last executing test programs:

2m3.988059411s ago: executing program 3 (id=1932):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x895, &(0x7f0000000640)=ANY=[@ANYBLOB="12011001545ec31003040ae85f550102030109028308030504400409047c190eebd872000a240107000002010213240604010609000100020002000100050080082407030600812805240401070724040109b38009240806400001a2e10b240402f7cef25ed16bb10e2402010504050816e8e5753e6e092402010401c00287092402020700fcff0708240201800403040c2402010f0409042482945f10240201020209033f1bafcfc9c56d68090580100800020a0309050a044000c4014607250100fb4c000725010103de0d090580010004010009a81088179683e1e5ec4b266e243a5dedff86637cedfd11c581fb72261f95d169c870aee52bdf80d7b1e52e4939a0415d30512d252518ab8e401a353ccfded4176c6b256ed21e74dd58d746457ac0f94e189e17a7ea63de852821dbedf8b6ae03bb0bc829650485b652da9a86d63ea81f6381076fb2f104d562df4d7e934247e25aaacc305211ab0df9e5afc4cc5e0db739414465af1b5daa02c37b2bd8dc3723ed11daf8100b6d7d0725010503f7ff0905060c10000280020725010105ea340905040000022e0309072501010b050009050904200005fc88072501800609000905000020007f05388824212347c5596ec07cfa5556ce9dd8de6d03f707f8f083ba3832bb46eb0c6520f3c7109b61b2207308ff9fae6c3b052cdda6b19e5cfec2e87471fa87dd1976fde61a7a98e89c59d65df667a8b48d8eaa3b39471a6d11a3a1ea9cfd21f22fb300a439ed22dd6b3f4ac4c24c2fb823734147914ade694083316c4f357a38a22b102b05bdabeba1e0090504010002020901d501b7f3436fd5574418939e142384d7f6416cf2418e8d23f834393468232b97465a7ca2d120f11384e6f4cfa74a0c78ec23c2b8e4a458bed6a17a2e0d2ce2b756f6adb13d0812879c72193ff1ba1e63a404d61b70f09a5053697642300d9b2b670b0d10a28c4e503282f8ec463cf3549a88f6b9ca332be6094403dbd5167cd6485b017eac7c40392503379bb1737ae6db424ff5f7555c70f711f4070cb52413509c83fb47392ffc7cf80555cd6c9cbdfe3924dc8aa9ef96e839766b8b58c67a0a8950af695c2ea969f4450ae9097f886d02c5f09a072501800a070009050e01ff030b0600072501010648d109050c04ff039b0440090500180800da03033306b498a54b4e2086072440516bfd280c0c4760e391a7f355ca9a0c918921d721baaddca880275c8b74cf3446192ceee707f50725018305d60509050304400006000909050a000002fd03f0390c82d5cd4be03e343d1f7dacfe52f0e38511f7e613a0e330497391410f4878b9f49ff8b8aeb5085ff6902d30b616e313f8920e4dc5d7469f090501850004060703ef096c66112252f0e92f398cd68315c56c5d435335538af43a8cd4006e842244ef4a2f60fec9ddfed7604608d7c43d92a89d29d9443165f0e31ddbb4916c5c7dcab60eaf3e644f60c3524fc8d9be60d61d093cb1d746ceb59e0727f9afc6b23b871feb039b582e33beae964630bd8cd457fe28a7fa578b6de3bf30606590e75f937434fead5e3f510c78311284ef5a92a436c26888368d8e9801f86dc8203197e24c6cf9bafb785c7efef537830411a4ab5242fd98942a407adb23194cdbf23c58a28889fce07a6e4a6e529ef9aaab54fce2f078a5a7625e943dc297be87e86492f320513f4aef09172a8e672c92860904b0040b0333020309050402ff03090506540c3f058754ddd197c58e5be6d6b765f03c2d94f5d768c04af8fb77941dcc5b79f2b685ec217ceaa72b10fbcc123b53014c05262ecfbbe48768c7eb8a522644fd748f78a68f27bda1fb55455e622fec7c0cac5a09050f0000040f08097a237c769ff6a0bc5fa37a6775f72ad89a51b0b095211797ef4f03bcb0c14b38d3f4f1849404c0ac11e670b88d1cbbe344a8efc487dcc52343f3e097b7efe6cc0e3b2cbb509268e27a27e4da9458be58a4b7f8f842f76d657fa055693fd0cb903c1395c94052c2e3ab0881faff058ffe9e3afb05a53cac36c59309050c01080002007f09050300ff039a010207250100040400072501021cc7000905080300025506064d23a498fda0740291c30d4da5df964369c28fffcb1bdb34c05bc9dd3d7c5701849d98a6666e9b2a9a5279938306cd0f5e47dc51d524c3a601e557bca3c441d8b1b5f46a50937179e5ed8bc91a07250101fe000009050710200002cc017a229ed6e860238389026f780c856957443656e1198ff380e528e84f7f334fe1ab24a502714b86d1c08b3ea12bfe586c55cbcc3080fddd3078cd6a84e04f44ef6d20e117b2e9b523992ea5225495d6c2be528ed8a3c11cef267f31b8a4fcc555ef6f1124ea80ee7207aa5a2e0900000000000000a746ea2e86d80725010200050009050e00ff03c80e0607250101060400090507000800080bbff623116ac17ae0fc69f7753d55ac002275ad05b08446a0ee3f3f6d461868d10d461c677949c2b147e267b236237c3a83e1498d9fcde74ce0df90192ff69a234150dabb4b6d86e93daefc08097e19a99096b250cbe998ade9bab298cce01e5a3b126ef41721e9342d9f3013a0cfcbc2102a730a7dcab89cf03a67b8cc415cdc910a8172f76476705c40084bbd808996ba6d8556301334db22c19e0a2eb5cd5386a45e7c5375d27eec42e6df368ce630c76865bd4bc8d0826ae495241ce049970115976e44e53dd8bbd8b96ad3d453139ed5fb6af2dc961aa13f8ce9af79314b116d4f43d9d58a00eae441d4fc97dea4ca0c8dcf7041ff090505100800050010072501030a080009050c0c00020300060905800220008000091d3172bc2210d96588b28049c4d631b1dcb513c718631f021aa4bb4f1807250183050500090467090484c32f0c0905801010004301a907250183800b00090500031000030000000001820cffff0725010002060009050c0c00043705030905040840000205003e23cfe7c20e98e3f9bf1cc5fe3cdf5986fced48eee6f43bf61effcaf69cf41b810522a121ba29609f029edd17f0e948606538785950078fe5a4b154bc24072501817d0600"], &(0x7f0000000500)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x10, 0x7, 0x7, 0x8, 0xa}, 0x11e, &(0x7f0000002ac0)={0x5, 0xf, 0x11e, 0x6, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x2, 0xd, 0x8000}, @generic={0xed, 0x10, 0x3, "4b63653f2816100834ba629091a2d270ae56ec9a7d4e9b0f920bf1e982e6823e97779bfba44e5557f550faf74319724adaa112f1016476281509bbd668d42f909f7b07a144576aa95bc29cbe1718fd80d23a123f43af827890993950ae3aed90616149dd7cb6ea85ae31ecd45b8524775d0228a093f52703c87fdd59394a79bc37d89985621c0b000000ac72aa94d785d1d8f5e88d5a34197425f55016f4842880156fbf6647c97fc8136ae3644235096bf4a9f532aea936448ce062715364c38730a64484c5fba8441728b11718ffbbd4471a1219f49d102627f12238b4ef86b3b6d04fb2078a68dc68"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x4, 0x5, 0x6, 0x9}, @generic={0xc, 0x10, 0x2, "70236ec1090e96a8fa"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x9, 0x7f, 0x9, 0xf800}]}, 0x7, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x44b}}, {0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="140384010091237cd6b9e4086bd0ee8c8b74e0b5"]}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x1404}}, {0x27, &(0x7f0000000400)=@string={0x27, 0x3, "c7dec74aabbce6af9e7dcb1c20edb62b88e42a2ede36434ff2260352f415d143ec509c2c57"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x3c0a}}, {0x9, &(0x7f0000000200)=ANY=[@ANYRESOCT=r0, @ANYRES32]}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x40a}}]})
r1 = socket$nl_route(0x10, 0x3, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'wlan1\x00'})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, 0x0, 0x0)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
lstat(&(0x7f0000000180)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000940)={0x2020, 0x0, <r6=>0x0, <r7=>0x0, <r8=>0x0}, 0x2020)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_DELRULE={0x2c, 0x6, 0xa, 0xe01, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x54}, 0x1, 0x0, 0x0, 0x20048880}, 0x0)
mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x80090, &(0x7f0000000480)=ANY=[@ANYRES16=r7, @ANYRESOCT=r0, @ANYBLOB=',gid=', @ANYRESHEX=r8, @ANYRES8=r6])
sendmsg$nl_route_sched(r1, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000403910b61200af6300000109022400210000000009"], 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

