d", "5043edd2a8cc8c41345f8feb1a7a8e23043b8a465b1ed5bf8bc91307", {"c7193f7edd1efc4742dc481e6f57f901", "948177bcc5dea4029ba4683a6bdcd7a1"}}}}}}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x6, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xb460}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r8 = syz_usbip_server_init(0x1)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902"], 0x0)
write$usbip_server(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000300000001"], 0x35)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000400)={r7, r5, 0x25, 0x0, @val=@netkit={@void, @value=r7}}, 0x1c)
syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0xdb0b, 0x0, 0x5}}}}}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x80000001, @remote, 0x7}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

2.850920408s ago: executing program 2 (id=3187):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
gettid()
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
clock_gettime(0x0, &(0x7f0000000080))
mknodat$loop(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1004, 0x1)
socket(0x10, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x7, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e23, 0x20000000, @loopback}, @in={0x2, 0x4e21, @loopback}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x16}}, @in6={0xa, 0x4e24, 0xec, @remote, 0x10000}, @in={0x2, 0x4e20, @local}], 0x68)
sync()
sync()
sync()

2.273340133s ago: executing program 1 (id=3188):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, 0x0, 0x40050)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
pipe2$watch_queue(0x0, 0x80)
r2 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0)
sendmsg$inet(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0xffff, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0xfffe)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000000000f7)
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x20048044)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x2000c000)
close(0x3)
close(0xffffffffffffffff)

2.073531883s ago: executing program 0 (id=3122):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x80, 0x3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000040)=[0x0, 0x0], 0x2, 0x80000, 0x0, <r3=>0xffffffffffffffff})
mq_notify(r3, &(0x7f0000000140)={0x0, 0x2e, 0x2, @thr={&(0x7f0000000200)="7d5789abb0f216d0f5dc8be279fc328ea7c2fc95b5fa5a4b65830c55046a84983976a2589114c01b26d2cfea073935c9e9ea0eff22ec78423608b35dbe04675b4e8d8283ec43b5e7951007f70479b243fe4735ea5225f5dcd6c2cf2cb61797bf7038f06c9f2c20066657a9fc74df706bbf60f0e209fb65f2fa671311d4801f55670ed5d2f6a3fdbdb07d1f2df3992d99b82b84a9613de264e6368f7aafc333bda97941fd9c68bae24b4a7e35a11bcaed937a2da5a2c5aee1d3eb911e3c2b9f695d6c6c7685ee8a4889a6248af775fa2af757053224e1a465730d2dbeb2", &(0x7f0000000340)="26d6df51508145c3b5406723fdfe465532c160e9c6675fe60f6ef337f520e37983dfe220863e0c8cdfeb3254aefabfce5b343695487271375b8b1eb2e94648e9ceb3dfa7fa6a97107a64a6ecb55e07abe0dc3b9978951469b19198bf421995cdff8f65d3d1fcabd13eeb461c6549fd9c301ac0e36f9b30e8bab418626afb1f67fc6c9a5e8e7ee329f8a3263194b8f31c6316ba09c612699fbdf87b78a62d2a1ad286205dc336"}})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000400)={0x7, 0x7, 0x9, 0x0, 0x7})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00')
exit(0x100000001)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
kcmp(r4, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
times(&(0x7f0000000300))

1.724373137s ago: executing program 3 (id=3189):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000001c0)={0x30, 0x5, 0x0, {0x0, 0x0, 0x1, 0xc3bad51a}}, 0x30)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0, 0x0, &(0x7f0000000600)=""/191, 0xbf, 0xa1}}], 0x1, 0x2040000, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
io_setup(0x2, &(0x7f0000000000))
syz_clone3(&(0x7f0000000500)={0x23800000, &(0x7f0000000040), 0x0, 0x0, {0x10}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)={0x28, r5, 0xb97534d5fe9704cf, 0x0, 0xfffffffc, {{0x12}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x2400c880)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=<r7=>0x0)
fcntl$lock(r0, 0x24, &(0x7f0000000140)={0x2, 0x1, 0x100, 0x2, r7})

972.996568ms ago: executing program 0 (id=3190):
r0 = syz_usb_connect(0x0, 0x34, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x92, 0xdf, 0x55, 0x10, 0x5ac, 0x9226, 0xb289, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0xe9, 0x0, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "d77b5d2898"}]}}]}}]}}]}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
syz_emit_ethernet(0x96, &(0x7f0000000d00)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x60, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @private1, @remote, [@dstopts={0x0, 0x2, '\x00', [@ra={0x5, 0x3a}, @calipso={0x7, 0x10, {0x0, 0x2, 0x8, 0x3, [0x1]}}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r3 = syz_io_uring_setup(0x10d4, &(0x7f0000000000)={0x0, 0x615e, 0x0, 0x0, 0x1000034f}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r6, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
sendmsg$rds(r6, &(0x7f0000000600)={&(0x7f0000000200)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000040}, 0x0)
mmap(&(0x7f0000029000/0x1000)=nil, 0x1000, 0x1000000, 0x11, r6, 0xdffaa000)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f000000e280)={0x2020, 0x0, 0x0, <r8=>0x0, 0x0, <r9=>0x0}, 0x2020)
syz_clone3(&(0x7f0000003200)={0x10200000, &(0x7f0000002f00)=<r10=>0xffffffffffffffff, &(0x7f0000002f40)=<r11=>0x0, &(0x7f0000002f80), {0x8}, &(0x7f0000002fc0)=""/246, 0xfffffffffffffd2e, &(0x7f00000030c0)=""/232, &(0x7f00000031c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0], 0x8}, 0x58)
fstat(r7, &(0x7f0000003280)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
getresgid(&(0x7f0000003300)=<r13=>0x0, &(0x7f0000003340), &(0x7f0000003380))
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000034c0)=[{{&(0x7f00000003c0)=@file={0x0, './file1\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000440)="b638554065cace31451d7f069fef27b718c2a605fbe02055ba1bf59d0bf6e64ae13c8d7a5700e8c58c7e60de4aaf46879ef893f3635dd82531d63c4b75b0f8aa56b654ddb2001e64c1d9d0d43af68c96c5b2229b3a6810a82adb34dfbf162563b5d340ebb9ed675d6b938ca8c6847c29ddb7b6f213f6262dd2d2f11130914ec60f71f1fe87de679faaa8dc0571ac25a36cd8574e1389e3db520127c4b44443f58ba67d5bfc8219db08c5012b5a", 0xad}, {&(0x7f0000000000)="b45819ae592bc0a11752d39f63bcf16874244deaff62858090252574633b00f5b1de0339cb1041e40667c3059b6a1b8c01", 0x31}, {&(0x7f0000000500)="94cb2522d0d26d41fff9c34833a89690e6dfdd232f180bc64990d7278f309b379c7b3a2bea2f9706fba2d58e0b77b163695f639bafb40b8f3423b030195fe04294fe2e2dedc45e5ab3ae9c51bd7aead44996acef66c33e157a37883fe34b1c937db0db3645972f38688b8e1332a67a26f2f7a309053cce1d6caa67d9812ca61dc001860693ebc6933098b0e1a95ef632d7aee4e68376273374879eaa26524a27110d48241688ac0c49cba6dbe1ee136f4e813023655f9c12bc74447187128e604e7e239821ba2ab194b1e8fc19574ff77dffb6b3a2754a414a2a177a9901738eedc4c9717e66f754b34d", 0xea}], 0x3, &(0x7f00000007c0)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000000800)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000c80)=[{&(0x7f0000000880)="c66f6ce6f1fc3634d708480b0923a9adc8c95e274d74559ae9c7b9159dcf5a4208e4e45c22472f1e11c6c754f43250f3868514f19b446f7728e60214b6045c409d24ca476fae6308f47737b2e7dd115dcddb593f7c1a0e1aab9ac323399a23b82e09b8744f94b2ae7a75a7f2585120c53885eac312c0881e03c36302f772d2308022f359ba6e120e3e6cace5ff5368a23616e155e3503a27f09fd04dc97d94d1c414a93fe22135d75e0e3680d9492e0a6eb9654c604fdb72947cf395ef6a31d6f7a5d39f673aa7945b537f", 0xcb}, {&(0x7f0000001480)="fdea513e545cd89c32157791bdc57bdf7c6ac7a02b0d440580e33b802668a00c080b22e5e0b0da34a3f9cfa96afaf288c04ec35e602078112a8c3dae4b55a8a30c5cbebd1276ec2eca53a1816f218c36cac66eca4f65bb393ae9cb82789bbefcc58c1ab7c9cbe0986f63929864727a477c770494ce390824f07bc0f48cddf5a418cb8e1f55eeaccf4b75c569bca83afa6c71ab4cfff1603745bfae5d82bf3c90ea1a352dc06c17c5dff3f9a58c218c59c4afb3fc4e5c4178b8ddd1506af66d3988189427e6f9e0bdf1dd204de7b09f0d0dba189a3ffa3b39488fa71d4ec4f226af1a715d5b77ef6541033a1fb22f86f027883590b4d401e0efe3e42eff411936eaf144d0ce1b8c0115d8404ba1f5faae26038bc21b3ed2faf167ca3759dfd4620fc5eee4b27ad5da6494557225c7ff1b93e2934a161680877f8f143d09a48f91e3e9e637da6b310671db3643e78fa1308beb4d7fe5fb9c7171386036e3efbdb4686cc44e21908743c10b73e1650ab9f5d514c0da2a3a30c4eee1454da7a115348d2afcefc747345bf81238026a886f2b70de3bfb0546eae303227e0e74c5cce3a7353a0a734d65b6d22f876872208e96d2f3ff1a8ae2b347e3f0b9c0fa8154dc4c4b34c7eee9a0b0f0e0c3d46521fbc97a253d5f6f56a743c6e6555800ce8eb06bda9571d9bc154a54f32a6b41875f16dfdd2329d2aa0ca114bc79e1110b80a7b55f0d1f53c6948afef2a74731f6b4ec666a133729898a9e0f5345ec31a04863505d1a6c17ff8f0c22e1079a85225c6834d3d99723949b0bb2c2a38cf3ff102e25029bf99777665cf9140b07d2f90ec068db8fb9d741a5d99bcc2fb6d72d4b9f1bdc2aa2dbbe98ce86e9ca1dfb5fce391f2f0df05c65960727fc8b9a490516c200f8f9a08a056ed3bdbd8ab0479929d58250885c0f40595fe735c08357122c7b882e9b4e71f175b536a5a4ee3001fb96aa16ff8a6f2e86a09f9db20003311d5423ecaac8e66a7b23aa76881d3274c8d05351df0200f70d912bb0d450b15bc514950944924d1c25f2b98b4f11013ac8fb22162695633af35a090250ad2a7e174931150be396e970eb950d6205039d644556685c5b7b953f4c67d043123e9e303c04fa92fa310a467b7b30a02c9dd0ae561d69f75a675339d79ccaff555e77490c82a531340f12f9dd0fede156bb7aef38b65a9250cd98585640de430a49ec2ff9b2acab5ed56343bab1db17d0abd1db72a2a69f45e1aeb88935502123fdcfc2defe0e14c06a3140fb9c7d6fb1624920aaa4934310b70b8cee62d2fa9455d72b0dbf698863c74147ca3b1e79a813f843b767d6ad814a0e63e7ee97db87deedb664036f64201af67247ab137f170abd26f369e3c7d403162e6904efc330be48a955fa5040a74a355206a364b33fd8218735f3d1044ad937ff29143799c4d7cd1e70305c219ae2c9f0c589916ac3cdb915ea3c303095c54a3054db4ecd5c875779b1908b304a451c452f2d2ba5a9333968aa6142590151d84d0c61d189a1fa2c811930b3dbd1167c9d8dcac73540dcbe8e28eaa6cf03df1bb40d9a88cff2613c21a498c37ae61762225749e7257401fdd89663c5e4d5e76001520df6c74871f4342bcfbd12b74570badb6b3deba6465a37f6b1d8a53754063df3bd3f0962b0737846ac408dda881e6885026edacc8d649893e84e235fa56d1ae2966ad450d55e975e9491798840e3dcead1b8b4d6e7ac27d693115fc086b1fd994437aec91d217f26eb628451da72eaeb268fa00bcae81d2ca683ac50e7a3943a3c64e70b52059d10638e20763c4fec36ceb926c9c5d264c9862fe690c9686990633b916ef4ea0e38d6e6f916ff416ddaca646c00d14f28cd03708d304152ad71e0017b5604f84efdb3a6d5a71e76cb0798b1e28adcc227a33057483e0b09d7a7901b745fbef307bf3ef58a65ed4f064a1afc8ed390c681780df51ff67b56ae89278cf96412313add91f6c015df2ddb7d83ae2265191f4a5295c617790b7e4757a56a92491e8f66ba9ce30db54a4de44ce09f96c4dc9fab2ea13f905b72e074a864457823b9bd5d4a4093acf9c2e828cbbdae3b7f22b1d13a0433d75a36f86d123bf3dcb1a6a98a26e4a8d1caf2c6ac9916b3e910123ecb24ba2e733b5d66604dbe2123f5e2f5f5dd962ee774912e6ecf59b50dfa0395bd05e611106a849f36dbcdaa4104b77b376739ea5001873bb015a3e2539c2c1bdd771c9dbbfc2c2daa71ca8e942b487aa5231e4417d865945951d5944054788c2e41cfb8f0aede1d9fe03f3275ba57fb33570051f12a08fccf6039fade4219d3dd44ef6e8a50af1ea3e298e859152b0a7712033d3f6412c186dcb4cd362d9e7bdc9b1febf711ee2d3a3d4e0c501d919b387b0570982df6a90c121edaaa6e07acb850606be7edd0ff5b7ed5b092f700fe4444f21c25a7bd9537bd8f8aba7a219153c11024689359c43b36c285f7ad7457dda0f817eb1ccaf1d4d84f2699220cdda03cfe8adf25d12fb96ad91f169a848b8578644809fb59c5ec63bb98edb1597b88de2cb98d8ce2ac10043a2d06e3599bf352966099504e608a0893828128b1de51ca7999abd6b284d5f44c52ab71bdac41c9daa0ef956e1619d0006a9a5f1366a74ba7cb94ff7cfacf95b5bd9f9259169c91d0ef2e2cfdcb546e9965fb3a8cbbc5b987e6e2bb93718c329ccb69d32d270cb42be98489911cf86e4605e92a6553d87a82916e81b7c03367dd2f233a25ec799042f5921688b934d2ee31972cdfb83f68d24eaea337cd519c2d933a68620f6bf645ead1d43dd749767b638322bd827652391212a0fe6c1f5f4a89eecdac5c6fe4b7d13a48c13541bfe5e5eb11ccbea972670f91f69b12497942e170b8b172983c200c3f2a73b67b9a096fe4f33a2fba27b7f5a37cdbce6d50a934bca76eb6c5c971d9b350750a78ceb376ad28942ad6f8866dbbd049bb73c5fb6f3427d23b0436734a649e9d5f1eeba83562beaf89d0fcf84ddc4cfbce63d7f1235f7c5409433d7a8e3f262deac9284ac2b8a328161b83a3e05ab3cc34a72119da6ab3b6c323fea4d8e869f643862f15f06795ee0a9f2852e6e5b0b73b8dc2fcdb3031a50a77f6be9a69d316101108fb1e839cc7542d484832a371332799740464ebee2712103fbac479b69f072e8a970cd5543c40535b64d03a81f3e1b9e25fd479ae2d35947990797725618448d42c81b68c4888f88fcfafe22975fb7390cc35027cad053aafe2ff3c879fa7246854ec5077646ac2f8a807f91029cf35514b9b66e5f17e74ac43dc9d6111138cfdda63aedd38c278d5eeda6d0d14b1413a54ab23218071cbce10718985c21d93c2ec94914005727803c0527036cd57c9f70bbecfe6493501354501483612e7321f6fdfd5b9f7dde770f7071b22d23eef045650a5123f1c68b1e33c31a814563c3aa39a031b91088e9d9750ae9aeecc38d382c061254130d479c9427c53c7d10c8d2d963a44974d561ec15399e5cde6a5c7c69ab1ddb263e6fd37775fa13d879633d9009f78aaedcc97259d7f0c282c3acb5500e0027b48f47e44e959cb9eeb4f00e748ffde0205b0160afefb2ee594ec260350bcdc78c1193a8462c56be2aacd61c16361e234ec6e0cfe90a37455f04452fb8e55b287d06108e37adc36e77345b0b4cebe246767d1aebf567c9bcd3173d687c9305a39a7a72fa628232e425570261f3fbcefe02ae332dda16724980b97d6a45c4d43b29daf980fff7de4ec49f1d367f0b10916035cb82be87e24047f38db532c86446fbda65949aa57912d4a0da27b03793a3c1514ee1e9e0d7b64871b37aad8c2d556963e02e8fcee4cfa0db8e009e47e11ae122dccc6a68e77222ba8feb18c138f4edb8ad0ac017ac7d0970ff08a7e3edaf4cde689dd922b2bd5e4a9af0d43b3553cceeb706f0d077650ae5c4fbbbd96ce0d1a7146652a9a11072bae4cdb187aa4e979fb6eb074d2113ef79de74587ec8330a609626d27d3f8937c1ed2c6ad5289f5452b28d17747437b837bdb5fd1e292f2db2cc6d81dfbcf17a155a4852e7deb59fbe16127367bde2016059f583e5579e3323677de8951982ab5e53c5b22bc69f51adac5311a2906ccbc73ebc3f4d4b1ae759658a00810a6b3219a3d6eced5a3888bb09f94c8499037907d123f020abf06e8929434b6b86b426e85624e9e25faab07e42460a824cf98f84a08cc3c18c848cf99ff555832bba3c405c49fd9cbc846af4772ce0edca05f544a18dd87450b6c364b82d8c8234c05bf9c654130907df65d7fcac60f3b3f81121e4d4a105e455ecb6b83c01ea8f6438882de101de3d7ffe2933b88e17d61e213b9dce3165d12f14098bdc24a5a9ff8e4be6382f7659fe616a341daccc9108029aff8d26525fd76c1dc51c551846f6fb54ed1dc3fd45edae75a71af32e999bb67a13ded840d80f00a11eb60226461730c3c09f0141ace3afd6cbad9a3f43442f717a7a0bd04f1556327d856d48e7ff7100f6f7918a75b820f7e79d27d3ff81af9d24f0b2df23c0b5a396ff5116417c1ab6705dc705d4366ae1739bd57e4fac1b294a5a10a8e05248f39c2c6c7cdbcda2fceee641980ca66f868a9ffd23d1e0495976cb451e3e2cba267735b4d33e02098309d4464cbb5c91390952c2f59509712621769bb6acd920a4c9e69d38a9fc79d4ac9250de6b5db9ccd537fae6ba303fb698bc38e2e91ea2caf5ae11759a08c8b116b68f6a5abed7c1044be3c112a3707d549e2c0d1596dcd9f81d405f79ff42ad9bd3c86bb62cb62324c5fcdc8d51ecb050a8e720de1794b2ebf9b4944f1c56ab37d556729f7faec78c2603234a35910f48190dd974b74445fd9e2ac9c87b161cade54f246fa36818bf8509e180a0272eb6e405cab9a37afd55797cd4c56996f9e577d89184c37ecbb60a571ef852dc64bbf4331e941759d25f6c20ff00eb0a7efefc75d74831ffe556bdcf0ce9a794e1b91e338cb2e40fc5008b10f79f0409ed2063a89f46c6d7b42fc3ba5dd6b719eab709f4e24d29e5ba7c44be59b9bbe1d74b0b68fb515d5772fac468da2239711a516053dd52e85759c22acb26a0e6708bf08648e567541319e7d69bdb8b9f5d7a4eff2ae0212e239fee90de28917e9d46d1679733dc7b6ec9865900f4479b1137723ce9bcb1a2d37e5f36b08c30b5ea0a91527724a0cc40d86b7a119ab27047f469694b3791a3792a93b0dbad22c8818747778f67c7e6218863aa5abbd1db161599c4379efbdbb12d2514ad50e87c05143c7ad14bb85819120848a816608be3bac8bdb8a0a095649d81c830ad363926ad03bd35e00243ee258fe99b7443206c84e90accc4fcae747d7ab406b6fc5aa88bd95aa8b944e3dbe762285f00793ea12eede332dc6ffc6a7eb380ea0bc9f16d8a387e0fc928b80b594651c30df5d4e53c216bb4594d9a50f39f673144a7d536600093085083c26ed1e9bf4e9d06fa3ff75745947712218a9a5f9cb9c9ed9512675e953be64cb2572cf2b18663321294bebd6d2e340d0d2028a01391baf0c16fbdc9c31b450a7b6fb8b65a2d6abc607c82c6da456033439736768cefab937b215ebaf8d3a5f679748d768781ee509335d6157374a4fe94b02995a3f9d4ab1478a1e9522ffdbbb1fee5f321e12aa2d53c55cd23abbf634d1af50bccece722c7272b902f3048104f5cf0c384eb8ae2c7386ec60186aa975689ebb3aab363ff593d1a6a283f3c6854b733f274a5876723896f6fef15525cbfd13160defd247a00288696b674c79feeb820890", 0x1000}, {&(0x7f0000000980)}, {&(0x7f00000009c0)="493977f6d0aa6eda110d7505affe4eb3df9d5aa5e09fa9070f78fd96143877900227cd371a10b401f23e9efca26587f9164701afd18fdc3e471dbc12e1da07e3d61c521d38170ce413cfc6d090fcfbcb4466d7f1d02587b4ae0f5705dd5e904c41a19531e44a0135cedda174daca751106d6e4672a6a8416fcc4bfaeec30ee1909f305e1ca3ae21e09cefddb834484c7ba415866f2d579f576abb8084db6", 0x9e}, {&(0x7f0000000a80)="53f156ed6dea1b72b082981ec48afc59e036c37b5ea413addba65c1e97a08e56da06dcaf1445f67255d048c49e8b9b7d61b754369c6c44b9ee7ceb80a5450fb83f465952ceee56c3f9b0fbafa6bb825507594c8903a26ed74af108af997cc1b101c4", 0x62}, {&(0x7f0000000b00)="8893b3805b481ee81b847611cb0210b8bc32544bf011504500b5b7e7fa619e2580f722e5d95a91ad1dc64367e3430ac43bed1222e87b8812443b2ad86d1de3ed0bd1bc6dc36006d58440599bc25c72b470c14a4a7d225f1ac97746bd0b45e30960e5a14519902cf7a15cdfa18195d0047e6b83a0e6a825d1fa6a7fd947b8002ea9c035ed8fb0", 0x86}, {&(0x7f0000000bc0)="67968715d3b7016e088338d82a1893a53f35afa67f340d264917fe301a9a7c748290e9f72ed070f751e39ca78633fc204d985f09e1ac56addb656e01834d7895b2074978774b9f55fced4349a9d53e4197b5d6ee2e561aa6bb507b4eadd31700f451e21c4945233bd6f013f8c73ff04388", 0x71}], 0x7, &(0x7f0000002480)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r6, 0xffffffffffffffff, r6, r6, 0xffffffffffffffff, r6, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r10, r6]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}], 0x150, 0x40}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="0000040000000000000000003780000800000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES32=0xee01, @ANYBLOB="000000001c00000000000000010000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r8, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r11, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00'], 0xe0, 0x40}}], 0x3, 0x801)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000500)={{{@in6=@private0, @in6=@mcast2, 0x4e22, 0x7f, 0x4e20, 0x3, 0xa, 0x80, 0x0, 0x3c, 0x0, r12}, {0x8f6, 0x4, 0x2, 0x9, 0x60, 0x1, 0x8, 0x110c}, {0x7, 0x485f, 0x9, 0x7ff}, 0x800, 0x6e6bbc, 0x1, 0x0, 0x2}, {{@in=@multicast1, 0x4d4, 0x47}, 0x2, @in=@remote, 0x3507, 0x2, 0x1, 0x1, 0x7, 0x6, 0x5}}, 0xe8)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x0})

969.172438ms ago: executing program 2 (id=3191):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000040), 0x8)
ioctl$PPPIOCGIDLE(r0, 0x8010743f, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f00000014c0)="72f12770afb85ab624eb0a19f2a0206670c916c15aa8cc0dd939bf7b91d18e36f0af812c97a09d930fec18fda92204bda5b51426a647bcc577f98f6d34810ba718871286816a7599632741e4d07906322f5c17c79ff8cc8cf468d6119a3ce93def2337035453c500de7bb3487d8ed0aa0ad3b2351a1973ea07eb0a1f19dc05616e038ca82d53fb4b8e2bfbb427e3b8ceb9e2482ad74636a89ad782dff472321da1a756fea906a381c52a6032637e3e11b9f1d6f73c717b5f9446e83ed3fa219c7c0e18b52a06e6c673a47b352df188286172b4c1884c4c816ac471c933e0d2a07d9eb1c0009ee228489b845eeb3b89f6a245627522847285e559f1ed6fc9fdaf57cf79a0a49ad7554984cc86ff7bdd3e3f4e171d60f308c8ac4b09a2242aae867ac1257471c7a40f3effaa47500c915c6cf27976c4e7b5b63830c96b4bc04ef30c5a66422aa152bf82419fe8137f9b9b5396544129317ee33acd5d810cad09c021afedb09aa5d4c53cf2e088ff1ea0ec9a10976c791ddc69fb91b780cc0be44fa740d953cdf5ba57ff6f5da7add5a1bc4037fd2ebdc1683e9a3ab79c93ad3ce78c3d1a27c83ff6e527244a2f22b9f6588ff6b51bd94235d4ae34d90d71f16e9f12a9d310d8df78aa78b7388fd80ba48f8878d7b24a7c4a1721ff500aa4e5ceb80932a7888bdbf980847975e418fb16b6b4e23ee5a64b0b2ea98bd26e85e6ddb72298dc2e43f22c22bc3de7d7ed86929b8aab1a269ebd2405917569f4f7e88e5ff5d92f0f78a96fb26e86022fbfb724818b2a2666c177973ff89436e84fd6f1891717a727523ea2f1ce50461f8f52c6bed4093212853bae257cb0cc926d9ae10e8c7a0604fa83e7a2ce45e74f222d13798a3871485967b2adfffc6d72598e55919c1b3d2e0d16b1ec55138f60a2d0c88a04bc667f9a8abb31518edd9129b87db94353be7f98325bcc65dc1f88159ae06c43a405b91f95ccea4dfd35e46b0cf6e67cc7f90a6e9e42134f617c579c429c7873c4dfee2a4cca809582d7516cde6c13921420040546c7d9421db377ee5db3879b525d7ecfc284935706586a574a19b75d0ae1e8eb49cdd0580abd36ecc4f797a9f88f19a0bf52c169a57cbbd10f220eaaa261452d848498a90caa96e67f11f0d2aa9ab75bc42bd977df5036109257a1203dea2605a49fe0da7df32123d9cc94ce7a8ccaabc4c3884bbf3eb5e88d021d8d4eaad6ad5c91f8a94836cc0e4bd8205da49767f7034c94eed8e80c7ad0b48e3bb0ade310fe76f1adaa43bd7eebeac18315910215c3cdea1d1f7fda21f1c3d4e46bfe9121ec4a3e73f076f011c454d0509895e7b01715969ac35e2c351f5b021b3154a05ef35b08dd2e8535020cf990f7133473274b083da507e24862809244b94c17ace3e4a4c9eff22a84260d9bad4b9042dec66e856213fab947252a4440c5b57925bec5a7abb7a1357b234ea3a9ad1325ba2a211e7b0432182f285b6309407c0968f91969ca78a13554c6759eaa868155acc1779ba597f9174f7cb5381b23793226935444af53edc3683226480c845f22917110d2496badec79080191ef2caba8d0bcd8e77fc633972b3b7a298dc9a8754893d261226e133d2db49caacefa8cb3101167b5ba1af107a7c39e5240b861166f5aa83d6f86e3929393707502d92b3de440b8b49b3b633f0e2de8af98de167e84cdd012c6ee4083e48af3d2e04b579d8f6b98bae4db811380594998e53b8d79ad0711a15b044aa1dfc3589d95ac34424189d9385e51346885192b0a970020ccb1379f16f557cc84533da3c7de00090fdb10213aeb3f3383cfe1069688e4ca6f98bb8ab0f5a9ed86a1871a341f70a71d94596c356edc8189b472c4d3d7cd1f6a33b5c399ff4d4ff2a133328930bfa7865bf28951dec34b7105ad303cd36d80f802e817e79bb6ab571bb34cdda61665470eda3ee12a5429e3d93dff983ae8bcc5498f0e99512442ee683b5e89d32f2aeda2cc176a0a2f18aa24adc68d7c7895440ed43c412d996a27173a1a40737da3871b13fa8918ec7905b66d6004447c66f5e9a90441005b7918279c2f063de788ed2ce05ec9bc0e240c912f63142f84e3bf9492b72ca8bdc48e8e510ed7d395e8708aab7d034f05480820cbad1a20ab3e37570557c3557ed00f8976ddffee02ffb1ed9e81dd8ae6cebc96189174177795f1bff326b8d5ae9d5fb8ee3c08b2b9396ace8c17928d232f2288ad80ab2b33a41a45df62aada75bfcaeb3404088d23e5cc4e18598d88f177d319afcedfd4c002854cc978eb65d97c929730f1710188e6a6b6c790c39f3deb277b6957f58ab93c20712ff8b9e65d6c590b34a109d9b7f125be62f8d912f25997b4ded9090f5584d6af1a68bd0204476826d9e5e1b0f6abbbd86319ec941a5dd35a3e8226c4d29f34f92ce643f5c5d9f20db7fe4f31f02536b2c290830733f2a554a2c5bccfe55dd180fe418137cf4c52c12eda310ebc38f3d0fc48724799c46c512ca44e8f35ab58cb32e9ec893397db9c9040b0f34be8227810b9f3feb8bddf3c712576de0481837ebeb047cbca6ab34789ea72bf6e14255c58ad0b9457c21eb8018722444033e672df2e7297d8c40ee6e14b16576075e6a41e17c0fb0fdd44e3173e9b09aeef9703ed2f4fe55576cb11bd76ade0ded0de966e04632a985c4b749dc67a56ccf87e624077856c8dc38dae969d776632d6d079de64669667e620cbd00879d7f92125da82fbf72662e5facbe6680ac8b7dbe0c9386c47814e754d155715b94e30eeada4f04bb5a240727987a61b283d291aad0e380d10981ea9b2300d4f3938eeb56ec6c15ce1a84a215be0b32b98ecf9d3ff9e98694cb14f79700087bb57aaa30147c80d3d750bb1c1dca66c6d17cb32bcc76bc5bb01d903384e48fd95852c5941d2cb7c51b94e77d1e57b6b78635e66f1ad63dd876c56f0d7fbe2ab9e1af7a22ea9b8148455c858e5506fc7d85bb72cb0bd92efe27d78dfe1e4d994fb6bc19598cdebfbe16c3ecb1e67bac1162c9e085fdd3584cbb936b3120de3a2318e2476cf90d1bd27d912c8f7153ab1a579338f37c60b79d205a99baf4c3b2f41c9aa0b4c1bb0db883fdb5531d254d0d8959cbcc56f3e341084e99e36fea999c63ccbca3d28a94124d120fde10c7d07c9174234d7a47434b4ebf38d67eee2de9ca6e179498cdd07f2f36d0478b5e6d21628f0291374d1be9a6ed401e2d53ababc3bed71d0821a06566c51f8b8a049e6686b4d555fdaabe2f9d19069851c1a289231ea6b66b6f35109b0c7b2f64605474dc7755290f3945c0059ed411c268740284748bb3772aca55ebe3ba242982abcdcacd72f95fea50086cbef8dc4367d1416689063857cf07bdc6cb010ba7d751a44eeb7aab710dea5eee024fbaa5bd9e038f431208bde9ce6cc9684a0665996ce14f1fd389b2ce87ec9bb30d4e6b016c1d4e9b96776a9a639ec69dd6eaa962d8645992920f1f03ac79c834fb99a15e9926ce1438c53c95d6d83f5d9606947bb2046a61a9ba8d497aea54f697c4955aa44811fe43ab339e5ecba2078b61b1685805502d8b84ac36a416d885b54244486ee4bed21124feef6ccb6c1d0b9fcadbca2c484f3c95199ba864dd7bac745cdf75f9fb69c3c0303cbf6979b1102e20cc23651d05b051975ee0162a2cf71652654548085b52bc156b4f03ea8a40e9dfcd9b3d815401cbbd50b16f20f0eb513421fe5138750d9765e0ce276927db06a6aa2ea2ce29a4d2bf142ab7cb66fe95e037b0ba07148f87c838d305f3d58f6e125c75143965b23ceefbc245222865b9c490435e90b932be254406dd3911316255677ef1c8b166a24089989b76449be53842a28f2072ec1edddec1c34da4e6e2054d600bf0beaa36a894e2927baa9eb6d4ce9edaf6b1dea2b7a92be88b7176191830750bdb4ae1b00beb2b8f163bc27035645c649000d24d4fa9ff38149de8c2779145e84e8aae7828e220751a05f07b8a64782df904f30f2fbdadf576ed59bd4c3d4c077e1eb73e177377fe18b2978f1c5eb5fdd334aa591f67ce0f4d0a647264bf96a7d71afc89f92154f5f12a987e4d8b795efc686119ed6dc61824308c7555d28875161ddafb3214005b307fc02cc8493351c164d01031e434c5b44696530634ac8d215c4d8ec11df8d894c7f741c6965ef988c5193967a951be28ec5c9f3c606e1e1c03b292a8755c738c21fd84ca36a8e57acef9ce6158375f56774033cc99f6f17aab1e6d2cc83dbfc59d6f9c9fa340ef5f12c7582066f1ac0ac5a1045041bfedeaca4b91614f85b7ab98cfe11a845db39771c24c4a6f89e22cfd167be31dd8b607320ff150ec23b76d00278a2100b8140c874feb1e0fca6fc2a00c84e74c78e29fa2cf8058aa97f2ec1ea1ef17e0756e05b1b9eacc664f1a05941458f76454062b5ec9569fb38e9695025cb8bad3a45589f83ffb6965ecc1030cba635a17b7b1ae390d8aa595c2a383d0b4e944dbcc83eed9de0b37e18d8a1c509de0e8fbbe506781b6776f21fa5ee2bb5ce8c84b8cb4d8740852ea0021d352e5b1d71f61c3e05d9a80d69a190872bf143d80c13ac1a69329ab2873669cc59b6738943ef8d9670f2fa1a8d29c0002b6551d206b7d43fe15fa32e6a5ffce218544fb71e904b78a55014fa653e2ac23d4707f6594a39040972d7860d5781ccec8ecfb2548998616750e1412d5d30af026b8e25ebe95ad0938f350edc012af616c53e23cd7911cb8d2a6bdf87ff092360a5166e15376176fa46e458729749323746227ca2f9cec50b8e761c5d5f7e56555c81459cd43d8f4170dac08f09efba3348dd4c44a00bbe2e0287058dd99db06c6f37844c7c245a0c6a1483d38538b4980dd9df11690e34a92a617e58eafef963cb3dfba4faef9819501dad5df3d314769572dc1986ee363cfd50df1744ef6130dfb540f5288b0c058cea47e3450313cb33b89935359bfe7b46e24dd4c83c1dd356b8400ed625aaadbdf4fd39d0751c4594cb81365180a654a5388f3f49ed862f98c96c208380e404f7e4ab74fa590d510210fbbd602c1bc5459c020e621fba8e0c661c55be17f00e57edc856b1d32516766fcbee8a59717a457607da5fdc274fedbe081d028806bcb9a0eee5f71ac9cfbab55c72303640229efffb6c6bf2c3ebc3443425e7d5083c27b33bc355fea02527c43f7679609d03626fefcf5245658a36c17f5d50224c87a30138e5897f99da6d3885f8130b4d553863190d7d056776832ccb5d18bfee90c5c80e45bcdc9e53a410cc71ea3b514e05e587a996dc3c649c60fe8954cc47d5bffc077676100092fc86eae171a4a6ef956495a040703c50d6824de7f2fdd9eb192695cceca0dde2dd34c7d0c9bb2c22c9246bf058766447fa635705ee1cce2e952a6730416722b48bb53b623dc285bdad044d4c058284ff95da1d0e6a7a954d5ff72438772e79700295a90ce25587e308717af216b1fe8b68497582c2c93ad11d73e066d642f57c9fa4dc98697a2d57d1b3052d10ba5810d7b10fa7ac3540b3fa250d53ee37df51ba7698bdbd493c591e68e098f304000cb44caf29d04af42c38704cf1f9495b2bc95a8ff86e1caf77f3828838eeace03ff1db4ebd5a8905943a90d6b056af3cad98ffcec42cddcb7d06e2266dc31231fbd4eaaca1ae797cc128c575909850108542e8a59e9513fa4a5cc589e013267d70c980d36705cbb0110318381ad9f5084a29b693b7f526a7034d987e7fcae603a820d8d9c1bf61d57c4076825ec36dedf9bad77cdef42558cb7e75", &(0x7f00000000c0)="a397026acbab64ee4ac711a8f4e8934f184db8b82e1052a968f6db2facccec74"}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
userfaultfd(0x801)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r4, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x11}, 0x60)
listen(r4, 0xf5f)
accept(r4, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x2, 0x91)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
unshare(0x64000600)

0s ago: executing program 2 (id=3193):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0)
preadv(r2, &(0x7f0000001840)=[{0x0}], 0x1, 0x2, 0x5)
recvmmsg(r2, &(0x7f00000044c0)=[{{&(0x7f0000000300)=@phonet, 0x80, &(0x7f0000002880)=[{&(0x7f0000000440)=""/186, 0xba}, {&(0x7f0000000500)=""/117, 0x75}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f0000000580)=""/122, 0x7a}, {&(0x7f0000000600)=""/92, 0x5c}, {&(0x7f0000000680)=""/75, 0x4b}, {&(0x7f00000017c0)=""/73, 0x49}, {&(0x7f0000001880)=""/4096, 0x1000}], 0x8}, 0x7}, {{&(0x7f0000002900)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000240)}, {&(0x7f0000002980)=""/74, 0x4a}], 0x2, &(0x7f0000002a00)=""/233, 0xe9}, 0x6}, {{0x0, 0x0, &(0x7f0000002d40)=[{&(0x7f0000002b80)=""/205, 0xcd}, {&(0x7f0000000700)=""/15, 0xf}, {&(0x7f0000002c80)=""/185, 0xb9}], 0x3, &(0x7f0000002d80)=""/4096, 0x1000}, 0x3}, {{&(0x7f0000003d80)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000004380)=[{&(0x7f0000003e00)=""/193, 0xc1}, {&(0x7f0000003f00)=""/72, 0x48}, {&(0x7f0000003f80)=""/230, 0xe6}, {&(0x7f0000004080)=""/206, 0xce}, {&(0x7f0000004180)=""/182, 0xb6}, {&(0x7f0000004240)=""/49, 0x31}, {&(0x7f0000004280)=""/227, 0xe3}], 0x7, &(0x7f0000004400)=""/178, 0xb2}, 0xffffffff}], 0x4, 0x2000, &(0x7f0000004600))
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10, 0x0, 0x0)
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x448000, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

kernel console output (not intermixed with test programs):

yz
[  759.462569][  T793] usb 3-1: SerialNumber: syz
[  759.469278][  T793] usb 3-1: config 0 descriptor??