2m0.15612364s ago: executing program 3 (id=1950):
syz_usb_connect(0x2, 0x2d, &(0x7f0000000e00)={{0x12, 0x1, 0x310, 0x1b, 0xf9, 0x17, 0x10, 0xd46, 0x2011, 0xe88a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x3, 0x4, 0xd0, 0x3, [{{0x9, 0x4, 0x6a, 0xa, 0x1, 0x4d, 0x78, 0x27, 0x62, [], [{{0x9, 0x5, 0xd, 0x3, 0x200, 0xa, 0x9, 0x2}}]}}]}}]}}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x9, [{0x66, &(0x7f0000000040)=@string={0x66, 0x3, "5b86081708f0c4558c9cf2e6c469b362c72db14ef4103b7a1192a288ea7f6075040ffdd5dbdfed893644c7aa69a2a1f297966ab58acec701f07770a29f6831f129ab7e6f392d8523a9341d3f060ce01d5e5cddb82840fea862490632dd035bb829a74b06"}}, {0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x3401}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x41d}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x44a}}, {0x89, &(0x7f0000000180)=@string={0x89, 0x3, "1bbac0e450eeb0d9d5dc94ca5f135748b2af3ab143e0b2058999e605a33d383990e4177e4e32bd9a18ec7a5ee6f4cc3a6a7a40ab482c734d52e181897ec4b9a68638b2eb2a0fb01f2f02375a6614e4d1350d3ede52ef52c13bfead7e2c7f89dcd34935f4ec7303e747445f3b172ba9b1672c851b04c161472b8141233cde74f2f24da3c0b5b9ae"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1004}}, {0xd7, &(0x7f0000000280)=@string={0xd7, 0x3, "3bb5fcb0a25852cd736f3567309f329b53a374d6e620b47434ecea51f59685d5e19da7bba178151c6bfd4b0da1ba56e3490f1a71843d35c50a6335887d2db1091175e4415ac6faf8d4dbb2495a2a342da7cdbe85525c18c6020eabf257269cb095467da85ba8fe66fce0d96f9eee4185806c3f1feb118180ba8445d919c63056ea93e1bf8d11daecea7725ae7beb0b50937194388877778da0af816b56cea6953748e8246f188eca16017b9d97d6fd4cac481eae3ae35e2666e9133902adba0268901c3f129d524f85d8c8cf47eae41229d7210f37"}}, {0x15, &(0x7f0000000380)=@string={0x15, 0x3, "ce5d252b588b59cb93f47b740cff4fe6b7c8aa"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x440a}}]})

1m57.463280738s ago: executing program 3 (id=1960):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x10, 0xffffffffffffffff, 0x0)
userfaultfd(0x80801)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200000c0}, 0x24008800)
r3 = socket$kcm(0x2d, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
bind$xdp(0xffffffffffffffff, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0xc}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffff8}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {&(0x7f00000005c0)="aac37124274b42766e60487ccfe56e864276cf57a71fab4d37c9e93e57491e0fcc234a5489934be9c12f61f991992e435cd9bb8c1e199fd13b1ad9a490e8064f5d9bb1b9ad483addc146757f60ca0de1150ccc507605507d886012a7a9e295cd38337412dd84df7ac316df5a5e66db5537a2c1", 0x73}, {&(0x7f0000000480)="ced10e468195c739b074d3f44eea75c485dc910be904413ca53fd827dbffde140a349ea249b1180d4189a1391bfba1d6337248b67ce2fa58709250a993f4f34ba2f0a5c82dd8be749369a224556a217695bbdee8d00338", 0x57}, {&(0x7f00000006c0)}, {&(0x7f0000000740)="312abe32f2bee970028bbf23baee70c9b8a6a76913e289a6ae5d8867f46726fdb1f11ce3f66fff0ad221d4d1b881ae4bcb90883be88ed6e1ffa39e92f959775d7e777b54f6488ea446c59aa864a24a08b8308f506a5afbc81f7d1561122e152e18e28a48842f8ea2691282af8c60384da2d04fe029ea686e94a90df52b2508f40ce7fe3c5308dd57c2155b1e1de4f9a879c55c3cdbd125851a142ceaa3d9c761496468662d7aa305d55c25b17f17128da75928e61d5d0a8381cf3925430294ffb9fe66967dc0d8e7e06898814d6db1f66ebadc720423502e029f6cbda2", 0xdd}, {&(0x7f0000000840)="1de6b314201312c3082cfd9ff9738973b96cc5bc0d3b5b2298f145e118dc70d2726393f2ff13d1715cecec9680a4cdcd4d532e1b4fd895afb44cafec14ab91e6bfe4203d91a57ca5e78e24f41856b9e2093edb4922c20036a783249c3e7b6e7318fe5a2595b6ccdf2c4015dfab5ab30050278c8ec90bcd967f062e2d2c973a", 0x7f}], 0x6}, 0x5)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r6, &(0x7f0000000180), &(0x7f0000000540)=""/119}, 0x20)
close(r3)
socket(0x10, 0x80002, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})

1m54.175385879s ago: executing program 3 (id=1972):
landlock_create_ruleset(0x0, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0x24, 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r5, 0x4c00, r4)
ioctl$LOOP_SET_FD(r5, 0x4c00, r5)
dup2(r4, r1)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x33, 0x0, 0x0)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x28241, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
r8 = socket$xdp(0x2c, 0x3, 0x0)
r9 = syz_io_uring_setup(0x1e7f, &(0x7f0000000540)={0x0, 0xac24, 0x10000, 0x2, 0x362}, &(0x7f0000000340)=<r10=>0x0, &(0x7f0000000000)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x5, r8, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r9, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
write$dsp(r7, 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
timer_create(0x1, &(0x7f00000004c0)={0x0, 0x30, 0x1}, &(0x7f0000000500))

1m53.842990208s ago: executing program 3 (id=1973):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil)
shmat(r2, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
shmctl$IPC_RMID(r2, 0x0)
r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
write$tcp_mem(r3, &(0x7f0000000200)={0x1, 0x20, 0x1, 0x20, 0x8}, 0x48)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
syz_usb_connect$uac1(0x0, 0x8a, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000086b1d01014000010203010902780003010000000904000000010100000aa4b50000000201020a2407000000008e781f09040100000102000009040101010102000009050109000000000007250100000000090402000001020000090402010101020000082402010003f3000724010092d0879e45b5470310f5ed00000905820908000000000725010000000077ebea017236589389f40bcda747eb76cf56061d66db6c7094a6899b00ff37cedf177763a0db6e03efcdf50a4cd195ce54c112d22e8ad98a2f4fa7c265afb041d6618fb8286b456a2103f04b3e76fd3cfb31ef2d126a4dce4c6660eca2e45f9db6468536abe053d7ea3a69cfcae175cefcc186e6502e37a4afd09c8c5afae476b998418b9115472feb1f95a8264b7cb23a2b5b847cc4d622f5233764b2a9cd698b8b5940f710512466c7f85b244adfe00698e8f7b5996aacf7dc6dfb9b83a4897cf61a8ade4560145fe2e5f5154bdc54783c33aacc03a072d9cc4b28bdc0d644a6654f5dd7e40590c9f8b5c6618eb4dff6f22bba4ba11a7a1c5910f381246f7df8b119e37e8cd3167a4027b1117ed6d5d39638cbea88c9615eaa3236d250b89df9db065511869e4b83c92bed"], 0x0)
ioctl$TIOCMGET(r4, 0x541e, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x40041)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x2c, 0x3, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r6, &(0x7f00000002c0)={0x1f, 0x0, @none, 0xfff9}, 0xe)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="2800000011146ff90000050000000000080001000000000008004b0028"], 0x28}}, 0x800)
sendmsg$inet(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000a40)="5c00000014006b030231a6080c000af32c00009d31fc00003197250f03000f00e5aa000017d34460bc24ea08000000251e6182949a2756f475ce36c2d1000000000000ecb8f6ece6652894fda67ac7b7630a6e09e61cd53f2fdf2eed", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