[  759.500213][ T5882] usb 5-1: Using ep0 maxpacket: 16
[  759.508730][ T5882] usb 5-1: config index 0 descriptor too short (expected 699, got 636)
[  759.517003][ T5882] usb 5-1: config 16 has an invalid interface number: 78 but max is 1
[  759.525543][ T5882] usb 5-1: config 16 contains an unexpected descriptor of type 0x1, skipping
[  759.534427][ T5882] usb 5-1: config 16 has an invalid interface number: 118 but max is 1
[  759.543344][ T5882] usb 5-1: config 16 has an invalid descriptor of length 202, skipping remainder of the config
[  759.553873][ T5882] usb 5-1: config 16 has no interface number 0
[  759.560075][ T5882] usb 5-1: config 16 has no interface number 1
[  759.566260][ T5882] usb 5-1: config 16 interface 118 altsetting 2 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  759.577208][ T5882] usb 5-1: config 16 interface 118 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  759.588200][ T5882] usb 5-1: config 16 interface 118 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  759.599217][ T5882] usb 5-1: config 16 interface 118 altsetting 2 has a duplicate endpoint with address 0x4, skipping
[  759.610078][ T5882] usb 5-1: config 16 interface 118 altsetting 2 has 7 endpoint descriptors, different from the interface descriptor's value: 8
[  759.623290][ T5882] usb 5-1: config 16 interface 78 has no altsetting 0
[  759.630163][ T5882] usb 5-1: config 16 interface 118 has no altsetting 0
[  759.638353][ T5882] usb 5-1: string descriptor 0 read error: -22
[  759.644609][ T5882] usb 5-1: New USB device found, idVendor=07af, idProduct=0004, bcdDevice= 1.13
[  759.654399][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  759.676124][ T5882] usb-storage 5-1:16.78: USB Mass Storage device detected
[  759.689667][ T5882] usb-storage 5-1:16.78: Quirks match for vid 07af pid 0004: 4
[  759.738631][ T5882] usb-storage 5-1:16.118: USB Mass Storage device detected
[  759.752708][ T5882] usb-storage 5-1:16.118: Quirks match for vid 07af pid 0004: 4
[  760.687811][T16553] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  760.705046][ T5882] usb 5-1: USB disconnect, device number 85
[  760.745895][ T2150] usb 2-1: USB disconnect, device number 15
[  760.769474][   T24] usbhid 4-1:0.0: can't add hid device: -71
[  760.785274][   T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  760.827026][   T24] usb 4-1: USB disconnect, device number 70
[  760.856060][T16615] fuse: Unknown parameter '0x0000000000000003'
[  760.907041][   T30] audit: type=1400 audit(2000000334.470:3397): avc:  denied  { read write } for  pid=16612 comm="syz.1.2645" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  760.930768][T16613] sd 0:0:1:0: PR command failed: 1026
[  760.933196][   T30] audit: type=1400 audit(2000000334.470:3398): avc:  denied  { open } for  pid=16612 comm="syz.1.2645" path="/22/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  760.947907][T16613] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  760.960518][T16618] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2647'.
[  760.976308][   T30] audit: type=1400 audit(2000000334.500:3399): avc:  denied  { ioctl } for  pid=16612 comm="syz.1.2645" path="/22/file0/file0" dev="fuse" ino=3 ioctlcmd=0x70c9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  760.986032][T16613] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  761.044228][T16620] input: syz0 as /devices/virtual/input/input66
[  761.101559][T16621] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2647'.
[  761.149561][T16623] netlink: 436 bytes leftover after parsing attributes in process `syz.1.2648'.
[  761.159809][T16623] netlink: 436 bytes leftover after parsing attributes in process `syz.1.2648'.
[  761.169891][T16626] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16626 comm=syz.0.2647
[  761.201759][T16621] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2647'.
[  761.827419][ T5882] usb 3-1: USB disconnect, device number 80
[  762.129795][  T793] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  762.336649][T16646] lo speed is unknown, defaulting to 1000
[  762.361577][T16646] lo speed is unknown, defaulting to 1000
[  762.430597][  T793] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  762.450240][  T793] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  762.460662][T16653] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2650'.
[  762.469996][  T793] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  762.490304][  T793] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  762.512306][  T793] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  762.526838][  T793] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.552766][  T793] usb 1-1: config 0 descriptor??
[  762.679205][T16662] syzkaller0: entered promiscuous mode
[  762.692242][T16662] syzkaller0: entered allmulticast mode
[  762.761965][  T793] hdpvr 1-1:0.0: firmware version 0x0 dated 
[  762.772450][  T793] hdpvr 1-1:0.0: untested firmware, the driver might not work.
[  763.217353][   T30] audit: type=1400 audit(2000000336.780:3400): avc:  denied  { bind } for  pid=16634 comm="syz.0.2651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  763.237752][   T30] audit: type=1400 audit(2000000336.800:3401): avc:  denied  { read } for  pid=16675 comm="syz.4.2656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  763.297987][  T793] hdpvr 1-1:0.0: Could not setup controls
[  763.452005][T16686] trusted_key: encrypted_key: insufficient parameters specified
[  763.829925][T16695] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2658'.
[  764.255734][  T793] hdpvr 1-1:0.0: registering videodev failed
[  764.975258][  T793] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -71
[  765.045843][T16701] fuse: Unknown parameter '0x0000000000000003'
[  765.105520][  T793] usb 1-1: USB disconnect, device number 74
[  765.175550][T16705] input: syz0 as /devices/virtual/input/input67
[  765.303767][T16708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2661'.
[  765.396851][T16709] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2661'.
[  765.459584][T16711] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16711 comm=syz.3.2661
[  765.494770][T16711] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2661'.
[  767.278134][T16255] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  767.563143][T16769] lo speed is unknown, defaulting to 1000
[  767.574472][T16769] lo speed is unknown, defaulting to 1000
[  767.641183][T16255] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  767.641273][T16255] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  767.641334][T16255] usb 3-1: Product: syz
[  767.641389][T16255] usb 3-1: Manufacturer: syz
[  767.641445][T16255] usb 3-1: SerialNumber: syz
[  767.669915][T16255] usb 3-1: config 0 descriptor??
[  767.975676][T16255] usb 3-1: Firmware version (0.0) predates our first public release.
[  767.984145][T16255] usb 3-1: Please update to version 0.2 or newer
[  768.154678][T16255] usb 3-1: USB disconnect, device number 81
[  768.593506][   T30] audit: type=1400 audit(2000000342.160:3402): avc:  denied  { execute } for  pid=16777 comm="syz.1.2673" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  768.977583][T16790] vivid-000: disconnect
[  769.009295][T16789] vivid-000: reconnect
[  769.765074][T16795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2675'.
[  769.859287][T16798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2675'.
[  769.923407][T16803] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16803 comm=syz.0.2675
[  769.950831][T16803] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2675'.
[  771.593976][T16847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2687'.
[  771.718011][T16255] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  771.789214][   T30] audit: type=1400 audit(2000000345.330:3403): avc:  denied  { ioctl } for  pid=16851 comm="syz.4.2688" path="socket:[52531]" dev="sockfs" ino=52531 ioctlcmd=0x8901 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  771.938225][T16255] usb 2-1: Using ep0 maxpacket: 8
[  772.077924][T16255] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  772.106651][T16255] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  772.126539][T16856] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2690'.
[  772.128955][T16255] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  772.212795][   T30] audit: type=1400 audit(2000000345.770:3404): avc:  denied  { create } for  pid=16855 comm="syz.4.2691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  772.237897][T16255] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  772.292490][T16864] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2690'.
[  772.322045][T16255] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  772.346131][T16255] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  772.356316][T16255] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.365524][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16870 comm=syz.2.2690
[  772.396198][T16870] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2690'.
[  772.969134][T16255] usb 2-1: GET_CAPABILITIES returned 0
[  772.991563][T16255] usbtmc 2-1:16.0: can't read capabilities
[  773.224560][   T10] usb 2-1: USB disconnect, device number 16
[  773.318771][T16881] xt_TPROXY: Can be used only with -p tcp or -p udp
[  773.330559][T16881] /dev/nullb0: Can't open blockdev
[  773.351711][T16881] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  774.383856][   T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  774.527910][  T793] usb 1-1: new full-speed USB device number 75 using dummy_hcd
[  774.547928][   T10] usb 2-1: Using ep0 maxpacket: 8
[  774.570476][   T10] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  774.611804][   T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  774.677890][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  774.687632][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  774.739580][  T793] usb 1-1: config index 0 descriptor too short (expected 28277, got 36)
[  774.755496][  T793] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  774.772157][  T793] usb 1-1: config 0 has no interfaces?
[  774.859711][   T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  774.893174][  T793] usb 1-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  774.903404][  T793] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.917414][   T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  774.932440][  T793] usb 1-1: config 0 descriptor??
[  774.937434][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.977506][   T30] audit: type=1400 audit(2000000348.540:3405): avc:  denied  { mount } for  pid=16902 comm="syz.4.2699" name="/" dev="hugetlbfs" ino=51841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  775.018966][   T10] usb 2-1: can't set config #16, error -71
[  775.087386][   T30] audit: type=1400 audit(2000000348.570:3406): avc:  denied  { create } for  pid=16902 comm="syz.4.2699" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=chr_file permissive=1
[  775.111133][   T10] usb 2-1: USB disconnect, device number 17
[  775.659457][T16920] fuse: Bad value for 'fd'
[  775.727034][T16923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2704'.
[  775.750459][T16923] fuse: Bad value for 'fd'
[  775.755471][T16923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2704'.
[  775.823039][T16926] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16926 comm=syz.3.2704
[  775.849220][T16923] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2704'.
[  776.950022][T16255] IPVS: starting estimator thread 0...
[  776.989313][  T793] usb 1-1: USB disconnect, device number 75
[  777.041798][T16946] IPVS: using max 75 ests per chain, 180000 per kthread
[  777.091490][T16956] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2714'.
[  777.103265][T16955] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2715'.
[  777.228893][T16963] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2715'.
[  777.298678][T16969] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16969 comm=syz.4.2715
[  777.320874][T16963] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.2715'.
[  777.330673][   T30] audit: type=1326 audit(2000000350.900:3407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16933 comm="syz.2.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5e039aeb9 code=0x7fc00000
[  777.371086][   T30] audit: type=1326 audit(2000000350.900:3408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16933 comm="syz.2.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc5e039aeb9 code=0x7fc00000
[  777.395283][   T30] audit: type=1326 audit(2000000350.900:3409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16933 comm="syz.2.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5e039aeb9 code=0x7fc00000
[  777.448181][T16255] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  777.461877][   T30] audit: type=1326 audit(2000000350.900:3410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16933 comm="syz.2.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5e039aeb9 code=0x7fc00000
[  777.487700][   T30] audit: type=1326 audit(2000000350.900:3411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16933 comm="syz.2.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5e039aeb9 code=0x7fc00000
[  777.528466][   T30] audit: type=1326 audit(2000000350.900:3412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16933 comm="syz.2.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5e039aeb9 code=0x7fc00000
[  777.603937][T16976] netlink: 'syz.0.2718': attribute type 2 has an invalid length.
[  777.838818][   T30] audit: type=1326 audit(2000000350.900:3413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16933 comm="syz.2.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5e039aeb9 code=0x7fc00000
[  777.862502][   T30] audit: type=1326 audit(2000000350.900:3414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16933 comm="syz.2.2708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5e039aeb9 code=0x7fc00000
[  777.945347][T16255] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  777.955433][T16255] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.979702][T16255] usb 2-1: Product: syz
[  777.988810][T16255] usb 2-1: Manufacturer: syz
[  778.004937][T16255] usb 2-1: SerialNumber: syz
[  778.027631][T16255] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  778.054591][ T5928] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  778.322104][   T10] usb 2-1: USB disconnect, device number 18
[  779.566353][ T5928] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  779.576342][ T5928] ath9k_htc: Failed to initialize the device
[  779.588913][T17011] fuse: Bad value for 'fd'
[  779.637195][T17011] fuse: Bad value for 'fd'
[  779.661891][   T10] usb 2-1: ath9k_htc: USB layer deinitialized
[  780.427857][T16255] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  780.498120][T17039] siw: device registration error -23
[  780.588253][T16255] usb 3-1: Using ep0 maxpacket: 8
[  780.650273][T16255] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  780.807703][T16255] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  780.861806][T16255] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.906343][T16255] usb 3-1: config 0 descriptor??
[  781.023285][T17049] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2737'.
[  781.454350][T16255] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  781.532285][T17068] FAULT_INJECTION: forcing a failure.
[  781.532285][T17068] name failslab, interval 1, probability 0, space 0, times 0
[  781.549353][T17068] CPU: 1 UID: 0 PID: 17068 Comm: syz.4.2738 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  781.549379][T17068] Tainted: [L]=SOFTLOCKUP
[  781.549384][T17068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  781.549391][T17068] Call Trace:
[  781.549395][T17068]  <TASK>
[  781.549400][T17068]  dump_stack_lvl+0x100/0x190
[  781.549418][T17068]  should_fail_ex.cold+0x5/0xa
[  781.549431][T17068]  should_failslab+0xc2/0x120
[  781.549446][T17068]  __kmalloc_node_track_caller_noprof+0xf9/0x9d0
[  781.549466][T17068]  ? led_tg_check+0x200/0x4a0
[  781.549479][T17068]  ? kstrdup+0x51/0xe0
[  781.549492][T17068]  kstrdup+0x51/0xe0
[  781.549505][T17068]  led_tg_check+0x200/0x4a0
[  781.549515][T17068]  ? __pfx_led_tg_check+0x10/0x10
[  781.549525][T17068]  xt_check_target+0x27c/0xa10
[  781.549538][T17068]  ? __pfx_xt_check_target+0x10/0x10
[  781.549555][T17068]  ? __pfx___might_resched+0x10/0x10
[  781.549572][T17068]  nft_target_init+0x4bc/0x7d0
[  781.549588][T17068]  ? __pfx_nft_target_init+0x10/0x10
[  781.549614][T17068]  ? trace_kmalloc+0x83/0xb0
[  781.549627][T17068]  ? __kmalloc_noprof+0x365/0x9c0
[  781.549637][T17068]  ? nf_tables_newrule+0x760/0x2be0
[  781.549654][T17068]  nf_tables_newrule+0xc06/0x2be0
[  781.549668][T17068]  ? __pfx_nft_target_init+0x10/0x10
[  781.549685][T17068]  ? __pfx_nf_tables_newrule+0x10/0x10
[  781.549703][T17068]  ? __nla_parse+0x40/0x60
[  781.549718][T17068]  nfnetlink_rcv_batch+0x1418/0x2880
[  781.549738][T17068]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  781.549750][T17068]  ? find_held_lock+0x2b/0x80
[  781.549773][T17068]  ? avc_has_perm_noaudit+0x145/0x3b0
[  781.549802][T17068]  ? __nla_parse+0x40/0x60
[  781.549814][T17068]  nfnetlink_rcv+0x3bd/0x440
[  781.549826][T17068]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  781.549842][T17068]  netlink_unicast+0x5aa/0x870
[  781.549860][T17068]  ? __pfx_netlink_unicast+0x10/0x10
[  781.549881][T17068]  netlink_sendmsg+0x8b0/0xda0
[  781.549899][T17068]  ? __pfx_netlink_sendmsg+0x10/0x10
[  781.549914][T17068]  ? __might_fault+0x10/0x140
[  781.549931][T17068]  ____sys_sendmsg+0xa54/0xc30
[  781.549943][T17068]  ? __pfx_____sys_sendmsg+0x10/0x10
[  781.549960][T17068]  ___sys_sendmsg+0x190/0x1e0
[  781.549972][T17068]  ? __pfx____sys_sendmsg+0x10/0x10
[  781.549990][T17068]  ? find_held_lock+0x2b/0x80
[  781.550013][T17068]  __sys_sendmsg+0x170/0x220
[  781.550028][T17068]  ? __pfx___sys_sendmsg+0x10/0x10
[  781.550051][T17068]  do_syscall_64+0xc9/0xf80
[  781.550065][T17068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.550076][T17068] RIP: 0033:0x7f66d299aeb9
[  781.550085][T17068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  781.550096][T17068] RSP: 002b:00007f66d378a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  781.550106][T17068] RAX: ffffffffffffffda RBX: 00007f66d2c16090 RCX: 00007f66d299aeb9
[  781.550113][T17068] RDX: 0000000020040040 RSI: 0000200000009b40 RDI: 0000000000000005
[  781.550119][T17068] RBP: 00007f66d378a090 R08: 0000000000000000 R09: 0000000000000000
[  781.550126][T17068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  781.550132][T17068] R13: 00007f66d2c16128 R14: 00007f66d2c16090 R15: 00007ffc0e747e28
[  781.550146][T17068]  </TASK>
[  781.552504][T16255] usb 3-1: USB disconnect, device number 82
[  782.137063][T17083] FAULT_INJECTION: forcing a failure.
[  782.137063][T17083] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  782.150585][T17083] CPU: 1 UID: 0 PID: 17083 Comm: syz.0.2734 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  782.150615][T17083] Tainted: [L]=SOFTLOCKUP
[  782.150619][T17083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  782.150626][T17083] Call Trace:
[  782.150630][T17083]  <TASK>
[  782.150634][T17083]  dump_stack_lvl+0x100/0x190
[  782.150652][T17083]  should_fail_ex.cold+0x5/0xa
[  782.150664][T17083]  _copy_from_user+0x2e/0xd0
[  782.150679][T17083]  sg_write+0x745/0xdb0
[  782.150697][T17083]  ? __pfx_sg_write+0x10/0x10
[  782.150712][T17083]  ? __lock_acquire+0x4a5/0x2630
[  782.150736][T17083]  ? bpf_lsm_file_permission+0x9/0x10
[  782.150751][T17083]  ? security_file_permission+0x76/0x210
[  782.150764][T17083]  ? rw_verify_area+0xce/0x6d0
[  782.150776][T17083]  vfs_write+0x2aa/0x1070
[  782.150788][T17083]  ? __pfx_sg_write+0x10/0x10
[  782.150804][T17083]  ? __pfx_vfs_write+0x10/0x10
[  782.150814][T17083]  ? find_held_lock+0x2b/0x80
[  782.150828][T17083]  ? __fget_files+0x215/0x3d0
[  782.150841][T17083]  ? __fget_files+0x215/0x3d0
[  782.150856][T17083]  ? __fget_files+0x21f/0x3d0
[  782.150872][T17083]  ksys_write+0x12a/0x250
[  782.150884][T17083]  ? __pfx_ksys_write+0x10/0x10
[  782.150899][T17083]  do_syscall_64+0xc9/0xf80
[  782.150913][T17083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.150925][T17083] RIP: 0033:0x7f77f519aeb9
[  782.150934][T17083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  782.150946][T17083] RSP: 002b:00007f77f6050028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  782.150956][T17083] RAX: ffffffffffffffda RBX: 00007f77f5415fa0 RCX: 00007f77f519aeb9
[  782.150963][T17083] RDX: 0000000000000054 RSI: 00002000000005c0 RDI: 0000000000000004
[  782.150969][T17083] RBP: 00007f77f6050090 R08: 0000000000000000 R09: 0000000000000000
[  782.150975][T17083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  782.150981][T17083] R13: 00007f77f5416038 R14: 00007f77f5415fa0 R15: 00007ffde7abb758
[  782.150995][T17083]  </TASK>
[  782.778919][   T10] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  782.921145][T17097] siw: device registration error -23
[  783.386455][T17100] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2749'.
[  783.436154][   T10] usb 2-1: Using ep0 maxpacket: 32
[  783.447106][   T10] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  783.455326][   T10] usb 2-1: config 0 has no interface number 0
[  783.541918][   T10] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  783.591990][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.615479][   T10] usb 2-1: Product: syz
[  783.667048][   T10] usb 2-1: Manufacturer: syz
[  783.749832][   T10] usb 2-1: SerialNumber: syz
[  783.757340][   T10] usb 2-1: config 0 descriptor??
[  783.783851][   T10] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  784.849552][   T10] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  784.866306][   T10] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  785.262785][T17119] fuse: Bad value for 'fd'
[  786.532833][T17136] xt_TPROXY: Can be used only with -p tcp or -p udp
[  786.543166][T17136] /dev/nullb0: Can't open blockdev
[  786.556812][T17136] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  786.981168][T17138] fuse: Bad value for 'fd'
[  787.001651][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  787.009583][   T10] usb 2-1: USB disconnect, device number 19
[  787.018276][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  787.093577][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  787.125752][   T10] quatech2 2-1:0.51: device disconnected
[  787.837241][ T6331] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  787.890225][   T30] kauditd_printk_skb: 63 callbacks suppressed
[  787.890239][   T30] audit: type=1400 audit(2000000361.460:3478): avc:  denied  { listen } for  pid=17147 comm="syz.4.2763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  788.582676][T17154] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2763'.
[  789.037823][  T793] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  789.482644][  T793] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  789.493820][  T793] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.534903][  T793] usb 1-1: Product: syz
[  789.549606][  T793] usb 1-1: Manufacturer: syz
[  789.564631][  T793] usb 1-1: SerialNumber: syz
[  789.580655][  T793] usb 1-1: config 0 descriptor??
[  789.930829][  T793] usb 1-1: Firmware version (0.0) predates our first public release.
[  789.953228][  T793] usb 1-1: Please update to version 0.2 or newer
[  790.064411][  T793] usb 1-1: USB disconnect, device number 76
[  790.231257][T17183] vivid-000: disconnect
[  790.418189][T17196] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2774'.
[  790.433469][T17190] syz.4.2774 (17190): drop_caches: 2
[  790.658540][  T793] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  790.828924][T17176] vivid-000: reconnect
[  790.858296][  T793] usb 2-1: Using ep0 maxpacket: 8
[  790.982421][  T793] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  791.095415][  T793] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  791.186367][  T793] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  791.214280][  T793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  791.237065][  T793] usbtmc 2-1:16.0: bulk endpoints not found
[  791.351478][T17217] netlink: 436 bytes leftover after parsing attributes in process `syz.3.2784'.
[  791.362223][T17217] netlink: 436 bytes leftover after parsing attributes in process `syz.3.2784'.
[  791.480497][T17220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2785'.
[  791.510625][T17197] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  792.189300][   T30] audit: type=1400 audit(2000000365.750:3479): avc:  denied  { listen } for  pid=17223 comm="syz.0.2786" path=0000204E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  792.308056][ T2150] usb 2-1: USB disconnect, device number 20
[  792.880523][ T2150] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  793.047830][ T2150] usb 1-1: Using ep0 maxpacket: 16
[  793.060007][ T2150] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  793.068468][ T2150] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  793.087839][ T2150] usb 1-1: config 0 has no interface number 0
[  793.100441][ T2150] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  793.113864][ T2150] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.122641][ T2150] usb 1-1: Product: syz
[  793.126808][ T2150] usb 1-1: Manufacturer: syz
[  793.131730][ T2150] usb 1-1: SerialNumber: syz
[  793.162277][ T2150] usb 1-1: config 0 descriptor??
[  793.183262][ T2150] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  793.202768][T17215] comedi comedi3: driver 'ni_daq_700' does not support attach using comedi_config
[  793.212875][ T2150] uvcvideo 1-1:0.105: No valid video chain found.
[  793.282385][T17255] /dev/nullb0: Can't open blockdev
[  793.450451][  T793] usb 1-1: USB disconnect, device number 77
[  793.861934][   T30] audit: type=1400 audit(2000000367.430:3480): avc:  denied  { connect } for  pid=17274 comm="syz.1.2801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  793.911550][T17278] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2802'.
[  793.921807][T17278] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2802'.
[  793.938925][  T793] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  793.960006][T17280] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2803'.
[  794.108024][  T793] usb 5-1: Invalid ep0 maxpacket: 9
[  794.440416][T17291] netlink: 'syz.0.2806': attribute type 2 has an invalid length.
[  794.766149][   T30] audit: type=1400 audit(2000000367.930:3481): avc:  denied  { read } for  pid=17286 comm="syz.0.2806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  794.866738][   T30] audit: type=1400 audit(2000000368.000:3482): avc:  denied  { setopt } for  pid=17286 comm="syz.0.2806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  794.889663][  T793] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  795.027832][ T5882] usb 1-1: new full-speed USB device number 78 using dummy_hcd
[  795.047817][  T793] usb 5-1: Invalid ep0 maxpacket: 9
[  795.053320][  T793] usb usb5-port1: attempt power cycle
[  795.899252][ T5882] usb 1-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  795.909092][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.924886][T17297] input: syz0 as /devices/virtual/input/input69
[  795.925174][ T5882] usb 1-1: config 0 descriptor??
[  795.941826][ T5882] pwc: Samsung MPC-C10 USB webcam detected.
[  796.148521][  T793] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  796.208292][  T793] usb 5-1: Invalid ep0 maxpacket: 9
[  796.348468][  T793] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[  796.658841][  T793] usb 5-1: device descriptor read/8, error -71
[  796.810149][  T793] usb usb5-port1: unable to enumerate USB device
[  797.179700][ T5882] pwc: send_video_command error -71
[  797.247845][ T5882] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  797.263869][ T5882] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  797.304450][   T30] audit: type=1400 audit(2000000370.870:3483): avc:  denied  { listen } for  pid=17319 comm="syz.0.2816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  797.330114][ T5882] usb 1-1: USB disconnect, device number 78
[  797.394022][T17321] xt_TPROXY: Can be used only with -p tcp or -p udp
[  797.414939][T17321] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  798.076734][ T5882] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  798.713280][ T5882] usb 1-1: Using ep0 maxpacket: 8
[  798.808049][ T5882] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  798.905581][ T5882] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  798.988046][ T5882] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  799.030343][ T5882] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  799.051549][ T5882] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  799.060741][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.099281][T17349] 9p: Bad value for 'wfdno'
[  799.285370][ T5882] usb 1-1: GET_CAPABILITIES returned 0
[  799.290904][ T5882] usbtmc 1-1:16.0: can't read capabilities
[  799.489648][    C0] usbtmc 1-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  799.500887][T17320] usbtmc 1-1:16.0: Unable to send data, error -71
[  799.514282][ T5882] usb 1-1: USB disconnect, device number 79
[  799.603025][   T30] audit: type=1326 audit(2000000373.170:3484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  799.642312][   T30] audit: type=1326 audit(2000000373.170:3485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  799.666217][T17368] x_tables: duplicate underflow at hook 2
[  799.672341][   T30] audit: type=1326 audit(2000000373.170:3487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  799.701151][   T30] audit: type=1326 audit(2000000373.170:3488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  801.874292][   T30] audit: type=1326 audit(2000000373.170:3489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  801.898584][   T30] audit: type=1326 audit(2000000373.170:3486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  801.922141][   T30] audit: type=1326 audit(2000000373.170:3490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  801.946194][   T30] audit: type=1326 audit(2000000373.170:3491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  801.969722][   T30] audit: type=1326 audit(2000000373.170:3492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  801.993351][   T30] audit: type=1326 audit(2000000373.170:3493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17367 comm="syz.4.2827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  803.087846][ T2150] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  803.212018][T17401] netlink: 436 bytes leftover after parsing attributes in process `syz.3.2836'.
[  803.221094][T17401] netlink: 436 bytes leftover after parsing attributes in process `syz.3.2836'.
[  803.247920][ T2150] usb 1-1: Using ep0 maxpacket: 32
[  803.262875][ T2150] usb 1-1: config 0 has an invalid interface number: 164 but max is 0
[  803.281311][ T2150] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  803.301728][ T2150] usb 1-1: config 0 has no interface number 0
[  803.315284][ T2150] usb 1-1: config 0 interface 164 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  803.336707][ T2150] usb 1-1: config 0 interface 164 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  803.394403][ T2150] usb 1-1: New USB device found, idVendor=8086, idProduct=0630, bcdDevice=9f.72
[  803.408881][ T2150] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.425152][ T2150] usb 1-1: Product: syz
[  803.443508][ T2150] usb 1-1: Manufacturer: syz
[  803.465341][ T2150] usb 1-1: SerialNumber: syz
[  803.909625][ T2150] usb 1-1: config 0 descriptor??
[  803.920683][ T2150] gspca_main: spca500-2.14.0 probing 8086:0630
[  803.950696][T17413] netlink: 436 bytes leftover after parsing attributes in process `syz.4.2837'.
[  803.959941][T17413] netlink: 436 bytes leftover after parsing attributes in process `syz.4.2837'.
[  805.157726][T17422] IPv6: NLM_F_CREATE should be specified when creating new route
[  805.165709][T17422] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  805.172931][T17422] IPv6: NLM_F_CREATE should be set when creating new route
[  805.504165][T17434] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.2844'.
[  805.532084][T17434] netlink: 'syz.3.2844': attribute type 10 has an invalid length.
[  805.630708][T17436] netlink: 'syz.3.2845': attribute type 1 has an invalid length.
[  805.647246][T17436] 8021q: adding VLAN 0 to HW filter on device bond1
[  805.680026][T17436] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2845'.
[  805.691024][T17436] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  805.699866][T17436] bond1: (slave wlan0): Enslaving as an active interface with a down link
[  805.848489][ T5882] usb 1-1: USB disconnect, device number 80
[  806.259347][   T30] kauditd_printk_skb: 129 callbacks suppressed
[  806.259363][   T30] audit: type=1326 audit(2000000379.830:3623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  806.384649][   T30] audit: type=1326 audit(2000000379.860:3624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  806.542938][   T30] audit: type=1326 audit(2000000379.860:3625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  806.758480][   T30] audit: type=1326 audit(2000000379.860:3626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  806.785606][T17448] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=17448 comm=syz.0.2850
[  806.801196][   T30] audit: type=1326 audit(2000000379.860:3627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  806.867880][   T30] audit: type=1326 audit(2000000379.860:3628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  806.931092][   T30] audit: type=1326 audit(2000000379.860:3629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  807.124899][   T30] audit: type=1326 audit(2000000379.860:3630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  807.168219][   T30] audit: type=1326 audit(2000000379.860:3631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  807.788171][T17460] xt_TPROXY: Can be used only with -p tcp or -p udp
[  808.167985][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  808.174560][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  808.847931][T17458] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  809.074659][   T30] audit: type=1326 audit(2000000379.860:3632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17441 comm="syz.3.2847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fca15d9aeb9 code=0x7ffc0000
[  809.274853][T17465] can0: slcan on ttyS3.
[  810.315474][T17490] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  810.317206][T17490] 
@0Ù: renamed from bond_slave_1 (while UP)
[  810.440805][T17452] can0 (unregistered): slcan off ttyS3.
[  810.477647][T17490] 9pnet_fd: Insufficient options for proto=fd
[  810.950258][T17508] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2856'.
[  810.959647][T17508] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2856'.
[  812.609731][T17525] xt_TPROXY: Can be used only with -p tcp or -p udp
[  812.621403][T17525] /dev/nullb0: Can't open blockdev
[  813.085446][T17531] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2868'.
[  813.908107][T17541] ocfs2: Bad value for 'barrier'
[  814.157871][T16255] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  814.391327][T16255] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  814.400229][T16255] usb 2-1: config 0 has no interface number 0
[  814.406329][T16255] usb 2-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  814.418257][T16255] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  814.441396][T16255] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 2305, setting to 64
[  814.444765][ T5882] usb 5-1: new low-speed USB device number 90 using dummy_hcd
[  814.465332][T16255] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.04
[  814.489222][T16255] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  814.511534][T16255] usb 2-1: Product: syz
[  814.515711][T16255] usb 2-1: SerialNumber: syz
[  814.541039][T16255] usb 2-1: config 0 descriptor??