1m53.031964162s ago: executing program 3 (id=1977):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007840)=ANY=[@ANYBLOB="02000000040000000800", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000032321f2f7fa02eb4d518442afe15bc1129ddf199921f6c9385f1d4c4fcc8cd9f73ec72e6756e469f1056f0f2b00934c6b5879bb96235afeeec0d6beda161c9a9ef0a4c29777d5123e9af7a464f66749a5467ec4b083140f627c0a7844fa8d458fdab7fa1176c9d9e7e1fff70a7845a6d988ce3c3740b71325afa3cc3b1"], 0x50)
mkdirat(0xffffffffffffffff, 0x0, 0x13a)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x80, 0x0)
set_mempolicy_home_node(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0xffffffffffffffff, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0xfffffffffffffffd, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00')
pread64(r1, &(0x7f0000000280)=""/86, 0x56, 0x8f)

1m52.729305717s ago: executing program 32 (id=1977):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007840)=ANY=[@ANYBLOB="02000000040000000800", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000032321f2f7fa02eb4d518442afe15bc1129ddf199921f6c9385f1d4c4fcc8cd9f73ec72e6756e469f1056f0f2b00934c6b5879bb96235afeeec0d6beda161c9a9ef0a4c29777d5123e9af7a464f66749a5467ec4b083140f627c0a7844fa8d458fdab7fa1176c9d9e7e1fff70a7845a6d988ce3c3740b71325afa3cc3b1"], 0x50)
mkdirat(0xffffffffffffffff, 0x0, 0x13a)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x80, 0x0)
set_mempolicy_home_node(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0xffffffffffffffff, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0xfffffffffffffffd, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00')
pread64(r1, &(0x7f0000000280)=""/86, 0x56, 0x8f)

1m17.434554841s ago: executing program 5 (id=2115):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x3)
accept4$bt_l2cap(r0, 0x0, 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYBLOB=' '], 0x16)

1m16.011916735s ago: executing program 5 (id=2120):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000}, 0x4, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="c0000000040a0500000000000000000005000008ac000c0085db659d6b15e8f3ec15730dd715cf9a067c00870c200030daf7e1e89e670d6dc81cbfcf3cb5b51a27a440b226936c8881a44b373e5725868c29115a2f3e3dd9c52e3eb974409b06cb489c34defff040dc0751dd17e741ce300c199fb7c67cc9ad9242acc433ab073363fe12a108e414ad316f9cdaa9d5d68d3ea6c1a2df820dcdd3e5b265487b4d3a1fd85f892ca1e63ad2ea879dfd2053e635f2afdbeb9937edb063880931e134d6"], 0xc0}, 0x1, 0x0, 0x0, 0x100d0}, 0x400c0)

1m15.724892019s ago: executing program 5 (id=2123):
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)={0x4c, 0x0, 0x9, 0x5, 0x0, 0x0, {0x1}}, 0x4c}}, 0x800)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400a0c08065ad6d167a00", @ANYRES16=0x0, @ANYBLOB="000000000000fedbdf2508000000"], 0x14}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000a00)={0xe0, {{0xa, 0x4e21, 0x4, @rand_addr=' \x01\x00', 0x4}}, {{0xa, 0x4e22, 0x2, @mcast1, 0xa}}}, 0x108)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1m15.596749347s ago: executing program 5 (id=2125):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r3=>0x0})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0x15})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r3, 0x0, <r5=>0xffffffffffffffff, 0x1})
r6 = creat(&(0x7f0000000240)='./file1\x00', 0xd)
write$P9_RUNLINKAT(r6, &(0x7f00000000c0)={0x7, 0x4d, 0x1}, 0xfff2)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r7, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r5, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x801de6b9})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r9 = eventfd2(0x4, 0x80000)
r10 = eventfd2(0xfffffffb, 0x80800)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r9, 0x6, 0x2, r10})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x2, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x67, 0x58, 0x90, 0x5, 0x9, 0x7f}})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r10, 0x8, 0x2, r9})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000000)={[0x4, 0x9, 0x0, 0xffffffffffffffff, 0x10002, 0x2, 0x10, 0x0, 0x8000000000001, 0x5, 0xa3a4, 0x400, 0x8, 0x5, 0x6, 0xffffffffffff6c01], 0x100000, 0x3c4210})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

1m15.115768892s ago: executing program 5 (id=2127):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_emit_ethernet(0x96, &(0x7f0000000040)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x4d, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x0, 0xb00}]}}}}}}}}, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x24, 0x0, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000b00), 0x2, 0x0)
ioctl(r2, 0xffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe(&(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000240)='=', 0x1}], 0x1, 0x0)
mount(&(0x7f0000000100)=@md0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='pstore\x00', 0x200401, 0x0)
recvmmsg(r6, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x40002002, 0x0)
setsockopt$sock_int(r6, 0x1, 0x10, &(0x7f0000000180)=0x55b7, 0x4)
splice(r3, 0x0, r5, 0x0, 0x4ffe0, 0x0)

1m12.895691903s ago: executing program 5 (id=2138):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x863, 0x21)
close(r0)
mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x80000, &(0x7f0000000140)={[{@none}, {@subsystem='net_prio'}], [{@smackfstransmute={'smackfstransmute', 0x3d, '^[^(-]'}}]})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x84c, @ipv4={'\x00', '\xff\xff', @loopback}, 0x104}, 0x1c)
r2 = fcntl$dupfd(r1, 0x0, r1)
r3 = socket$inet6(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24)
sendmmsg$inet6(r2, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="d0", 0x1}], 0x1}}], 0x1, 0x4044151)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'bond0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})
mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x800, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d756e69783d616e792c616e616d653dffff2c66736d616769633d30785a3030303030303030300600000030312c0000000000000000"])

57.858632055s ago: executing program 33 (id=2138):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x863, 0x21)
close(r0)
mount$cgroup(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x80000, &(0x7f0000000140)={[{@none}, {@subsystem='net_prio'}], [{@smackfstransmute={'smackfstransmute', 0x3d, '^[^(-]'}}]})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x84c, @ipv4={'\x00', '\xff\xff', @loopback}, 0x104}, 0x1c)
r2 = fcntl$dupfd(r1, 0x0, r1)
r3 = socket$inet6(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24)
sendmmsg$inet6(r2, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="d0", 0x1}], 0x1}}], 0x1, 0x4044151)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'bond0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})
mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x800, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616e733d756e69783d616e792c616e616d653dffff2c66736d616769633d30785a3030303030303030300600000030312c0000000000000000"])

11.815447239s ago: executing program 1 (id=2388):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000640)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df0ca8583f30e2093a09e081549815a1528c4102963cd97d2d418df87a50ae8649e9a6ce90c2adc53843ce447152a04a94f312c708238594b5413678191f2ca28c42271c4135f9acfb8edb673316714c54bd80afd185055b07a3423232906690ab7c2808278221107bbd7290d00f0f5788bd6eefd7191c4b6f33b945cf349dad800dc4c5901182d4a2c1396822337bb777aa2d7c4b5e38037b028e9d72678bff9ec7a6f1bdca9d8642b4eaa1a94b8057c2a9f6ac6e7049d09c7822f49ac81b7b84e53b8e1294cc0db65066604b5211e4c1adbf4d51d8f9cb17172b704b", 0x145}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a58a32d02", 0xd2}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd2", 0x32}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc", 0xc2}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)="d5469d85d0d60f65e265272f992fe2e8", 0x10}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000005c0)="33ca667d023ea8f11964", 0xa}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d18345ac61b2958886a77e2a2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21650af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af1", 0x176}], 0x2}}], 0x4, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
syz_usb_connect(0x5, 0x36, &(0x7f0000000e00)={{0x12, 0x1, 0x310, 0x1b, 0xf9, 0x17, 0x10, 0xd46, 0x2011, 0xe88a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x3, 0x4, 0xd0, 0x3, [{{0x9, 0x4, 0x6a, 0xa, 0x2, 0x4d, 0x78, 0x27, 0x62, [], [{{0x9, 0x5, 0xd, 0x3, 0x200, 0xa, 0x9, 0x2}}, {{0x9, 0x5, 0xf, 0x3, 0x400, 0xd, 0x6, 0x6}}]}}]}}]}}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r1, 0x0, 0xd)
r2 = getpid()
sched_setscheduler(r2, 0x6, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$eventfd(0xffffffffffffffff, &(0x7f0000000140), 0x8)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00004e7000/0x2000)=nil, 0x2000}, 0x6})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$rds(0x15, 0x5, 0x0)