[  814.548409][T17541] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  814.608877][T17562] netlink: 'syz.0.2872': attribute type 4 has an invalid length.
[  814.961667][T16255] cm109 2-1:0.8: invalid payload size 64, expected 4
[  814.995472][T16255] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input70
[  815.027354][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.038642][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.045477][ T5882] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  815.046106][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.062508][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.070154][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.070445][ T5882] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  815.077362][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.093018][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.100678][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.108838][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.116219][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  815.123315][ T5882] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  815.214600][T16255] usb 2-1: USB disconnect, device number 21
[  815.214656][    C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  815.234311][ T5882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  815.248913][T16255] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  815.276979][ T5882] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  815.316024][ T5882] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 246
[  815.355781][ T5882] usb 5-1: string descriptor 0 read error: -22
[  815.362543][ T5882] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  815.383775][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  815.409468][ T5882] usb 5-1: config 0 descriptor??
[  815.415995][ T5882] hub 5-1:0.0: bad descriptor, ignoring hub
[  815.422165][ T5882] hub 5-1:0.0: probe with driver hub failed with error -5
[  817.298862][T17583] input: syz0 as /devices/virtual/input/input71
[  817.319163][T17601] SELinux:  Context system_u:object_r:iptables_initrc_exec_t:s0 is not valid (left unmapped).
[  817.341922][T17591] netlink: 'syz.0.2881': attribute type 10 has an invalid length.
[  817.355662][T17591] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  817.364446][   T30] kauditd_printk_skb: 20 callbacks suppressed
[  817.364459][   T30] audit: type=1400 audit(2000000390.920:3653): avc:  denied  { relabelto } for  pid=17595 comm="syz.3.2882" name="file0" dev="tmpfs" ino=3071 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  817.427206][   T30] audit: type=1400 audit(2000000390.930:3654): avc:  denied  { associate } for  pid=17595 comm="syz.3.2882" name="file0" dev="tmpfs" ino=3071 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  817.439266][T17602] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  817.466789][   T30] audit: type=1400 audit(2000000390.950:3655): avc:  denied  { mounton } for  pid=17595 comm="syz.3.2882" path="/571/file0" dev="tmpfs" ino=3071 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  817.567927][   T30] audit: type=1400 audit(2000000391.130:3656): avc:  denied  { unlink } for  pid=5811 comm="syz-executor" name="file0" dev="tmpfs" ino=3071 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  817.825354][   T30] audit: type=1400 audit(2000000391.390:3657): avc:  denied  { read write } for  pid=17614 comm="syz.2.2886" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  817.835167][T17615] netlink: 'syz.2.2886': attribute type 7 has an invalid length.
[  817.935736][T17620] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2886'.
[  817.944885][T17620] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2886'.
[  818.029528][ T2150] usb 5-1: USB disconnect, device number 90
[  818.038163][T17621] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  818.093584][T17622] 9p: Could not find request transport: fdno=
[  818.103382][   T30] audit: type=1400 audit(2000000391.390:3658): avc:  denied  { open } for  pid=17614 comm="syz.2.2886" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  818.283743][   T30] audit: type=1400 audit(2000000391.400:3659): avc:  denied  { ioctl } for  pid=17614 comm="syz.2.2886" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c3f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  818.396451][ T2150] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  819.784029][ T5916] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  820.211664][ T2150] usb 2-1: New USB device found, idVendor=0403, idProduct=3ca4, bcdDevice=d7.23
[  820.220839][ T2150] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.229205][ T2150] usb 2-1: Product: syz
[  820.255298][ T2150] usb 2-1: Manufacturer: syz
[  820.314724][ T2150] usb 2-1: SerialNumber: syz
[  820.332980][ T2150] usb 2-1: config 0 descriptor??
[  820.540091][T17642] netlink: 'syz.2.2892': attribute type 10 has an invalid length.
[  820.577915][T17642] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2892'.
[  820.620752][T17642] batadv0: entered promiscuous mode
[  820.627861][ T2150] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  820.642297][T17642] batadv0: entered allmulticast mode
[  820.658415][T17642] bridge0: port 3(batadv0) entered blocking state
[  820.676729][T17642] bridge0: port 3(batadv0) entered disabled state
[  820.779275][ T2150] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  820.791371][ T2150] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  820.824625][ T2150] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  820.847840][ T2150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.874011][ T2150] usb 1-1: config 0 descriptor??
[  821.018447][ T6328] batman_adv: batadv0: IGMP Querier appeared
[  821.024668][ T6328] batman_adv: batadv0: MLD Querier appeared
[  821.441197][T17654] input: syz0 as /devices/virtual/input/input73
[  821.665588][ T5882] usb 2-1: USB disconnect, device number 22
[  821.708913][T17661] netlink: 'syz.1.2897': attribute type 30 has an invalid length.
[  822.479008][T17674] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2899'.
[  822.554439][T17675] ptrace attach of "./syz-executor exec"[5812] was attempted by "./syz-executor exec"[17675]
[  822.601896][T17674] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  822.632925][T17674] ALSA: mixer_oss: invalid OSS volume ''
[  822.708619][T16255] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  822.858255][T16255] usb 5-1: Using ep0 maxpacket: 32
[  822.866596][T16255] usb 5-1: config 0 has no interfaces?
[  823.824838][T16255] usb 5-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  823.833959][T16255] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  823.842099][T16255] usb 5-1: Product: syz
[  823.846282][T16255] usb 5-1: Manufacturer: syz
[  823.850907][T16255] usb 5-1: SerialNumber: syz
[  823.859434][T16255] usb 5-1: config 0 descriptor??
[  823.888171][ T5928] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  824.063966][ T2150] usbhid 1-1:0.0: can't add hid device: -71
[  824.070343][ T2150] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  824.079277][ T5928] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  824.088455][T17672] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  824.088585][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  824.105414][ T5928] usb 2-1: Product: syz
[  824.109708][ T5928] usb 2-1: Manufacturer: syz
[  824.114817][ T5928] usb 2-1: SerialNumber: syz
[  824.123355][T16255] usb 5-1: USB disconnect, device number 91
[  824.136154][ T2150] usb 1-1: USB disconnect, device number 81
[  824.161328][T17689] kAFS: unable to lookup cell '(,c¾ûL'
[  824.315320][T17687] netlink: 584 bytes leftover after parsing attributes in process `syz.2.2902'.
[  824.708981][ T5928] cdc_ncm 2-1:1.0: bind() failure
[  824.719875][ T5928] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  824.732758][ T5928] cdc_ncm 2-1:1.1: bind() failure
[  824.750824][ T5928] usb 2-1: USB disconnect, device number 23
[  826.147313][T17718] netlink: 436 bytes leftover after parsing attributes in process `syz.2.2910'.
[  826.156668][T17718] netlink: 436 bytes leftover after parsing attributes in process `syz.2.2910'.
[  826.755345][T17742] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  829.047976][T17763] netlink: 'syz.3.2920': attribute type 30 has an invalid length.
[  829.098937][T17764] netlink: 'syz.3.2920': attribute type 30 has an invalid length.
[  830.351348][T17785] netlink: 'syz.1.2925': attribute type 4 has an invalid length.
[  830.359408][T17785] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2925'.
[  830.487518][T17789] netlink: 436 bytes leftover after parsing attributes in process `syz.0.2927'.
[  830.496625][T17789] netlink: 436 bytes leftover after parsing attributes in process `syz.0.2927'.
[  830.621383][T17793] syz_tun: entered allmulticast mode
[  830.946066][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880290e8400: rx timeout, send abort
[  830.959711][   T30] audit: type=1400 audit(2000000404.530:3660): avc:  denied  { read } for  pid=5160 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  831.003289][   T30] audit: type=1400 audit(2000000404.530:3661): avc:  denied  { search } for  pid=5160 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  831.044555][   T30] audit: type=1400 audit(2000000404.530:3662): avc:  denied  { append } for  pid=5160 comm="syslogd" name="messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  831.067998][ T5928] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  831.125300][T17772] rtc_cmos 00:00: Alarms can be up to one day in the future
[  831.250774][   T30] audit: type=1400 audit(2000000404.530:3663): avc:  denied  { open } for  pid=5160 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  831.286250][   T30] audit: type=1400 audit(2000000404.530:3664): avc:  denied  { getattr } for  pid=5160 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  831.332125][ T5928] usb 2-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[  831.346538][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  831.358962][ T5928] usb 2-1: Product: syz
[  831.365035][ T5928] usb 2-1: Manufacturer: syz
[  831.376008][ T5928] usb 2-1: SerialNumber: syz
[  831.390254][ T5928] usb 2-1: config 0 descriptor??
[  831.414162][ T5928] usb 2-1: interface 1 not found
[  831.446207][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880290e9800: rx timeout, send abort
[  831.454528][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880290e8400: abort rx timeout. Force session deactivation
[  831.613561][ T5928] usb 2-1: USB disconnect, device number 24
[  831.626176][T17790] syz_tun: left allmulticast mode
[  831.861599][T17826] 8021q: adding VLAN 0 to HW filter on device batadv2
[  831.882930][T17826] team0: Port device batadv2 added
[  831.954434][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880290e9800: abort rx timeout. Force session deactivation
[  833.269014][T12504] Bluetooth: hci5: command 0x0405 tx timeout
[  851.188010][T16030] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  869.101156][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  869.107526][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  881.418025][T12504] Bluetooth: hci5: command 0x0405 tx timeout
[  883.178833][ T6327] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  908.039027][T17844] netlink: 436 bytes leftover after parsing attributes in process `syz.4.2943'.
[  908.048094][T17844] netlink: 436 bytes leftover after parsing attributes in process `syz.4.2943'.
[  910.937815][T12504] Bluetooth: hci5: command 0x0405 tx timeout
[  911.069521][T17899] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2953'.
[  911.289656][T17895] input: syz0 as /devices/virtual/input/input76
[  911.537859][T17498] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  911.818700][T17498] usb 1-1: Using ep0 maxpacket: 32
[  911.832612][T17498] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  911.847817][T17498] usb 1-1: config 0 has no interface number 0
[  911.879769][T17498] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  911.894176][T17498] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  911.928377][T17498] usb 1-1: Product: syz
[  911.938085][T17498] usb 1-1: Manufacturer: syz
[  911.944003][T17498] usb 1-1: SerialNumber: syz
[  912.023096][T17498] usb 1-1: config 0 descriptor??
[  912.076681][T17906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2954'.
[  912.165059][T17498] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  912.251517][T17498] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  912.296530][T17498] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  912.438214][   T30] audit: type=1400 audit(2000000486.010:3665): avc:  denied  { accept } for  pid=17913 comm="syz.3.2961" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  912.678261][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  912.679148][ T5928] usb 1-1: USB disconnect, device number 82
[  912.695023][ T5928] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  912.768908][ T5928] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  912.918654][ T5928] quatech2 1-1:0.51: device disconnected
[  913.057962][T17921] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  913.710655][T17937] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=17937 comm=syz.0.2968
[  914.185866][T17945] can: request_module (can-proto-0) failed.
[  914.556688][T17954] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2970'.
[  915.057833][T17498] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  915.178503][ T6327] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  915.297823][T17498] usb 2-1: Using ep0 maxpacket: 8
[  915.320350][T17498] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  915.363885][T17498] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  915.384517][T17498] usb 2-1: Product: syz
[  915.459913][T17498] usb 2-1: Manufacturer: syz
[  915.464924][T17498] usb 2-1: SerialNumber: syz
[  915.488726][T17498] usb 2-1: config 0 descriptor??
[  915.497337][T17498] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244)
[  915.892622][T17498] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  915.903109][T17498] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  915.912123][T17974] netlink: 'syz.2.2972': attribute type 1 has an invalid length.
[  915.933584][T17498] usb 2-1: USB disconnect, device number 25
[  915.939919][T17974] netlink: 'syz.2.2972': attribute type 1 has an invalid length.
[  915.951150][T17974] netlink: 9172 bytes leftover after parsing attributes in process `syz.2.2972'.
[  916.470998][   T30] audit: type=1326 audit(2000000490.040:3666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  916.537789][   T10] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  916.550167][T17984] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2979'.
[  916.568382][   T30] audit: type=1326 audit(2000000490.040:3667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  916.597924][   T30] audit: type=1326 audit(2000000490.040:3668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  916.621795][ T2150] usb 5-1: new full-speed USB device number 92 using dummy_hcd
[  916.729418][   T30] audit: type=1326 audit(2000000490.040:3669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  916.767895][ T2150] usb 5-1: device descriptor read/64, error -71
[  916.812094][   T30] audit: type=1326 audit(2000000490.040:3670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  916.846143][   T10] usb 3-1: Using ep0 maxpacket: 16
[  916.863456][   T10] usb 3-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82
[  916.876060][   T30] audit: type=1326 audit(2000000490.040:3671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  916.910538][   T10] usb 3-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10
[  916.926240][   T10] usb 3-1: Product: syz
[  916.926266][   T30] audit: type=1326 audit(2000000490.040:3672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  916.969673][   T10] usb 3-1: Manufacturer: syz
[  916.978052][   T10] usb 3-1: SerialNumber: syz
[  916.985177][   T30] audit: type=1326 audit(2000000490.040:3673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  917.037893][ T2150] usb 5-1: new full-speed USB device number 93 using dummy_hcd
[  917.045603][   T10] usb 3-1: config 0 descriptor??
[  917.051755][   T30] audit: type=1326 audit(2000000490.040:3674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17980 comm="syz.0.2977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f519aeb9 code=0x7ffc0000
[  917.100752][   T10] usb 3-1: selecting invalid altsetting 1
[  917.121326][   T10] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22
[  917.151706][T17903] udevd[17903]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  917.167905][ T2150] usb 5-1: device descriptor read/64, error -71
[  917.271031][T17991] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2981'.
[  917.278188][ T2150] usb usb5-port1: attempt power cycle
[  917.285562][T17991] erspan0: entered promiscuous mode
[  917.289942][ T5928] usb 3-1: USB disconnect, device number 83
[  917.291910][T17991] macvtap1: entered promiscuous mode
[  917.305409][T17991] macvtap1: entered allmulticast mode
[  917.313854][T17991] erspan0: entered allmulticast mode
[  917.324797][T17991] erspan0: left allmulticast mode
[  917.331491][T17991] erspan0: left promiscuous mode
[  917.445333][T17993] input: syz0 as /devices/virtual/input/input77
[  917.628003][ T2150] usb 5-1: new full-speed USB device number 94 using dummy_hcd
[  917.687985][ T2150] usb 5-1: device descriptor read/8, error -71
[  917.747928][T17498] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  917.919697][T17498] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  917.927778][ T2150] usb 5-1: new full-speed USB device number 95 using dummy_hcd
[  917.988195][T17498] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  917.990169][ T2150] usb 5-1: device descriptor read/8, error -71
[  917.997285][T17498] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  918.029292][T17498] usb 2-1: config 0 descriptor??
[  918.045057][T17997] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  918.129203][ T2150] usb usb5-port1: unable to enumerate USB device
[  918.493722][T17498] elan 0003:04F3:0755.0021: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0
[  918.600502][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  918.600517][   T30] audit: type=1400 audit(2000000492.170:3676): avc:  denied  { read } for  pid=18014 comm="syz.0.2987" name="file0" dev="tmpfs" ino=3070 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  918.631210][T18015] ext4: Unknown parameter 'barriereryFail TCPSackRecoveryFail TCPRcvCollapsed TCPBacklogCoalesce TCPDSACKOldSent TCPDSACKOfoSent TCPDSACKRecv TCPDSACKOfoRecv TCPAbortOnData TCPAbortOnClose TCPAbortOnMemory TCPAbortOnTimeout TCPAbortOnLinger TCPAbortFailed TCPMemoryPressures TCPMemoryPressuresChrono TCPSACKDiscard TCPDSACKIgnoredOld TCPDSACKIgnor./file0'
[  918.683814][   T30] audit: type=1400 audit(2000000492.200:3677): avc:  denied  { open } for  pid=18014 comm="syz.0.2987" path="/567/file0" dev="tmpfs" ino=3070 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  919.432609][ T5130] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  919.446087][ T5130] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  919.457166][ T5130] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  919.525031][ T5130] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  919.532901][ T5130] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  919.595986][T18031] lo speed is unknown, defaulting to 1000
[  919.602473][   T10] usb 2-1: USB disconnect, device number 26
[  919.629166][T18031] lo speed is unknown, defaulting to 1000
[  919.725697][   T30] audit: type=1326 audit(2000000493.290:3678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18045 comm="syz.4.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  919.754122][T18046] netlink: 'syz.4.2996': attribute type 12 has an invalid length.
[  919.762191][T18046] netlink: 'syz.4.2996': attribute type 29 has an invalid length.
[  919.777932][T18046] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2996'.
[  919.787018][   T30] audit: type=1326 audit(2000000493.320:3679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18045 comm="syz.4.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  919.815843][T18046] netlink: 59 bytes leftover after parsing attributes in process `syz.4.2996'.