10.498072831s ago: executing program 4 (id=2392):
landlock_create_ruleset(0x0, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0x24, 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r5, 0x4c00, r4)
ioctl$LOOP_SET_FD(r5, 0x4c00, r5)
dup2(r4, r1)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x33, 0x0, 0x0)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x28241, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r8 = syz_io_uring_setup(0x1e7f, &(0x7f0000000540)={0x0, 0xac24, 0x10000, 0x2, 0x362}, &(0x7f0000000340), &(0x7f0000000000))
io_uring_enter(r8, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
write$dsp(r7, 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
timer_create(0x1, &(0x7f00000004c0)={0x0, 0x30, 0x1}, &(0x7f0000000500))

10.204194824s ago: executing program 4 (id=2394):
r0 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000006740)=[{{0x0, 0x0, &(0x7f00000056c0)=[{&(0x7f0000001240)="80349c0d9e8fcc9f44658138dc4a3c4ad42f918348474a5bc38ff0e0571fc22c8eb5cb22fdf30ced1a4c1ccb5e5b35fed7db48c1a8a7132adc5623d146ddfe2254dd2579b4284b53d1cea6206864473d31bdb00c9d1462458b678827e80c94d88099e7471a58b1463086f9cdd1ccc19fa2fc4a9dd5a56fe782d15e66648c7630f1aaa7e9820460c46e292dbb8fa6f6701048ff17f46097b1ee0750ed038f18b81b2ba014bf866062c9a6f88b5d07e13b7eddd968ba9c7a53609c7b61471a51fd85bceebc0a92b2cd7c45a7f4571e693abebc3c5ff16c8128d92476", 0xdb}, {&(0x7f0000000280)="5b4ea50f20d7212327afde5e7a457cde2dff791c69fbc3", 0x17}, {&(0x7f00000002c0)="851d8a90d516f218f839a7c48edfe734b2490c90a2fbf5be3383f1c9f5be8e55148723ac0258ef4f8af1f5e0b0a86885f018523d60072c7d9c1568700b3abe208fbd5dad2daf18b5150a530d816bf4cc6e43da4f2793611b38009e8c0970268cf5836926fd1223f4f8bec6a4a68b2aaff7af151a661793a04cd9b936da8f53eae22356781c580df817f3168269eaeeae014fa9b1878bd89e2acb4853ffd7b9a06d7f5ff090c605f5d343e6d93c80d747365d21acea325c44fbb87f6271a2d9333e9b9dd1d36dfea61641d34fd54cd2970ac14acdadd04357bdd44bc926d0adef887b2e25c2f435ce79bac1d1f473c3a49a12aa5c5cfa4bfa4fd2470308ed259e62c218aee67006a3ca187c9aa13a806d99b2275341fd6022940537b1cb1fd2389f417ea92c6e77a09a9d09a98c4e2f0912d36b47588ff991aa98c3c650055bacb669aaf68dd4f8a7b43569c9af62e7cee6ba05278fe8642feafa5c436cb13fa45b3cdf750f8956c493acf7c561b12259331a363c74fb5f2947652ced415b0986b673680e8ad7bad823ff84c30681cbe45114510d9aa6f423f212bcdf1c244178ae31474d9f176707e9c481057f72d489372f7daeba51e3ea86895c8eed109566ad19f3957d0df21a671fce2d674c207d8643c85a018834f4e8e3992e6991d815", 0xeb}, {&(0x7f0000001440)="f0e266805aba28ca0c0d67b3479e1c7cb90d64b8ba8093c11696a92981d4fdd1f40043ce52efdea3f8d7b9ba23840df17c5a35207d6fc677263be310a063adb7b1528b8a04ec5b50d2cfa0df73c57f16a94941e8fb22f429a1f34b5b01514fefc4bd79a2cb936cf2eae82bd7b628431ae2d7b61059b35abc6ee24fd40e3c1bd6106af177bc4670395df7238a420fecf1e6ed3fe8906c3a2843215618fcb72ae77c6d36feefb4d45157e5d35fb4bf297d15ca042520f08e85ad2d7c5045fc7c4a2a8b6e149fc755d70437b3835083ee9fc662afbf840ab97f0adcdde20099bb22e909b937696e9d950ca0a361dfa8f5453454696927ae5a2401340264bdcdcd86941c18b536bdccb964461679d1b62855dadee9b66e5d494183283808c706247cdf83b45c44178775fc957483923b717724549dbe2f9a092fa07e93a7772d16bfbff9a0dd14d48d30b1e4f8206f92cf2fe08a7702f73404b79e77dec1b694e8a7c588a7bb2d770122291b10b456c4419dda49da0433a0aa5f0be221d29b45082b4f9521c2a1fbae507aa2652123619b78f340f01523bf9e6089e8e8186af2b85476d7059226f07467a6e036bf8808f2e9070b2a94ac1c64ec066def276c362a1d4a830edf754783f0a1e52e1adc4f6ca2d7200fd73b9cda79ccfcf57a27f60e184ebe12c4daeb214c2057b69719db280e0dcc2d10b085c7ab8e2394bae44893e3f335a3121bae3a33c32b004ab7bca48726029b77a6c784d2af3789fd520e37009d103c0a63598fa5857ee1b86a38a9feaf1d1f512d1884861c13d647d26888430e2f15e78cdd6a4c875e52de709dfdc4af4775ce03d7c8c3ff2b9fbae82dbabf11460bd1bc1ffe10c5062a265fd211a2b52a41613cc03917b8d34591885396369d1d172df31244a236c49d4457a936848684b59e326872d58c5db20684d1194ccb7ecbf5017f0f702f29c75cdeea09619db8bf00b41b1a165af13b3810d7f7b6a681aef628190f4fd53244a650b0500df500946792d003f2d2f0ba3c57f8257c0cc897cb1dabd63870ef86378a14e7f5068ea6a2311414656d766fb24e43c2a57b44cb1dc584d71e91628348790dc6a9adf85bc403a934e7603f7b45473407cf1395163b3efc9e880963bbd98140adfd624ccfc1141cd899826261e152265b9307695488c0cbad9027bf74b6f0c7adbc9878983d96e6026c818ac30fac3e2392e1c8fdab8ccf902d0915a471701083949efafc7a2e05608139fd0ef22d834ff02569878579c43635ad2d56d7cdfacaba8a3adc47c7fd42e521ca6b14726e68f67e2662c972bf9824ba847e22985400fad74280c22a0636aee80eeb7ef0c691cee94573ec78b53d43316ba691fd5274d1ff8085e297d2781a31f704dfeb58db9fa216c3356341207e953712de9ef27018bdfdddba8abc0c5f205908f12a42685ecc0c20cd92a57bba45a435f7bb412ccab1a6d877392971de8b808af07ea32b102dbcd7d00c869ad5cd8f5a5895b3d6dfef226d51d819756a85ffdde3d08f59fbbb7510a9ac3568f8f039fa7abc7b34685f3579050e88773cb4bb7958ff83aba1f23c8ab4ecd019c59781d47bcc50c64a957c3fa37311a240649313f77fa81020a5da0560d3bdabe6001ab6792ad782fe0e44bbb59efd4a524984742940563dd9e9a0226925324ac94373a9dcb16f32183ef3f465a13b83974f593e664f53131241e2133ce22917fbb412354a51026847f92aa7afadb1cdf51677fc2fe5938812ef17ae79f4db75afdfce3c5b8822dd612457b5f59dd616acdc473e97afb83f3c9789f3df399a2c3c89e8b5e6db33a306168b0cd4e8acbbd6ac81dd46cfb2f7d24b609d009049784611d027daa0cfb12111c1236aa010796cc687cbb151ba30e3a786ee8bfdae51e65a0c3667f7b8856089621742bdc19ad66f60eb48bd7f20b0ac2a523e89e6a7089e3704f266c52c58994e018e5d20b77a0413c71cafd420d9e0abb77e9f1199aca31f6d94372ca5736c749c197cac572e4962fc089f866a896763cd7b804c8e7211bd3a64f1ed12d65182deb850279ecb530683551bd50214e03b9f813431688dadf4caaf77d2e8b20d3e5c424243ab50f9c20462cea0f38eb080b02074e3e77a236d4ec929b04d134dcc5f767736c096794be3aec9f1195b87862128b436fbd0305a6ad6ebb0b2167e184c1de57048144b7567a6ad6c028c4b8a78858925f0ed415313da984484f753d14234d30964aa3d15af13337b6e5338d4f787abc18e0ea4d9656aa3c1d3eee0854078470a0e724062fd61a95f17516ca92faae8397ce07ba558a689ea49d25685a28c68fbc533892827829692d65a15711f0d14f7f685095f6c5dd085b30ffc4dfd9097157c1fab80023d24912861e87d1e484fe5a4476743dcb983d3eecabfe168db03f888432d8b1639e89c8f0513dc36ca8969ec364d28814fa6e21f979020df1292d772cd20c0eb4a5888f38d8d129e30ffee29ab6baf3b2f3a509e02d26b354f1ebe3531fe97968f1f678937b36f3684a8c100030a2328941dfc09574f7cebc26337cd4b2a6fc0b92affc3f3f892542e46fd6cfc2780c0b8a916b3fbb7f33a2537571b06643d82f86e2156740e024b360f48b844797971383610dc93abedc9945ec26d6a56e2701522e3fd6b77d4647a137346985af549d8944c652ddd797e1856a30f296258eb275981bc9432f38532d6e141d603b002c75247b3e71b39dbc01e8e64bc0cd510bd1700685a95ead8fb3fe8fbd72be2e8f9f5a9f1b2c400bfdc0aeabb14a7538c9a38a4839bf41120f2c2aa00277a327d7dff15f52854146a94ea41e4f14a15443124c6bcff43489e7e242c8315ed8d542377fefb6002292c1adc571c730d67b8dab5a4da06659fe7b69bac3147ef39fc877c323edbb9912886ab468c530a8d7844692010ea93effd20f4ccc47b3ff51f378c12b1d03155d49772f14d65bf2ce38f589ca4647b6713ae081fd13e74b307aba8bc34a4406d78c26ccfdf328f5c273b294f6c6419cc157eca59939ec4c0b95cc6d5f97c83c3f14aeb5b88910ec29cf64496d9b1b855fe073d4791507c7533846cdd7810667427583b3a8b7febb2c43643c09bebbb12c08781ac9d0995723fb47febef49e0d6631f054e5b3b3a284391590cfb5d5cf4aaa71586cb37b9fffa15848176da20969e88ed87dd8a4fa2b5140fd56f0a9973217f8ce0c6ee50b67214b6d7d6b84d41d83694a14b2e96f0cb79b49f5fe4dd21727c00819e83b6ea203bada46e9ae8ce7bebaf24f05fd20672e4230b3851b8f05bb2f0977dda7c8cdd1f2689b7a10a72018ff76699e53b2a3f77bf7fa03fe3cf85d4859c9db915fa5c1ddff79e77d0b1b6316d3e50d0d60a42271332f3e81376f120836cd3ea55b7f1453833a7bce0058f79b698a4bd0e857ae35b8ac8f20ed8f238475757af11ce7b450cf89191a4f27a365f594ef68efe6ea1a5c3518712b1aa37a1f47e05f85debfa461f5346d985a71e49ef17f4eb068862977d56671d445176934be6b5318300d7debf3ad8d7da0c014b25af2d8fa52753974116a8cea6c974692f5de03b526a075cc3bc8a4375333f0ef09dd3c361738a151f326ba3253c171f8f7876107eeac122a65124e59dfe7c66bb9546d6428559df314063ac08c03d96b04b6a91508371fa18348c65238546f3d489c7efc1bd01e6e389fbeaa8f125bc7b7c8673904eb676bbdfa3680fea612ba20fab20cdd411c2bafe0417b76852de9e863f09d291bf59510ead793cfd9d6710c0de77cefb5b65481d3aabde2683457b13e3b32ebc06f60d5afa47e36f652a95bd16dcf55dd3e1b05d0df9b8a183553097c2aa95aa175eda6792f58a74170781260e6120981549b3836d13ef037178dd8ddcb5a5624f3790f9d92b0f8f3cd11bddf478cd79456db871f32dd6e24948dd762ba2c22a94300f527c1df5ff05aef5ae4893ff88adc8f7af779d03fcb4ecabfa32460315f27505681242064541657acbb29f531043ce1d04ad189045140232f24f46d0580ada560c61fa4a90aec4743a9a0d466493476923cdff87a21127bac3da7d61d674d8bc9bd63cc3df85c707a912773e090256d5a0bdc5da8ceae2ca25c596410982b63055e6d292a31776cefe58457cb6b5cb92a2c69ed5eeed35e4ea3d6b54ee22e41dea28adac6e1eeadf604f0ef3a67c86974c3ecacdb7f502c74ed31138123dcb80282dbfb0ea0fc2a6016dccecbcbe4952c27b09e7abf784db6b7cc55366d048f16f6473a268b90a1c9b9c612f88bed9008308b11e47d79329cbefc3f313863eff4a16e6a70c41a296d3042a1164d0578297642ec82da1f92dfaa6a67ff9cfcd1b3e88fc442246a303a0e539ce65ad6fcb6d8657937cd88d4c30fd369f2bef0308f5db8824919139b25f82f56e24ef4cf1feda07c3bef9dd215575ed774dc05603f4664332c7b002c48d873bf1ebec930a273efc78dafe153f7eba9161002ca9a8fa855bc357f3a67810fc081b9ae9b4f69401ef93d039c7c1398fa8c9eeb1ce001e08e9231ce2c2beacdafe2955d4056e18d4d09ed22a996666d4df5ca91c37663bb54eb42fe39712736fa0e64ad4f8ca843fe52702c9ae48e60a3f5eac160f58ff3cb80684120845b9e34bc1aecb19662b1a429926ae351d004eca1d367fcb34facbeb2184716c5140a7e420c7f4379b0c43ce872b62723a587d9ad528c2aabf158cefa2df3422203b5cc73e9443825089527700b69a2331e0558a9b1e9d3e69a59896e6cf4df46b41a8cbb0e598a874fc23b16a6eda6eafde02451f0255ff9e6d1bd007c86dee8b6ae875752415b8057b916a3fe7b35cfcf7d38a50e461f1fc1d6a4541ba4079e1f21d0ea2a5ce4aad561215a1d75a2599c757cd6025753fc0578e4b7f4195ad025c46d50c5c351af1ce1e8f8c35439c8598293cd59d2e90a1445497b0249a314379dd13e95f00f2d8240190da9e12adbdd809b1a96900054db156d2893f7998aca02c86f61478a9b21e9e11a6f4b9f7f382243739e492e9048ed9c7b0b8118d966c0f41709abd171873c498a3168639bb2451e0f65e93755fc9cbf3b996ed0873a8256a579372146c3a1e749a9a640f8e9c01af2d0fdd34f2b5fcf4e0bac0b7becd41851359f89dc17156b6ddbd6377c05a059cde362397f28ae2cbbdac107142b40913aaf059d897039ce3fda8c29ae93210676e44f131f78e78d68d858bb7fde230a2f0fd542c5e8374fdc11a488da9de28bc3992a8d74089de36a732110c841bbdc5f24f71663d9a5f5209791fb7027749be23cdb3380f581151563d3707290cd31b28c13139b8e041cd72af3ad9b0fd0b3f131608a8ec5d80c4e7cd458abebae0244c921ef69a4ea0e9a2c2073bd13b49f574a7e278c7ba08c22d89b678a3cd814e8d0dea0101d95f789ada5178f46a4c6beb8dd12352cec179c886ae98ac2bc4382acb565df99eaff3f6824536ef7de884176ea3ca14a9f225f8ada2aac871e7c35df92943600cf7961b8eefdeb70d985fbc93252c978c5c773b4f2ab4b7683e2563d36ebfa4355969f6201e4bcac04ede3c6c9a18ed23f23ec331cbe2d645fa4ffcb2c742ba4905788c27a9bc97536dcbc08d3cbdd2f7195acc0f0eb3cf52aad9a1d23a1dd3633a49a482a1c1eb8761dcc7474f0fd4596a661b7668ab22ebecbfe33886b9b4a0c250380a9a34fefd9724ff89b32e5622258287b3281bcccd0bade4e260b6fefe73219c41f2de521587404ac1d2de4e2999202b3870099718115552aac2d446e649", 0xb47}, {&(0x7f0000002440)="253c10cd0a56ebbb9e8b465670109c340c95f1d27d36cbeb7fa948545e9b18da346b70b5dc6ea12ad1a30e4f7038336f1af1d61b04de988f1755e9b3ba9919b2a4952ceda920a7f0e22dd239d4a74f2d1c854bc64f09f979aa3e9f5c25ff8ec189e5d809483583f648cd8870291200e428", 0x71}, {&(0x7f00000024c0)="2ba671ae8107530b978dd82841597ed8f4275ed9e6b9f7b73ee6324ddf688ad9d88125b82afd2e28aef7183086ce0dd4ee880fc56a2ca8b52ef8f5b5f3e475f49b0bcd201fe612703d680fdd1151dd32535b04d4697d472c7750d6c4c197162e9f872253b611b1ca20e79dcf40d1faf58a453f8db9a03fdd351b54ad4e77fa0fda7990bb281079ae7ba3994aef7380e1d6342305e2d12c57379fd12e784f48e4e832171df4576c8724e3bfd70ebc92fc11914cd4", 