[  919.837812][   T30] audit: type=1326 audit(2000000493.320:3680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18045 comm="syz.4.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  919.934593][T18031] chnl_net:caif_netlink_parms(): no params data found
[  919.967827][   T30] audit: type=1326 audit(2000000493.320:3681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18045 comm="syz.4.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  920.014904][T18050] input: syz0 as /devices/virtual/input/input78
[  920.037438][   T30] audit: type=1326 audit(2000000493.320:3682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18045 comm="syz.4.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  920.066852][   T30] audit: type=1326 audit(2000000493.320:3683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18045 comm="syz.4.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  920.090878][   T30] audit: type=1326 audit(2000000493.320:3684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18045 comm="syz.4.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  920.116255][   T30] audit: type=1326 audit(2000000493.320:3685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18045 comm="syz.4.2996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f66d299aeb9 code=0x7ffc0000
[  920.185142][T18031] bridge0: port 1(bridge_slave_0) entered blocking state
[  920.230116][T18031] bridge0: port 1(bridge_slave_0) entered disabled state
[  920.241218][T18031] bridge_slave_0: entered allmulticast mode
[  920.293421][T18031] bridge_slave_0: entered promiscuous mode
[  920.445037][T18031] bridge0: port 2(bridge_slave_1) entered blocking state
[  920.511757][T18031] bridge0: port 2(bridge_slave_1) entered disabled state
[  920.552907][T18031] bridge_slave_1: entered allmulticast mode
[  920.580807][T18031] bridge_slave_1: entered promiscuous mode
[  920.725354][T18031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  920.766854][T18031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  920.940885][T18031] team0: Port device team_slave_0 added
[  920.948889][T18031] team0: Port device team_slave_1 added
[  920.995181][T18031] batman_adv: batadv0: Adding interface: batadv_slave_0
[  921.002362][T18031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  921.197547][T18031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  921.385193][T18031] batman_adv: batadv0: Adding interface: batadv_slave_1
[  921.431363][T18031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  921.491741][T18031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  921.578130][T12504] Bluetooth: hci0: command tx timeout
[  921.824113][T18031] hsr_slave_0: entered promiscuous mode
[  921.883851][T18031] hsr_slave_1: entered promiscuous mode
[  921.945697][T18071] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3002'.
[  921.963619][T18071] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3002'.
[  922.056485][   T13] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  922.199707][   T13] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  922.312239][   T13] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  922.404072][   T13] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  923.147910][   T13] bridge_slave_1: left allmulticast mode
[  923.162524][   T13] bridge_slave_1: left promiscuous mode
[  923.174035][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  923.230789][   T13] bridge_slave_0: left allmulticast mode
[  923.236490][   T13] bridge_slave_0: left promiscuous mode
[  923.253905][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  923.611639][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  923.611654][   T30] audit: type=1400 audit(2000000497.180:3693): avc:  denied  { unmount } for  pid=5812 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  923.737946][T12504] Bluetooth: hci0: command tx timeout
[  923.855556][T18129] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  923.928880][ T5928] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  924.307815][ T5928] usb 5-1: unable to get BOS descriptor or descriptor too short
[  924.318915][ T5928] usb 5-1: config 1 has an invalid interface number: 43 but max is 1
[  924.335695][ T5928] usb 5-1: config 1 has no interface number 1
[  924.458847][T18142] /dev/nullb0: Can't open blockdev
[  924.750628][ T5928] usb 5-1: config 1 interface 0 altsetting 247 endpoint 0x4 has invalid maxpacket 600, setting to 64
[  924.762094][ T5928] usb 5-1: config 1 interface 0 has no altsetting 0
[  924.770513][ T5928] usb 5-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice=f6.75
[  924.779760][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  924.790543][ T5928] usb 5-1: Product: syz
[  924.801667][ T5928] usb 5-1: Manufacturer: syz
[  924.806279][ T5928] usb 5-1: SerialNumber: syz
[  925.002762][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  925.013627][   T13] bond0 (unregistering): (slave 
c
@0Ù): Releasing backup interface
[  925.022863][   T13] bond0 (unregistering): Released all slaves
[  925.038386][ T5928] gspca_main: spca501-2.14.0 probing 0000:0000
[  925.052339][ T5928] gspca_spca501: reg write: error -71
[  925.061097][ T5928] spca501 5-1:1.0: Reg write failed for 0x02,0x0f,0x05
[  925.068527][ T5928] spca501 5-1:1.0: probe with driver spca501 failed with error -22
[  925.081740][ T5928] usb 5-1: USB disconnect, device number 96
[  925.154043][   T13] bond1 (unregistering): (slave wlan0): Releasing active interface
[  925.165986][   T13] bond1 (unregistering): Released all slaves
[  925.439163][T18146] netlink: 220 bytes leftover after parsing attributes in process `syz.2.3019'.
[  925.732279][T18156] input: syz0 as /devices/virtual/input/input79
[  925.820066][T12504] Bluetooth: hci0: command tx timeout
[  925.974108][   T13] hsr_slave_0: left promiscuous mode
[  926.005837][   T13] hsr_slave_1: left promiscuous mode
[  926.062049][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  926.087863][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  926.116723][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  926.134755][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  926.167046][   T30] audit: type=1400 audit(2000000499.730:3694): avc:  denied  { map } for  pid=18169 comm="syz.4.3024" path="socket:[56236]" dev="sockfs" ino=56236 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  926.265016][   T13] veth1_macvtap: left promiscuous mode
[  926.292741][   T13] veth0_macvtap: left promiscuous mode
[  926.313089][   T13] veth1_vlan: left promiscuous mode
[  926.333262][   T13] veth0_vlan: left promiscuous mode
[  926.396733][T18178] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3025'.
[  926.405728][T18178] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3025'.
[  927.908122][T12504] Bluetooth: hci0: command tx timeout
[  928.510435][T12504] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  929.830266][T18214] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  929.916986][T18217] netlink: 436 bytes leftover after parsing attributes in process `syz.4.3035'.
[  929.926794][T18217] netlink: 436 bytes leftover after parsing attributes in process `syz.4.3035'.
[  930.335994][T18031] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  930.412278][T18031] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  930.449261][T18031] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  930.470701][T18031] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  930.541485][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  930.547883][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  930.582711][   T13] IPVS: stop unused estimator thread 0...
[  930.640929][T18031] 8021q: adding VLAN 0 to HW filter on device bond0
[  930.669055][T18031] 8021q: adding VLAN 0 to HW filter on device team0
[  930.692687][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  930.699816][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  930.733306][ T6327] bridge0: port 2(bridge_slave_1) entered blocking state
[  930.740407][ T6327] bridge0: port 2(bridge_slave_1) entered forwarding state
[  930.748658][T18248] kvm: user requested TSC rate below hardware speed
[  930.767928][   T10] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  930.957843][   T10] usb 2-1: Using ep0 maxpacket: 32
[  930.970325][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  931.050567][T18265] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  931.065788][   T30] audit: type=1400 audit(2000000504.610:3695): avc:  denied  { ioctl } for  pid=18261 comm="syz.0.3044" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x560f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  931.074673][T18031] 8021q: adding VLAN 0 to HW filter on device batadv0
[  931.093543][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  931.239948][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  931.376771][T18031] veth0_vlan: entered promiscuous mode
[  931.386136][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  931.410494][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.416178][T18031] veth1_vlan: entered promiscuous mode
[  931.458820][T18031] veth0_macvtap: entered promiscuous mode
[  931.459881][   T10] usb 2-1: config 0 descriptor??
[  931.485841][T18031] veth1_macvtap: entered promiscuous mode
[  931.494888][T18233] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  931.501715][   T30] audit: type=1400 audit(2000000505.060:3696): avc:  denied  { write } for  pid=18271 comm="syz.0.3046" name="file0" dev="tmpfs" ino=3144 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  931.527146][T18273] FAULT_INJECTION: forcing a failure.
[  931.527146][T18273] name failslab, interval 1, probability 0, space 0, times 0
[  931.541997][   T10] hub 2-1:0.0: USB hub found
[  931.570501][T18031] batman_adv: batadv0: Interface activated: batadv_slave_0
[  931.578111][T18273] CPU: 1 UID: 0 PID: 18273 Comm: syz.2.3045 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  931.578139][T18273] Tainted: [L]=SOFTLOCKUP
[  931.578146][T18273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  931.578156][T18273] Call Trace:
[  931.578162][T18273]  <TASK>
[  931.578169][T18273]  dump_stack_lvl+0x100/0x190
[  931.578198][T18273]  should_fail_ex.cold+0x5/0xa
[  931.578225][T18273]  should_failslab+0xc2/0x120
[  931.578250][T18273]  kmem_cache_alloc_node_noprof+0x8c/0x880
[  931.578275][T18273]  ? __alloc_skb+0x156/0x410
[  931.578300][T18273]  ? __alloc_skb+0x156/0x410
[  931.578319][T18273]  __alloc_skb+0x156/0x410
[  931.578338][T18273]  ? __alloc_skb+0x35d/0x410
[  931.578358][T18273]  ? __pfx___alloc_skb+0x10/0x10
[  931.578381][T18273]  ? avc_policy_seqno+0x9/0x20
[  931.578412][T18273]  ppp_write+0xbd/0x400
[  931.578434][T18273]  vfs_write+0x2aa/0x1070
[  931.578455][T18273]  ? __pfx_ppp_write+0x10/0x10
[  931.578475][T18273]  ? __pfx_vfs_write+0x10/0x10
[  931.578499][T18273]  ? find_held_lock+0x2b/0x80
[  931.578523][T18273]  ? __fget_files+0x215/0x3d0
[  931.578544][T18273]  ? __fget_files+0x215/0x3d0
[  931.578568][T18273]  ? __fget_files+0x21f/0x3d0
[  931.578594][T18273]  ksys_write+0x12a/0x250
[  931.578614][T18273]  ? __pfx_ksys_write+0x10/0x10
[  931.578634][T18273]  ? do_user_addr_fault+0x8d6/0x12f0
[  931.578663][T18273]  do_syscall_64+0xc9/0xf80
[  931.578685][T18273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  931.578703][T18273] RIP: 0033:0x7fc5e039aeb9
[  931.578717][T18273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  931.578734][T18273] RSP: 002b:00007fc5e120f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  931.578752][T18273] RAX: ffffffffffffffda RBX: 00007fc5e0616090 RCX: 00007fc5e039aeb9
[  931.578764][T18273] RDX: 0000000000000002 RSI: 0000200000000200 RDI: 0000000000000003
[  931.578774][T18273] RBP: 00007fc5e120f090 R08: 0000000000000000 R09: 0000000000000000
[  931.578784][T18273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  931.578795][T18273] R13: 00007fc5e0616128 R14: 00007fc5e0616090 R15: 00007ffed5f53648
[  931.578819][T18273]  </TASK>
[  931.693103][   T30] audit: type=1400 audit(2000000505.120:3697): avc:  denied  { open } for  pid=18271 comm="syz.0.3046" path="/581/file0" dev="tmpfs" ino=3144 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  931.887878][   T10] hub 2-1:0.0: config failed, hub has too many ports! (err -19)
[  931.889148][T18031] batman_adv: batadv0: Interface activated: batadv_slave_1
[  931.906323][   T30] audit: type=1400 audit(2000000505.120:3698): avc:  denied  { ioctl } for  pid=18271 comm="syz.0.3046" path="/581/file0" dev="tmpfs" ino=3144 ioctlcmd=0x1284 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  931.955824][ T6331] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  931.964978][ T6331] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  931.993265][ T6331] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  932.136867][ T6331] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  932.635460][   T10] hid-generic 0003:046D:C314.0022: item fetching failed at offset 0/1
[  932.653063][   T10] hid-generic 0003:046D:C314.0022: probe with driver hid-generic failed with error -22
[  932.661611][ T6331] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  932.699029][ T6331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  932.762636][T15559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  932.771288][T15559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  932.826501][T16255] usb 2-1: USB disconnect, device number 27
[  932.954050][T18299] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2991'.
[  934.697146][T18308] tmpfs: Unknown parameter 'nr'
[  934.971807][ T5130] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  934.988605][ T5130] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  935.007587][ T5130] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  935.028473][ T5130] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  935.035796][ T5130] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  935.136228][T18315] lo speed is unknown, defaulting to 1000
[  935.161705][T18324] FAULT_INJECTION: forcing a failure.
[  935.161705][T18324] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  935.208994][T18315] lo speed is unknown, defaulting to 1000
[  935.237952][T18324] CPU: 1 UID: 0 PID: 18324 Comm: syz.4.3057 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  935.237981][T18324] Tainted: [L]=SOFTLOCKUP
[  935.237987][T18324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  935.237997][T18324] Call Trace:
[  935.238003][T18324]  <TASK>
[  935.238010][T18324]  dump_stack_lvl+0x100/0x190
[  935.238037][T18324]  should_fail_ex.cold+0x5/0xa
[  935.238057][T18324]  _copy_from_user+0x2e/0xd0
[  935.238082][T18324]  do_sys_poll+0x345/0xeb0
[  935.238102][T18324]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  935.238128][T18324]  ? is_bpf_text_address+0x94/0x1a0
[  935.238155][T18324]  ? __kernel_text_address+0xd/0x30
[  935.238178][T18324]  ? __pfx_do_sys_poll+0x10/0x10
[  935.238269][T18324]  ? __mutex_unlock_slowpath+0x15c/0x790
[  935.238292][T18324]  ? set_user_sigmask+0x1e1/0x270
[  935.238310][T18324]  ? __fget_files+0x215/0x3d0
[  935.238331][T18324]  ? __pfx_set_user_sigmask+0x10/0x10
[  935.238354][T18324]  ? __fget_files+0x21f/0x3d0
[  935.238375][T18324]  __x64_sys_ppoll+0x2b5/0x350
[  935.238399][T18324]  ? __pfx___x64_sys_ppoll+0x10/0x10
[  935.238418][T18324]  ? ksys_write+0x1ac/0x250
[  935.238437][T18324]  ? __pfx_ksys_write+0x10/0x10
[  935.238462][T18324]  do_syscall_64+0xc9/0xf80
[  935.238484][T18324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  935.238502][T18324] RIP: 0033:0x7f66d299aeb9
[  935.238515][T18324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  935.238531][T18324] RSP: 002b:00007f66d37ab028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  935.238549][T18324] RAX: ffffffffffffffda RBX: 00007f66d2c15fa0 RCX: 00007f66d299aeb9
[  935.238560][T18324] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00002000000000c0
[  935.238569][T18324] RBP: 00007f66d37ab090 R08: 0000000000000000 R09: 0000000000000000
[  935.238580][T18324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  935.238590][T18324] R13: 00007f66d2c16038 R14: 00007f66d2c15fa0 R15: 00007ffc0e747e28
[  935.238614][T18324]  </TASK>
[  936.406521][T18315] chnl_net:caif_netlink_parms(): no params data found
[  936.779507][ T2150] usb 4-1: new full-speed USB device number 71 using dummy_hcd
[  936.934184][T18315] bridge0: port 1(bridge_slave_0) entered blocking state
[  936.939692][ T2150] usb 4-1: unable to get BOS descriptor or descriptor too short
[  936.961490][ T2150] usb 4-1: not running at top speed; connect to a high speed hub
[  936.984555][ T2150] usb 4-1: config 5 has an invalid interface number: 246 but max is 0
[  937.010160][ T2150] usb 4-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  937.034641][ T2150] usb 4-1: config 5 has no interface number 0
[  937.041327][ T2150] usb 4-1: config 5 interface 246 altsetting 4 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  937.053742][ T2150] usb 4-1: config 5 interface 246 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  937.082881][T18315] bridge0: port 1(bridge_slave_0) entered disabled state
[  937.099297][T12504] Bluetooth: hci2: command tx timeout
[  937.183500][T18380] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3067'.
[  937.531590][T18315] bridge_slave_0: entered allmulticast mode
[  937.959915][T18315] bridge_slave_0: entered promiscuous mode
[  938.009276][ T2150] usb 4-1: config 5 interface 246 has no altsetting 0
[  938.018430][ T2150] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=f5.e4
[  938.019548][T18315] bridge0: port 2(bridge_slave_1) entered blocking state
[  938.027488][ T2150] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  938.045935][ T2150] usb 4-1: Product: syz
[  938.050304][ T2150] usb 4-1: Manufacturer: syz
[  938.056071][ T2150] usb 4-1: SerialNumber: syz
[  938.092865][T18315] bridge0: port 2(bridge_slave_1) entered disabled state
[  938.115679][T18315] bridge_slave_1: entered allmulticast mode
[  938.136768][T18315] bridge_slave_1: entered promiscuous mode
[  938.236731][T18315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  938.254571][T18315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  938.290061][T18386] FAULT_INJECTION: forcing a failure.
[  938.290061][T18386] name failslab, interval 1, probability 0, space 0, times 0
[  938.306325][T18386] CPU: 1 UID: 0 PID: 18386 Comm: syz.1.3069 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  938.306351][T18386] Tainted: [L]=SOFTLOCKUP
[  938.306357][T18386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  938.306368][T18386] Call Trace:
[  938.306374][T18386]  <TASK>
[  938.306382][T18386]  dump_stack_lvl+0x100/0x190
[  938.306410][T18386]  should_fail_ex.cold+0x5/0xa
[  938.306429][T18386]  should_failslab+0xc2/0x120
[  938.306452][T18386]  ? tomoyo_realpath_from_path+0xb6/0x690
[  938.306471][T18386]  __kmalloc_noprof+0xf6/0x9c0
[  938.306495][T18386]  ? tomoyo_realpath_from_path+0xb6/0x690
[  938.306512][T18386]  tomoyo_realpath_from_path+0xb6/0x690
[  938.306537][T18386]  tomoyo_path_number_perm+0x23c/0x580
[  938.306562][T18386]  ? tomoyo_path_number_perm+0x22e/0x580
[  938.306590][T18386]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  938.306641][T18386]  ? find_held_lock+0x2b/0x80
[  938.306664][T18386]  ? hook_file_ioctl_common+0x146/0x410
[  938.306686][T18386]  ? __fget_files+0x215/0x3d0
[  938.306713][T18386]  ? __fget_files+0x21f/0x3d0
[  938.306738][T18386]  security_file_ioctl+0xd3/0x230
[  938.306759][T18386]  __x64_sys_ioctl+0xb7/0x210
[  938.306779][T18386]  do_syscall_64+0xc9/0xf80
[  938.306802][T18386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.306820][T18386] RIP: 0033:0x7fcea539aeb9
[  938.306836][T18386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  938.306853][T18386] RSP: 002b:00007fcea628f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  938.306871][T18386] RAX: ffffffffffffffda RBX: 00007fcea5615fa0 RCX: 00007fcea539aeb9
[  938.306882][T18386] RDX: 0000000000000003 RSI: 0000000000004c06 RDI: 0000000000000004
[  938.306892][T18386] RBP: 00007fcea628f090 R08: 0000000000000000 R09: 0000000000000000
[  938.306903][T18386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  938.306913][T18386] R13: 00007fcea5616038 R14: 00007fcea5615fa0 R15: 00007ffd61f876c8
[  938.306939][T18386]  </TASK>
[  938.513543][T18315] team0: Port device team_slave_0 added
[  938.521458][T18315] team0: Port device team_slave_1 added
[  938.538736][T18315] batman_adv: batadv0: Adding interface: batadv_slave_0
[  938.545684][T18315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  938.571620][T18315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  938.582969][T18315] batman_adv: batadv0: Adding interface: batadv_slave_1
[  938.589900][T18315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  938.615772][T18315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  938.625738][T18386] ERROR: Out of memory at tomoyo_realpath_from_path.