0xb4}, {&(0x7f00000025c0)="96cb9dfd0c61d5ed863c5a35109d427201da53416c37631f95451a170fdb734214157996b04630903a7ad20aca669b5120871c47c6ef4e5975222b9676223895144ae5c2898ba0e94642e43e374bf9515c7e840e62021f25181401bda4c4d2d77867390c0a05af019adabfe896d7824f0dcb1724c64da40478808059ea83fa60145e108809ca25edf6ab820f23a5ce2b1779aa8c037a26d99df56f39ff5beca1c1e0cbfd69e415971a02f5115f6da0ba6da9be9772efa870aa6b62774ce009e7bcca4b4a7a910aab97e7f3da899eaaf573ac8a926a7be9b5875b3bb707ae9124ead39e70948bcf654b6b4342043f756323494e4ec559866c5a480c3b156c0427f1cc1d373b77424ea38e3697e36dcefd261575e5516bfcedc7baa8cbebed0ce49dd27e6291dd6f968eaf37f13313ba0bd22b6a63496be04a42df10fef87386434103b5ef819a969e8792a7765dc52c310fbe89851eaf8b2eabcf27bd487f817d48a54b0c7e8b151f0941a6f4adcf6a4486f96f8d18a2928829db333ec08bffe029f4840fdc0433d75157e80b33c3041f193e5c3fb1b7c13d1d7d7a8fe3122ddef181a6534232731c8f91dae42d9a66b9c2e0c6de6da74c24752b53d344b3c9a48ed62705c3e93f7e346c0379a6ec672b3a73dcfc159a79a77bd7b9edd013e3e9832d4dca6f9f973d63d5d235c7e22822e012e4181e102e68b03bdec323db739968061a7ba6fcf9589bd2975520fe9f1b44e52489bf5f5b0125b14bc894f4ff1ad2ba817dad6ab1654a2cacce1cc5160ea4bf3d7011cbf16ad0389b6511448c4186da0a7a55be54031a6d2773ac33aab5d533e7bb213309193f2ca3970e8fffc2fdacbc96e6f49c116b0505385a8bf282589be6b844e2aaaa652459b5d021127f59009020d34932cd03fbe5fea45bdc1f68463c4afe2b5ea8f97dee5e2e6b58196aff00e5ca51a0087f02bcb1dbdd638a5c7590095561578c30904f7ea80072de21fcedd0e41da8e7fe3514eaabc603d770a6fbed5367edb7feb5c5edfda04c7b8a4bfce5c73b876f52fde7dc929f3ffa632eb9514596793533d20fd191b484e902ab104dfc34a8486ba64d3e31c495e043279d8d6b4e6ca3c3fd4ae43529e55be690309e1bc90af2e9188cd5673eea73c75d4decf8972039c086e4b47caee900e1422fd2fbe0303dd5147a9fa487a7b08ad529d0d3db2bae4b26a83de0b15b9b82f26b23336481aca875c48605dc8d25d872920d01e2e163cc13d1f026666f8f54d6fe7895b47939599d168dc98a2de4aac463d98cb39375ac13fadd722b9f1e221d35bde594c9e53aa0f34b235a9d68d8f4841f9455804cd8a7bf05315c5bab2fa8820e956a8161cdd685fc4e1344f9d89189057376a5d1c23273d475aaa72ccbf4b5d8f2863f3f0fe7c0f8b001c065bae68aad9d8878a5edcd8dcbeec07d317c0a81fc84b8b208c60db73c6cf86d46cac98a7df449581d74be7991f1fa6924b76a2d6077aacca10fc777f0d09c5420cfc38c4638957086c9a2065ce94a286da01527bd8b8fd5830f93bcab97a4d0ca13c55b4ee32a49e078b4d79e7b17200fb6a550cfcccd33c681e37bc83c7fcda081a67c2a828e65a75df33e587a05f75fe05aef4078b3482c9078e2edb63c74134f92461044871e4a71f40228d156cbb3beb53eb898e0b6ade2d486a7111ce074510ad957f0eeae0812dd3802db231d9a15948a6b133167eb51dde0199023dfb3471661c7f13f14e786278c551d60929ef969b15d4ea544a9cda830183052ca1072083fb304502f38bcfd46ef64091a2a64bacc55ff3e91f8a7a97f69a9524bdaa60c14d75ddb44e399158c603cded78f42b79a6e9b9c30575289a92558f4d1d9cbb35780c86462cb56d5b474901c17df6ccba95481c004c384b17f99fb29458c9c59666c5305c508561e654d5f1b8ed375231358828b73b487c5f3096211f863375333bb1d3970f7c4cbc7b0f122dbb330b24498f38d804ec0e9c8a5976578bfbc2e46e8d898ec08b3742d5f9ba03d56567f6541f075c4f45eec94a6af78065689e8851294c48f02d48b1266586db86266bd2d0cbb729b567ed7643edf6849f50ca7a28b4ef59433ff22ce0680ffb3348a458ff77b6a796e849cb456df4b443d625d423d10e21bf0bcc785a243cf70ed2ea7c52548cd366ad9af486a4a0171f21ee9d961aa808a69a066aeb0c605fe7a83291ba942df3d11ba1e12da7381d7af20ccbd0de5416ef389c65d1fd0ff209dce808c490707a371b317ce65765082d1c5f67846ddfa65f291117d6e5a795ac2961d56eb24060d8b160d5bd146cd61589c00a108a1dba9e8730157e403cc35b0cd64b3aa66eada80be3bbb974d4642aa76bdf87c2d63134af1c646b1f0bfd218d4e4ebd277ad1cfc9b6f20c4036c6a511cb1ce486c3a563ca9368b10bed088bcfcdab752e0c78a10e550544ee6250d3908e3e7b09b2119f94abc2fdf43d7c82a4ffce81a3f962124ace1108443f41202c6d055d37e99b4eb6287c485acabff03f3a115db1ec790fdc5436e97bf2443c2f707ffb513f6d6494812b2238d679c8787a854ec92126bdc4681803ed4a5b84590e4f00ce956c6c3394773303b0620d118d2290cb229ea3b9bb9de8d719a0f92a50d34909a363f5f6ff906326f917be78c914c78846ef30c9b107b26c0a55401ceabf5b3c669eaa7a1a36d97b01d5da410366e3da5d232fb711d26afd9d4a5016425e47c0ec9b6305673af4cb46526af752011793c322797fb706042da364b6e723b513fd73db6721b00bd80e0923fe075300951d4dfefdd029c3fed21b734bf102f96d58b50bf4edcad014670c2d93eeb4d7bda3d1b70d9e21262c644bb96855895e4c0b32c9ed599d940ac24814b69812c124648428e13d7f72d74feb30288eb78b4a99fadc96589d8a9c7047787aa802514ba28af4d5520ac50928cd75ca92e2934a2e126456bfe1587003e87d9428b1fdb6b7662c44a5fee9d537b7f43822e5b103aeece1aa603215c215de2873e3a6b327c5ed0a0190fb7645034e1839ad165f3f7f80fd793734ac1412bbe20d82aea543792047ba5c5b37ee11988cd7e71cd43547e13c6bbc1ce3cf6aff9727381f06feb83b23b694724d9259d3736eba6ee66ee73a224b8a978debbbc35f8e28cc8267646e5c8cd8076d2044d41eadce01738ab2c7dc763de5a8042b957680223c4d9fdbf65d17e8998444e8db36c50fbe3c9a83e506661a029c4538617d46b6a43675c6dcf283a45b99e44188fd2681a50747e819e7f37496207ec448670fe62a3cb94712abeafb5dd2690ec12b18f8d67d5b0db41a897124f8b94695501aba517447338034bf14d0f99cbf5518aa013e1f35a052b4d27d1247349ff7a83362444372f017fcbdfe972b91c46a0a57f4639204673341ae92bc2dbf2b8d1680b432552850964eb1e14f38995e7e404b1bd1bf63d8d58c7b4ec38e3b9e73959e6509ad9f67d684f62759f5cae90bf8c1781b5800922c312aa634e5748b6181fc37df267eb5c66afc0c9249f9f601136c78d817beddf308c6970ee0e8221abe6fa124f55de7e5e78398004095a175f58cc270840e8c6759627f139e4f9b3b362e2700c5d06da66e862d1016c9f89d18646a6bb823f992342433b03397ed7586f489824a1495d707c81d3885029a47845802ef97856e530789a5cb7239752c6509cdd094212cb4b1b8baa7416cf5000db59418ad7f7a0d7d8e4cb8ebbbe4c40ba0ccc25283b9c933e251fff9871fc01026fafd8eed7ddcbe454b79339be93cd4b25a55af449f5c0893a957c5468c9147a973478c834ac4ecfea339cf3", 0xa9b}], 0x7}}], 0x300, 0x0)
connect$tipc(r0, &(0x7f00000004c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x2, 0x4}}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
ioctl$VIDIOC_DBG_G_CHIP_INFO(0xffffffffffffffff, 0xc0c85666, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x501000, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r1, 0x3ba0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x5, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x3)
r3 = syz_open_dev$dri(0x0, 0x800000001ff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="280000001e005db700000000", @ANYRESOCT=r3, @ANYRESDEC=r4, @ANYRESHEX=r0, @ANYRES8, @ANYRES16=r0, @ANYRES16=r3, @ANYRES32, @ANYRES32], 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x20040800)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x92080, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000040000000200"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
socket$inet6(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x9, 0x70bd29, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x8000, 0x0, 0x2}, 0x2}}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)