[  938.650799][T18315] hsr_slave_0: entered promiscuous mode
[  938.656736][T18315] hsr_slave_1: entered promiscuous mode
[  938.662579][T18315] debugfs: 'hsr0' already exists in 'hsr'
[  938.668287][T18315] Cannot create hsr debugfs directory
[  938.718007][ T2150] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  938.746788][ T6327] usb 4-1: Failed to submit usb control message: -71
[  938.788028][   T30] audit: type=1400 audit(2000000512.210:3699): avc:  denied  { shutdown } for  pid=18382 comm="syz.4.3068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  938.808173][ T6327] usb 4-1: unable to send the bmi data to the device: -71
[  938.815587][ T6327] usb 4-1: unable to get target info from device
[  938.899629][ T6327] usb 4-1: could not get target info (-71)
[  938.906019][ T6327] usb 4-1: could not probe fw (-71)
[  938.933413][T18315] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  938.950156][ T2150] usb 4-1: USB disconnect, device number 71
[  939.013780][T18315] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  939.095418][T18396] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  939.177855][T12504] Bluetooth: hci2: command tx timeout
[  939.418541][T18315] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  939.430415][T18315] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  939.590304][   T30] audit: type=1400 audit(2000000513.100:3700): avc:  denied  { getopt } for  pid=18400 comm="syz.1.3074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  939.919067][ T5882] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  939.949024][T18315] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  939.959626][T18315] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  940.077889][ T5882] usb 4-1: Using ep0 maxpacket: 32
[  940.094854][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  940.127968][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  940.155287][ T5882] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  940.201262][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.236436][ T5882] usb 4-1: config 0 descriptor??
[  940.345410][   T13] bridge0: port 3(batadv0) entered disabled state
[  940.379984][   T13] bridge_slave_1: left allmulticast mode
[  940.385669][   T13] bridge_slave_1: left promiscuous mode
[  940.392033][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  940.403868][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  941.147660][T18408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  941.175567][T18408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  941.214261][ T5882] ft260 0003:0403:6030.0023: unknown main item tag 0x7
[  941.258041][T12504] Bluetooth: hci2: command tx timeout
[  941.304055][   T30] audit: type=1400 audit(2000000514.870:3701): avc:  denied  { append } for  pid=18440 comm="syz.4.3080" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  941.412698][ T5882] ft260 0003:0403:6030.0023: chip code: 6424 8183
[  941.528770][T18451] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  941.628014][ T5882] ft260 0003:0403:6030.0023: failed to retrieve system status
[  941.635746][ T5882] ft260 0003:0403:6030.0023: probe with driver ft260 failed with error -5
[  941.691864][   T30] audit: type=1400 audit(2000000515.260:3702): avc:  denied  { read } for  pid=18438 comm="syz.1.3079" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  941.745549][T18462] 9p: Bad value for 'wfdno'
[  941.854826][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  941.865069][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  941.874635][   T13] bond0 (unregistering): Released all slaves
[  941.883391][   T13] bond1 (unregistering): Released all slaves
[  941.895862][ T5473] veth0_vlan: left promiscuous mode
[  941.913099][ T5473] veth0_vlan: entered promiscuous mode
[  941.929207][T18444] dvmrp1: entered allmulticast mode
[  941.961092][   T13] hmaÓË224)
: left promiscuous mode
[  942.023345][T18441] lo speed is unknown, defaulting to 1000
[  942.054389][   T13] tipc: Disabling bearer <eth:vlan0>
[  942.068975][   T13] tipc: Left network mode
[  942.083814][T18441] lo speed is unknown, defaulting to 1000
[  942.106655][   T13] IPVS: stopping master sync thread 12510 ...
[  942.150024][T18315] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  942.186671][T18315] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  942.197502][T18315] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  942.251070][T18315] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  942.482630][   T30] audit: type=1400 audit(2000000516.050:3703): avc:  denied  { ioctl } for  pid=18488 comm="syz.1.3087" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 ioctlcmd=0x9439 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  942.586429][   T13] hsr_slave_0: left promiscuous mode
[  942.595401][   T13] hsr_slave_1: left promiscuous mode
[  942.608620][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  942.631442][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  942.651617][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  942.667137][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  942.734958][   T13] veth1_macvtap: left promiscuous mode
[  942.746340][   T13] veth0_macvtap: left promiscuous mode
[  942.757467][   T13] veth1_vlan: left promiscuous mode
[  942.768081][   T13] 
@ÿ: left promiscuous mode
[  942.888855][T14266] usb 4-1: USB disconnect, device number 72
[  943.006865][   T13] team0 (unregistering): Port device batadv2 removed
[  943.052200][   T13] team0 (unregistering): Port device batadv1 removed
[  943.344052][T12504] Bluetooth: hci2: command tx timeout
[  943.368410][T18520] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  944.007831][ T5882] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  944.170062][ T5882] usb 4-1: Using ep0 maxpacket: 16
[  944.184468][ T5882] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  944.203624][ T5882] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  944.215675][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11
[  944.227529][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024
[  944.246346][ T5882] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  944.274412][ T5882] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  944.283746][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.292701][T18545] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3097'.
[  944.305708][ T5882] usb 4-1: Product: syz
[  944.310734][ T5882] usb 4-1: Manufacturer: syz
[  944.315604][ T5882] usb 4-1: SerialNumber: syz
[  944.326425][T18545] netlink: 23 bytes leftover after parsing attributes in process `syz.1.3097'.
[  944.335818][ T5882] usb 4-1: config 0 descriptor??
[  944.347790][T14266] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  944.523731][T14266] usb 5-1: Using ep0 maxpacket: 32
[  944.541897][T14266] usb 5-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  944.566157][T14266] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  944.575294][   T13] team0 (unregistering): Port device team_slave_1 removed
[  944.607170][T14266] usb 5-1: config 0 descriptor??
[  944.623504][ T5882] appledisplay 4-1:0.0: Error while getting initial brightness: -110
[  944.793875][   T13] team0 (unregistering): Port device team_slave_0 removed
[  944.794474][T14266] usb 5-1: dvb_usb_v2: found a 'Anysee' in warm state
[  944.834532][ T5882] appledisplay 4-1:0.0: probe with driver appledisplay failed with error -110
[  945.017477][T14266] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  945.028830][T14266] dvb_usb_anysee 5-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  945.079226][T14266] usb 5-1: USB disconnect, device number 97
[  945.264251][   T30] audit: type=1400 audit(2000000518.810:3704): avc:  denied  { name_bind } for  pid=18551 comm="syz.0.3100" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  945.315361][   T30] audit: type=1400 audit(2000000518.810:3705): avc:  denied  { node_bind } for  pid=18551 comm="syz.0.3100" saddr=fc01::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  945.783081][T18315] 8021q: adding VLAN 0 to HW filter on device bond0
[  945.875474][T18315] 8021q: adding VLAN 0 to HW filter on device team0
[  945.887974][   T30] audit: type=1400 audit(2000000519.450:3706): avc:  denied  { unmount } for  pid=15853 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  945.923361][ T5916] bridge0: port 1(bridge_slave_0) entered blocking state
[  945.930488][ T5916] bridge0: port 1(bridge_slave_0) entered forwarding state
[  945.955052][ T5916] bridge0: port 2(bridge_slave_1) entered blocking state
[  945.962213][ T5916] bridge0: port 2(bridge_slave_1) entered forwarding state
[  946.404033][   T13] IPVS: stop unused estimator thread 0...
[  946.524465][T18569] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  946.670597][ T5882] usb 4-1: USB disconnect, device number 73
[  947.310174][T18315] 8021q: adding VLAN 0 to HW filter on device batadv0
[  947.497310][T18587] netlink: 'syz.1.3106': attribute type 2 has an invalid length.
[  947.862521][T18588] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.870073][T18588] bridge0: port 1(bridge_slave_0) entered disabled state
[  947.877267][T18593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3109'.
[  947.886454][T18593] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3109'.
[  948.266765][T18596] binder: BINDER_SET_CONTEXT_MGR already set
[  948.344764][T18596] binder: 18594:18596 ioctl 4018620d 200000004a80 returned -16
[  948.389090][T18588] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  948.401552][T18588] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  948.683769][T18315] veth0_vlan: entered promiscuous mode
[  948.712873][T18593] geneve2: entered promiscuous mode
[  948.728655][T18593] geneve2: entered allmulticast mode
[  948.772866][T18601] pim6reg: entered allmulticast mode
[  948.812831][T18315] veth1_vlan: entered promiscuous mode
[  948.929655][T18608] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3115'.
[  948.939467][T18315] veth0_macvtap: entered promiscuous mode
[  948.964940][T18315] veth1_macvtap: entered promiscuous mode
[  949.005370][T18315] batman_adv: batadv0: Interface activated: batadv_slave_0
[  949.026589][T18315] batman_adv: batadv0: Interface activated: batadv_slave_1
[  949.042834][ T6327] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  949.052808][ T6327] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  949.062342][T18613] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  949.183815][T18611] sg_read: process 37 (syz.3.3116) changed security contexts after opening file descriptor, this is not allowed.
[  949.218324][   T24] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  949.225968][ T6327] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  949.237150][ T6327] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  949.239126][T18616] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3118'.
[  949.278064][T18616] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3118'.
[  949.377785][   T24] usb 2-1: device descriptor read/64, error -71
[  949.662073][   T24] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  949.690471][ T5916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  949.700869][ T5916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  949.742261][   T30] audit: type=1400 audit(2000000523.310:3707): avc:  denied  { getopt } for  pid=18615 comm="syz.0.3118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  949.744548][T15559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  949.794025][T15559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  949.847802][   T24] usb 2-1: device descriptor read/64, error -71
[  949.959162][   T24] usb usb2-port1: attempt power cycle
[  950.297939][   T24] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  950.359647][T18641] FAULT_INJECTION: forcing a failure.
[  950.359647][T18641] name failslab, interval 1, probability 0, space 0, times 0
[  950.372456][T18641] CPU: 0 UID: 0 PID: 18641 Comm: syz.4.3124 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  950.372482][T18641] Tainted: [L]=SOFTLOCKUP
[  950.372488][T18641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  950.372495][T18641] Call Trace:
[  950.372499][T18641]  <TASK>
[  950.372503][T18641]  dump_stack_lvl+0x100/0x190
[  950.372521][T18641]  should_fail_ex.cold+0x5/0xa
[  950.372534][T18641]  should_failslab+0xc2/0x120
[  950.372549][T18641]  __kmalloc_cache_noprof+0x80/0x810
[  950.372560][T18641]  ? landlock_create_object+0x64/0x170
[  950.372573][T18641]  ? landlock_append_fs_rule+0x5e9/0x9a0
[  950.372590][T18641]  ? landlock_create_object+0x64/0x170
[  950.372601][T18641]  landlock_create_object+0x64/0x170
[  950.372614][T18641]  landlock_append_fs_rule+0x602/0x9a0
[  950.372631][T18641]  ? __pfx_landlock_append_fs_rule+0x10/0x10
[  950.372646][T18641]  ? preempt_schedule_thunk+0x16/0x30
[  950.372662][T18641]  add_rule_path_beneath+0x37d/0x4d0
[  950.372674][T18641]  ? __pfx_add_rule_path_beneath+0x10/0x10
[  950.372686][T18641]  ? __x64_sys_landlock_add_rule+0x125/0x220
[  950.372699][T18641]  ? __sanitizer_cov_trace_switch+0x16/0x90
[  950.372717][T18641]  __x64_sys_landlock_add_rule+0x1a9/0x220
[  950.372731][T18641]  do_syscall_64+0xc9/0xf80
[  950.372744][T18641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  950.372756][T18641] RIP: 0033:0x7f66d299aeb9
[  950.372765][T18641] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  950.372775][T18641] RSP: 002b:00007f66d378a028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bd
[  950.372786][T18641] RAX: ffffffffffffffda RBX: 00007f66d2c16090 RCX: 00007f66d299aeb9
[  950.372794][T18641] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 0000000000000004
[  950.372800][T18641] RBP: 00007f66d378a090 R08: 0000000000000000 R09: 0000000000000000
[  950.372806][T18641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  950.372812][T18641] R13: 00007f66d2c16128 R14: 00007f66d2c16090 R15: 00007ffc0e747e28
[  950.372826][T18641]  </TASK>
[  950.604925][   T24] usb 2-1: device descriptor read/8, error -71
[  950.850408][ T5130] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  950.862275][ T5130] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  950.871611][ T5130] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  950.878597][   T24] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  950.886713][ T5130] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  950.894130][ T5130] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  950.942257][   T24] usb 2-1: device descriptor read/8, error -71
[  951.124808][   T24] usb usb2-port1: unable to enumerate USB device
[  951.287675][T18646] lo speed is unknown, defaulting to 1000
[  951.676284][T18655] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  951.940218][T18646] chnl_net:caif_netlink_parms(): no params data found
[  952.579023][T18646] bridge0: port 1(bridge_slave_0) entered blocking state
[  952.606395][T18646] bridge0: port 1(bridge_slave_0) entered disabled state
[  952.629524][T18646] bridge_slave_0: entered allmulticast mode
[  952.636495][T18646] bridge_slave_0: entered promiscuous mode
[  952.660803][T18646] bridge0: port 2(bridge_slave_1) entered blocking state
[  952.677644][T18646] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.686860][   T24] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  952.708324][T18646] bridge_slave_1: entered allmulticast mode
[  952.729818][T18646] bridge_slave_1: entered promiscuous mode
[  953.029313][ T5130] Bluetooth: hci3: command tx timeout
[  953.094155][ T6344] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  953.107797][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  953.126038][ T6344] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  953.143157][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  953.158743][   T24] usb 2-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  953.172107][ T6344] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  953.209201][   T24] usb 2-1: config 1 interface 0 has no altsetting 1
[  953.225391][   T24] usb 2-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  953.234784][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.256292][   T24] usb 2-1: Product: syz
[  953.260601][   T24] usb 2-1: Manufacturer: syz
[  953.352659][   T24] usb 2-1: SerialNumber: syz
[  953.505716][   T24] smsusb:smsusb_probe: board id=8, interface number 0
[  953.537579][T18646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  953.594783][T18646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  953.622591][T18646] team0: Port device team_slave_0 added
[  953.655473][T18646] team0: Port device team_slave_1 added
[  953.714512][T18671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  953.734397][ T6344] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  953.762834][T18671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  953.778100][ T6344] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  953.797935][   T24] smsusb:smsusb_probe: Device initialized with return code -19
[  953.815807][ T6344] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  953.953872][T18646] batman_adv: batadv0: Adding interface: batadv_slave_0
[  953.981123][T18646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  954.026531][   T24] usb 2-1: USB disconnect, device number 32
[  954.047061][T18646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  954.172207][ T6344] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  954.202895][ T6344] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  954.233424][ T6344] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  954.298158][T18646] batman_adv: batadv0: Adding interface: batadv_slave_1
[  954.317752][T18646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  954.355463][T18646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  954.467423][T18704] Bluetooth: MGMT ver 1.23
[  954.473675][   T30] audit: type=1400 audit(2000000528.030:3708): avc:  denied  { write } for  pid=18702 comm="syz.4.3138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  954.629196][ T6344] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  954.639495][ T6344] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  954.649782][ T6344] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  954.839052][T18646] hsr_slave_0: entered promiscuous mode
[  954.861035][T18701] openvswitch: netlink: IP tunnel dst address not specified
[  954.869663][T18646] hsr_slave_1: entered promiscuous mode
[  954.886762][T18646] debugfs: 'hsr0' already exists in 'hsr'
[  954.902386][T18646] Cannot create hsr debugfs directory
[  955.103552][T18712] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  955.137798][ T5130] Bluetooth: hci3: command tx timeout
[  955.312313][ T6344] bridge_slave_1: left allmulticast mode
[  955.358069][ T6344] bridge_slave_1: left promiscuous mode
[  955.408744][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state
[  955.812954][ T6344] bridge_slave_0: left allmulticast mode
[  955.830296][ T6344] bridge_slave_0: left promiscuous mode
[  955.836707][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state
[  957.178020][ T5130] Bluetooth: hci3: command tx timeout
[  957.372553][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  957.392364][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  957.401483][T18760] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  957.427127][ T6344] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  957.456622][ T6344] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  957.470609][ T6344] bond0 (unregistering): Released all slaves
[  957.547135][T18765] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3154'.