9.650825405s ago: executing program 4 (id=2395):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xd3, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000a20000/0x2000)=nil)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r3)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000400)={0x3c, r6, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r7}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x36}, @NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x88, r4, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_WPA_VERSIONS={0x8}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0xfac10, 0xfac0c, 0xfac13]}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x2}, @NL80211_ATTR_AKM_SUITES={0x8, 0x4c, [0xfac0d]}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_PMK={0x20, 0xfe, "ed20ac248da78fc416bca9c5c74159e745340b25a994adfe34610ad5"}], @NL80211_ATTR_TWT_RESPONDER={0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x4}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x4008800)
connect$qrtr(r1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000300)={'geneve0\x00', &(0x7f0000000500)=@ethtool_cmd={0xb, 0x80000001, 0x8, 0x5, 0xe, 0xff, 0x9, 0x7, 0x5, 0xae, 0x3fffc0, 0x3ff, 0x6, 0x1, 0x1, 0x100, [0x9, 0x40]}})
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100002b64791086050015972e0102030109022400010000000009040800020abf400009050b02000a0200"/54], 0x0)
close_range(r0, r1, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x20e40, 0x0)

7.739766755s ago: executing program 0 (id=2400):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x40}]}}}}}}}}, 0x0)

7.737282318s ago: executing program 4 (id=2401):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000008c0), r0)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000440)={0x73, &(0x7f0000000180)=ANY=[@ANYBLOB="200003000000596607"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2)
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0x1, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000100)=0x2)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[], 0x0, 0xffffffffffffffe7}, 0x28)
socket$inet_udp(0x2, 0x2, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r6, 0xc0045516, &(0x7f0000000000)=0xffb)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000200)={0x2005})

7.503595342s ago: executing program 1 (id=2403):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x1418, 0x1, 0x0, 0x20000000}, 0x10}, 0x1, 0x0, 0x0, 0x200480c5}, 0x40000)

7.477839925s ago: executing program 0 (id=2404):
landlock_create_ruleset(0x0, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0x24, 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r5, 0x4c00, r4)
ioctl$LOOP_SET_FD(r5, 0x4c00, r5)
dup2(r4, r1)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x33, 0x0, 0x0)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x28241, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r8 = syz_io_uring_setup(0x1e7f, &(0x7f0000000540)={0x0, 0xac24, 0x10000, 0x2, 0x362}, &(0x7f0000000340), &(0x7f0000000000))
io_uring_enter(r8, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
write$dsp(r7, 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
timer_create(0x1, &(0x7f00000004c0)={0x0, 0x30, 0x1}, &(0x7f0000000500))

6.721674054s ago: executing program 1 (id=2405):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000a20000/0x2000)=nil)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000400)={0x2c, r4, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NL80211_CMD_START_AP(r2, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x4008800)
connect$qrtr(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000300)={'geneve0\x00', &(0x7f0000000500)=@ethtool_cmd={0xb, 0x80000001, 0x8, 0x5, 0xe, 0xff, 0x9, 0x7, 0x5, 0xae, 0x3fffc0, 0x3ff, 0x6, 0x1, 0x1, 0x100, [0x9, 0x40]}})

6.495825714s ago: executing program 0 (id=2407):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000a20000/0x2000)=nil)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000400)={0x2c, r4, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x88, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_WPA_VERSIONS={0x8}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0xfac10, 0xfac0c, 0xfac13]}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x2}, @NL80211_ATTR_AKM_SUITES={0x8, 0x4c, [0xfac0d]}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_PMK={0x20, 0xfe, "ed20ac248da78fc416bca9c5c74159e745340b25a994adfe34610ad5"}], @NL80211_ATTR_TWT_RESPONDER={0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x4}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x4008800)
connect$qrtr(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000300)={'geneve0\x00', &(0x7f0000000500)=@ethtool_cmd={0xb, 0x80000001, 0x8, 0x5, 0xe, 0xff, 0x9, 0x7, 0x5, 0xae, 0x3fffc0, 0x3ff, 0x6, 0x1, 0x1, 0x100, [0x9, 0x40]}})

6.278148563s ago: executing program 2 (id=2408):
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/comedi4\x00', 0xa0040, 0x0)
ioctl$COMEDI_CHANINFO(r0, 0x80306403, &(0x7f00000331c0)={0x1, 0x0, 0x0, &(0x7f0000017200)}) (async)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$IP_VS_SO_SET_EDIT(r2, 0x0, 0x483, &(0x7f0000000080)={0x3c, @local, 0x4e20, 0x2, 'none\x00', 0x4, 0x9, 0x24}, 0x2c) (async, rerun: 64)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x2000000, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8) (rerun: 64)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000100)) (async, rerun: 32)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (rerun: 32)
socket$inet6_tcp(0xa, 0x1, 0x0)