[  957.729109][T17498] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  957.880026][T17498] usb 4-1: device descriptor read/64, error -71
[  958.043335][ T6344] bond1 (unregistering): Released all slaves
[  958.158434][T17498] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  958.235634][ T6344] bond2 (unregistering): Released all slaves
[  958.302142][T17498] usb 4-1: device descriptor read/64, error -71
[  958.448532][T17498] usb usb4-port1: attempt power cycle
[  959.101659][ T6344] tipc: Left network mode
[  959.117910][T17498] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  959.210469][T17498] usb 4-1: device descriptor read/8, error -71
[  959.259048][ T5130] Bluetooth: hci3: command tx timeout
[  960.218092][T17498] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  960.375079][T17498] usb 4-1: device descriptor read/8, error -71
[  960.482145][T17498] usb usb4-port1: unable to enumerate USB device
[  960.773384][T18805] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  960.997755][ T5858] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  961.066015][ T6344] hsr_slave_0: left promiscuous mode
[  961.066565][ T6344] hsr_slave_1: left promiscuous mode
[  961.067058][ T6344] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  961.067076][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0
[  961.102006][ T6344] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  961.102026][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1
[  961.257393][ T6344] veth1_macvtap: left promiscuous mode
[  961.257476][ T6344] veth0_macvtap: left promiscuous mode
[  961.257624][ T6344] veth1_vlan: left allmulticast mode
[  961.257651][ T6344] veth1_vlan: left promiscuous mode
[  961.261031][ T6344] veth0_vlan: left promiscuous mode
[  961.357888][ T5858] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  961.357916][ T5858] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  961.357935][ T5858] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  961.357975][ T5858] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 188, changing to 11
[  961.376022][ T5858] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  961.376049][ T5858] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  961.376069][ T5858] usb 4-1: Product: syz
[  961.376083][ T5858] usb 4-1: Manufacturer: syz
[  961.396052][T18824] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3164'.
[  961.404570][ T5858] cdc_wdm 4-1:1.0: skipping garbage
[  961.404590][ T5858] cdc_wdm 4-1:1.0: skipping garbage
[  961.439673][ T5858] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  961.439686][ T5858] cdc_wdm 4-1:1.0: Unknown control protocol
[  961.681352][ T6344] team0 (unregistering): Port device batadv1 removed
[  961.696065][ T6344] pimreg (unregistering): left allmulticast mode
[  961.703975][T18834] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3165'.
[  961.763459][   T30] audit: type=1400 audit(2000000535.330:3709): avc:  denied  { bind } for  pid=18832 comm="syz.1.3165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  961.807075][   T30] audit: type=1400 audit(2000000535.370:3710): avc:  denied  { read write } for  pid=18796 comm="syz.3.3161" name="cdc-wdm0" dev="devtmpfs" ino=3925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  961.807260][   T30] audit: type=1400 audit(2000000535.370:3711): avc:  denied  { open } for  pid=18796 comm="syz.3.3161" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  961.809591][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  961.880580][T18836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  961.882751][T18836] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  961.889096][T14266] usb 4-1: USB disconnect, device number 78
[  962.196376][ T6344] team0 (unregistering): Port device macvlan0 removed
[  962.261725][T18839] input: syz1 as /devices/virtual/input/input81
[  963.123644][ T6344] team0 (unregistering): Port device team_slave_1 removed
[  963.156433][ T6344] team0 (unregistering): Port device team_slave_0 removed
[  963.731096][T18646] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  963.771837][T18646] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  963.811284][T18646] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  963.849351][T18646] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  963.959602][ T6344] IPVS: stop unused estimator thread 0...
[  963.977801][T14266] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  964.127775][T14266] usb 4-1: Using ep0 maxpacket: 8
[  964.129594][T18646] 8021q: adding VLAN 0 to HW filter on device bond0
[  964.175578][T14266] usb 4-1: config 6 has an invalid interface number: 2 but max is 0
[  964.187594][T14266] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  964.213506][T14266] usb 4-1: config 6 has no interface number 0
[  964.228586][T14266] usb 4-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  964.261516][T14266] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  964.271302][T14266] usb 4-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  964.286291][T14266] usb 4-1: Product: syz
[  964.296916][T14266] usb 4-1: Manufacturer: syz
[  964.306909][T18646] 8021q: adding VLAN 0 to HW filter on device team0
[  964.313685][T14266] usb 4-1: SerialNumber: syz
[  964.345195][T14266] hso 4-1:6.2: Failed to find INT IN ep
[  964.361221][ T6344] bridge0: port 1(bridge_slave_0) entered blocking state
[  964.368339][ T6344] bridge0: port 1(bridge_slave_0) entered forwarding state
[  964.389391][T18876] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  964.434653][   T30] audit: type=1400 audit(2000000538.000:3712): avc:  denied  { unmount } for  pid=15853 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  964.460641][ T6344] bridge0: port 2(bridge_slave_1) entered blocking state
[  964.467782][ T6344] bridge0: port 2(bridge_slave_1) entered forwarding state
[  964.690520][T18885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3174'.
[  964.726316][T18857] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3171'.
[  964.810662][ T5858] usb 4-1: USB disconnect, device number 79
[  965.281989][T18646] 8021q: adding VLAN 0 to HW filter on device batadv0
[  965.386040][T18646] veth0_vlan: entered promiscuous mode
[  965.406650][T18646] veth1_vlan: entered promiscuous mode
[  965.763657][   T30] audit: type=1400 audit(2000000539.330:3713): avc:  denied  { setopt } for  pid=18912 comm="syz.2.3180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  965.940139][T18646] veth0_macvtap: entered promiscuous mode
[  966.909327][T18646] veth1_macvtap: entered promiscuous mode
[  967.012199][T18923] usb usb1: usbfs: process 18923 (syz.3.3182) did not claim interface 33 before use
[  967.430185][T18927] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  967.592656][T18646] batman_adv: batadv0: Interface activated: batadv_slave_0
[  967.607537][T18939] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  967.614033][T18939] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  967.631749][T18646] batman_adv: batadv0: Interface activated: batadv_slave_1
[  967.646110][T18939] vhci_hcd vhci_hcd.0: Device attached
[  967.660663][T16021] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  967.706529][T16021] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  967.770832][T16021] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  967.834497][T16021] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  967.878977][   T10] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  967.917799][ T2150] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  968.023749][ T5916] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  968.046284][ T5916] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  968.129102][ T2150] usb 5-1: config index 0 descriptor too short (expected 8192, got 36)
[  968.167525][ T2150] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  968.184365][T16021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  968.232731][ T2150] usb 5-1: config 0 has no interfaces?
[  968.243695][T16021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  968.260419][ T2150] usb 5-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  968.306272][ T2150] usb 5-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  968.354538][ T2150] usb 5-1: Manufacturer: syz
[  968.381425][ T2150] usb 5-1: config 0 descriptor??
[  968.594917][T18943] usb 41-1: recv xbuf, 0
[  968.616884][T16024] vhci_hcd vhci_hcd.4: stop threads
[  968.659233][T16024] vhci_hcd vhci_hcd.4: release socket
[  968.689356][T16024] vhci_hcd vhci_hcd.4: disconnect device
[  968.738180][   T10] usb 41-1: device descriptor read/64, error -71
[  968.948222][   T10] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  969.340173][ T2150] usb 5-1: USB disconnect, device number 98
[  969.927438][T14266] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  970.173399][T14266] usb 1-1: Using ep0 maxpacket: 16
[  970.184275][T14266] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  970.196909][T14266] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  970.211106][T14266] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11
[  970.304757][T14266] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024
[  970.317247][T14266] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  970.444742][T14266] usb 1-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  970.467601][T14266] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  970.494167][T14266] usb 1-1: Product: syz
[  970.498463][T14266] usb 1-1: Manufacturer: syz
[  970.503163][T14266] usb 1-1: SerialNumber: syz
[  970.511187][T13549] ==================================================================
[  970.519231][T13549] BUG: KASAN: use-after-free in __mutex_lock+0x1861/0x1b90
[  970.526400][T13549] Read of size 8 at addr ffff88805e10c0a8 by task khidpd_00020008/13549
[  970.534698][T13549] 
[  970.537018][T13549] CPU: 0 UID: 0 PID: 13549 Comm: khidpd_00020008 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  970.537044][T13549] Tainted: [L]=SOFTLOCKUP
[  970.537051][T13549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  970.537061][T13549] Call Trace:
[  970.537068][T13549]  <TASK>
[  970.537075][T13549]  dump_stack_lvl+0x100/0x190
[  970.537101][T13549]  print_report+0x156/0x4c9
[  970.537125][T13549]  ? __virt_addr_valid+0x81/0x620
[  970.537142][T13549]  ? __phys_addr+0xe8/0x180
[  970.537158][T13549]  ? __mutex_lock+0x1861/0x1b90
[  970.537177][T13549]  kasan_report+0xdf/0x1a0
[  970.537199][T13549]  ? __mutex_lock+0x1861/0x1b90
[  970.537221][T13549]  __mutex_lock+0x1861/0x1b90
[  970.537239][T13549]  ? __pfx_debug_object_deactivate+0x10/0x10
[  970.537259][T13549]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  970.537280][T13549]  ? l2cap_unregister_user+0x71/0x240
[  970.537306][T13549]  ? __pfx___mutex_lock+0x10/0x10
[  970.537325][T13549]  ? __try_to_del_timer_sync+0x107/0x160
[  970.537351][T13549]  ? __try_to_del_timer_sync+0x107/0x160
[  970.537376][T13549]  ? rcu_is_watching+0x12/0xc0
[  970.537398][T13549]  ? lockdep_hardirqs_on+0x78/0x100
[  970.537416][T13549]  ? __try_to_del_timer_sync+0x107/0x160
[  970.537439][T13549]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[  970.537465][T13549]  ? __timer_delete_sync+0x151/0x1c0
[  970.537492][T13549]  ? l2cap_unregister_user+0x71/0x240
[  970.537515][T13549]  l2cap_unregister_user+0x71/0x240
[  970.537540][T13549]  hidp_session_thread+0x459/0x680
[  970.537559][T13549]  ? __pfx_hidp_session_thread+0x10/0x10
[  970.537579][T13549]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  970.537597][T13549]  ? __kthread_parkme+0xbb/0x230
[  970.537623][T13549]  ? rcu_is_watching+0x12/0xc0
[  970.537645][T13549]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  970.537665][T13549]  ? __kthread_parkme+0x18c/0x230
[  970.537691][T13549]  ? __pfx_hidp_session_thread+0x10/0x10
[  970.537708][T13549]  kthread+0x3b3/0x730
[  970.537727][T13549]  ? __pfx_kthread+0x10/0x10
[  970.537743][T13549]  ? ret_from_fork+0x79/0xaf0
[  970.537762][T13549]  ? ret_from_fork+0x79/0xaf0
[  970.537781][T13549]  ? rcu_is_watching+0x12/0xc0
[  970.537803][T13549]  ? __pfx_kthread+0x10/0x10
[  970.537821][T13549]  ret_from_fork+0x754/0xaf0
[  970.537840][T13549]  ? __pfx_ret_from_fork+0x10/0x10
[  970.537856][T13549]  ? rcu_is_watching+0x12/0xc0
[  970.537878][T13549]  ? __switch_to+0x7b9/0x10c0
[  970.537896][T13549]  ? __pfx_kthread+0x10/0x10
[  970.537911][T13549]  ret_from_fork_asm+0x1a/0x30
[  970.537929][T13549]  </TASK>
[  970.537934][T13549] 
[  970.780721][T13549] The buggy address belongs to the physical page:
[  970.787108][T13549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e10c
[  970.795841][T13549] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  970.802930][T13549] raw: 00fff00000000000 ffffea000102f408 ffff8880b8440f80 0000000000000000
[  970.811487][T13549] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  970.820043][T13549] page dumped because: kasan: bad access detected
[  970.826426][T13549] page_owner tracks the page as freed
[  970.831762][T13549] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 5819, tgid 5819 (syz-executor), ts 62152841688, free_ts 970511055479
[  970.849705][T13549]  post_alloc_hook+0x1e1/0x250
[  970.854447][T13549]  get_page_from_freelist+0xe3d/0x2e10
[  970.859882][T13549]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  970.865751][T13549]  alloc_pages_mpol+0x1fb/0x550
[  970.870579][T13549]  ___kmalloc_large_node+0x104/0x150
[  970.875842][T13549]  __kmalloc_large_node_noprof+0x1c/0x70
[  970.881458][T13549]  __kmalloc_noprof+0x6b1/0x9c0
[  970.886279][T13549]  hci_alloc_dev_priv+0x1d/0x28a0
[  970.891289][T13549]  __vhci_create_device+0xf0/0x880
[  970.896384][T13549]  vhci_write+0x2c4/0x490
[  970.900776][T13549]  vfs_write+0x6ac/0x1070
[  970.905081][T13549]  ksys_write+0x12a/0x250
[  970.909408][T13549]  do_syscall_64+0xc9/0xf80
[  970.913892][T13549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  970.919762][T13549] page last free pid 17807 tgid 17807 stack trace:
[  970.926233][T13549]  __free_frozen_pages+0x822/0x1130
[  970.931413][T13549]  hci_release_dev+0x4ef/0x630
[  970.936151][T13549]  bt_host_release+0x6a/0xb0
[  970.940719][T13549]  device_release+0xa4/0x240
[  970.945288][T13549]  kobject_put+0x1f7/0x640
[  970.949685][T13549]  put_device+0x1f/0x30
[  970.953820][T13549]  vhci_release+0x185/0x230
[  970.958312][T13549]  __fput+0x3ff/0xb40
[  970.962272][T13549]  task_work_run+0x150/0x240
[  970.966836][T13549]  do_exit+0x829/0x2a30
[  970.970968][T13549]  do_group_exit+0xd5/0x2a0
[  970.975447][T13549]  get_signal+0x1ec7/0x21e0
[  970.979928][T13549]  arch_do_signal_or_restart+0x91/0x7a0
[  970.985456][T13549]  exit_to_user_mode_loop+0x86/0x4b0
[  970.990715][T13549]  do_syscall_64+0x4fe/0xf80
[  970.995281][T13549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.001183][T13549] 
[  971.003486][T13549] Memory state around the buggy address:
[  971.009088][T13549]  ffff88805e10bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  971.017121][T13549]  ffff88805e10c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  971.025156][T13549] >ffff88805e10c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  971.033188][T13549]                                   ^
[  971.038528][T13549]  ffff88805e10c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  971.046655][T13549]  ffff88805e10c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  971.054694][T13549] ==================================================================
[  971.063260][T13549] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  971.070448][T13549] CPU: 0 UID: 0 PID: 13549 Comm: khidpd_00020008 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  971.081804][T13549] Tainted: [L]=SOFTLOCKUP
[  971.086100][T13549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  971.096131][T13549] Call Trace:
[  971.099387][T13549]  <TASK>
[  971.102294][T13549]  dump_stack_lvl+0x100/0x190
[  971.106954][T13549]  vpanic+0x20d/0x630
[  971.110933][T13549]  panic+0xd1/0xd1
[  971.114629][T13549]  ? __pfx_panic+0x10/0x10
[  971.119022][T13549]  ? check_panic_on_warn+0x1f/0x90
[  971.124114][T13549]  check_panic_on_warn.cold+0x19/0x34
[  971.129463][T13549]  end_report.part.0+0x3a/0x90
[  971.134207][T13549]  kasan_report.cold+0xe/0x18
[  971.138868][T13549]  ? __mutex_lock+0x1861/0x1b90
[  971.143697][T13549]  __mutex_lock+0x1861/0x1b90
[  971.148354][T13549]  ? __pfx_debug_object_deactivate+0x10/0x10
[  971.154309][T13549]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  971.159662][T13549]  ? l2cap_unregister_user+0x71/0x240
[  971.165016][T13549]  ? __pfx___mutex_lock+0x10/0x10
[  971.170022][T13549]  ? __try_to_del_timer_sync+0x107/0x160
[  971.175637][T13549]  ? __try_to_del_timer_sync+0x107/0x160
[  971.181251][T13549]  ? rcu_is_watching+0x12/0xc0
[  971.186009][T13549]  ? lockdep_hardirqs_on+0x78/0x100
[  971.191184][T13549]  ? __try_to_del_timer_sync+0x107/0x160
[  971.196802][T13549]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[  971.202764][T13549]  ? __timer_delete_sync+0x151/0x1c0
[  971.208031][T13549]  ? l2cap_unregister_user+0x71/0x240
[  971.213384][T13549]  l2cap_unregister_user+0x71/0x240
[  971.218566][T13549]  hidp_session_thread+0x459/0x680
[  971.223659][T13549]  ? __pfx_hidp_session_thread+0x10/0x10
[  971.229271][T13549]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  971.235486][T13549]  ? __kthread_parkme+0xbb/0x230
[  971.240412][T13549]  ? rcu_is_watching+0x12/0xc0
[  971.245154][T13549]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  971.251372][T13549]  ? __kthread_parkme+0x18c/0x230
[  971.256381][T13549]  ? __pfx_hidp_session_thread+0x10/0x10
[  971.261991][T13549]  kthread+0x3b3/0x730
[  971.266038][T13549]  ? __pfx_kthread+0x10/0x10
[  971.270605][T13549]  ? ret_from_fork+0x79/0xaf0
[  971.275258][T13549]  ? ret_from_fork+0x79/0xaf0
[  971.279913][T13549]  ? rcu_is_watching+0x12/0xc0
[  971.284656][T13549]  ? __pfx_kthread+0x10/0x10
[  971.289226][T13549]  ret_from_fork+0x754/0xaf0
[  971.293795][T13549]  ? __pfx_ret_from_fork+0x10/0x10
[  971.298901][T13549]  ? rcu_is_watching+0x12/0xc0
[  971.303645][T13549]  ? __switch_to+0x7b9/0x10c0
[  971.308305][T13549]  ? __pfx_kthread+0x10/0x10
[  971.312881][T13549]  ret_from_fork_asm+0x1a/0x30
[  971.317626][T13549]  </TASK>
[  971.320897][T13549] Kernel Offset: disabled
[  971.325192][T13549] Rebooting in 86400 seconds..