6.075479748s ago: executing program 0 (id=2409):
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r0 = socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008081}, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
syz_open_procfs$namespace(0x0, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, 0x0}, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000580)=ANY=[], 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
pipe(&(0x7f00000000c0))
r5 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r5, &(0x7f0000000040), 0x10)
listen(r5, 0x0)
r6 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080), 0x10)
sendmmsg(r6, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)='_', 0x1}], 0x1}}], 0x1, 0x24000014)
r7 = accept4$unix(r5, 0x0, 0x0, 0x0)
recvfrom$unix(r7, &(0x7f0000000140)=""/246, 0xf6, 0x42, 0x0, 0x0)

5.696847374s ago: executing program 1 (id=2410):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)=r6}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000440)={@random="871000bb00", @multicast, @val={@void, {0x8100, 0x0, 0x1, 0x4}}, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x2, 0x7, 0x24, 0x65, 0x0, 0x9, 0x21, 0x0, @broadcast, @local}, {{0x4e22, 0x4e20, 0x4, 0x1, 0xb, 0x0, 0x0, 0x6, 0x1, "196b36", 0x2, "3571a4"}}}}}}, 0x0)

5.565615378s ago: executing program 2 (id=2411):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r1=>0x0})
sendmsg(r0, &(0x7f00000004c0)={&(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e20, @loopback}, 0x0, 0x4, 0x4, 0x3}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000040)="2cb9def7b5024f76eefdbb855deed1da3cca24cc10e82adca3e662f25b220d72399e", 0x22}, {&(0x7f0000000140)="85c1c1758be4ac0426fdba92a51c8d4ac4872f08ee17f507f8ce4024fffab56e842fd16cbe4b85fa6aa882a71430f781ccfbab2904e58897c8afe2655dba8836278fe3ac6ebb299f48504db38dacc637583425a4c84b20c2d926edf022260bca105126910a552c160ac4eacf384ba9cdcfb2fd4bc10aa3bf5b260364d0aa5ab41861600b57a8ea8a2a64c19a43ae7b721da51084c94811507bc2567db2bd980868d553ffd62bb84ecc16285f0e6585f44466a9ae58e4d5ebfbe0bdf4cf94366e995d4e73a7f2d8bcd9efe0e3c2b06d4e2b11", 0xd2}, {&(0x7f0000000280)="1ec936fc8ae9e87229ac46c05537fa9a0189a6acbcbee60b784e0279a090c238fc87e53d4df5ff04bbb968f17536000934d2693271c2ac0ac716aecb60d2a881fc8cd8693c0d9e803fafeb060f13b5aeb3e2b75cdcf506550088c680083d8bdc6b1172855ab37dc63e6d206c9e5f7cc436a223ba15cd044d6d9967d5d22aee4ee09f17", 0x83}, {&(0x7f0000000340)="6a2ff7be54641d991d26281372108f7048e1b7d215fc14b1c1c15643ec6cd75fe9f55ffec931956889ebc0d08183978b36f018e0c518e251b2c1a01fe8c723311a0ce01bcad2870f0523ca9dc6609f76c4fbdc497c7be1aa195c1ab2c26fc36cf65f24c98c2668b4122df8c657536011ad91d9c7a28e9aeb05f10bfcc148d2c74a897fd537e55b9f8fe957b95ee3a59baf525ce8ff3f130d30fc714cd9ef74f4e1a24bc77a700856bbb1eb59b84cbd72acba7e2ea449d652e1d08da779f17acf727413873605ba1fd70834ebcb33e4595b0dfbfa492db6266b7d3142b52d7e08aee44cb58b16f6f73a4762c9004360967ea1924e564b494145deb692c4312d", 0xff}], 0x4, &(0x7f0000000700)=[{0x28, 0x102, 0x2, "80c8a487bd4282dc932688351b2f0b4151b46f42"}, {0x60, 0x103, 0x8, "ae94ef7f731aece0cac4ddbe6d6f7358983165fde8f0784e0854fc8fc06eeb3f683915d7bfc7d21873fef82bd850448c77ed4e8f99eb07a75acea273b46f8831bd865992a54109f2993e23b4761dd1b7"}, {0x18, 0x113, 0x6, "eea642"}, {0x108, 0x84, 0x100, "dcf6df69d7fba734203a234e6dea6551d59312e35cb4c018f018d3034627400ce11ab7ae9f86d6549909b24140f1ecc801984af9d4a94a8169d25d9223e162b2487355a3f6d16be8561ccccb85ba42bb9e64b0c16d07d8ef71eb641326334e2f2ba6b93036ce47064d385f9a395bfb40cb814a4a79b11fc436f3d95932fbec0a7ffc3fc9b25fd34e01221f49e436a84891ef48d43b18d38be836570970cb5da65f82585edb1eb9d609476c46b2880c4d68245983a3119612adfe694b5589e024da7eeadda00d03059e388006b685277c919816520063b79d075e967151be1da36e7f63350ab3749d95e64388043fd2242ea7ad"}, {0xc8, 0xff, 0x3, "a6c255a168e2cec45d4a572379eb14cfc47aecfb033375c108d496fe1f2bb667e0327fad6efe0e762fdb5d0f332710b36674962de4a766dd2ab4abb7441b08937b62ec9d3b05d16b9254301ce711f918470de8023efaaf304e8df2cc1e276db982ceab95ac33b9e1c76366cd075feeaebf3782626a1b908793c4bfe51a18680044161e631bd8212b113f05664d6db932f2c59fd347fe9e2a07325b7e2c45de7fd5feb85ac6067ecd000af0e43c56265774"}, {0xb0, 0x10d, 0x1, "c50ed900de5896a969383a35d6c83ffc6a4f8895a90abb2335bdd986d2178566dd07c3f8070310b8204b6d2f6ff8eebcced90877156270f0ef707c5b61098c155a5e75e5099701ed151c128f8584a0b8f17c2e494106a251150f532136fd732116ea4c0387cdbca6c54c47c0edae566330e926d2103682a5341cf72fccfd896e03503c1aa9f28a280d4ab55f895b80798d1030a8e89669092e4c179bf8919b"}], 0x320}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x98a, 0xcd, &(0x7f0000000000))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
clock_settime(0xe, 0x0)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000d00"/20, @ANYRES32=r1, @ANYBLOB="00300000c048000024001280110001006272696467655f736c617665000000000c000580050027"], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

5.408557282s ago: executing program 0 (id=2412):
syz_usb_connect(0x5, 0x24, &(0x7f0000001280)=ANY=[@ANYBLOB="12010003001f66088f051066054802000301090212000104957081"], &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0})
syz_open_dev$I2C(0x0, 0xfffffffffffffffd, 0x80402)
writev(0xffffffffffffffff, &(0x7f00000026c0), 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'dummy0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/4\x00')
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/mdstat\x00', 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
writev(r4, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$cgroup_pid(r5, &(0x7f0000000000), 0xffffff98)
splice(r3, 0x0, r5, 0x0, 0x80, 0x6)
read$FUSE(r2, &(0x7f0000000180)={0x2020}, 0x2024)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000002480)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x8811}, 0x20004040)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0xfffffffffffffe70, 0x0}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r6, 0x0, 0x8000)
bpf$MAP_CREATE(0x0, &(0x7f0000002540)=ANY=[@ANYBLOB="0500000004000000040000000500000000000000", @ANYRES32, @ANYBLOB="fdffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000040f3ed83660f538867e112ccc100000000000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC], 0x0, 0x2, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x3, &(0x7f00000021c0)=ANY=[@ANYBLOB="18020000000000000000000000000000950000000000000041a4f11b180c1ef9bbd2d5aed3e51a041c48c00fd66168c108841f4d623ca1e5d120575405e28c56f961dd707c493e35147ba4b01dbd9d11c9377b84cc2dea8dffb4ef1028081c8b23d564d2bc125e6ddce67c17cfcce713482dc67b9bfa0967f717e32fac51163f93a5dfef6674fd17821e3b8cdaf4871180156ecbde8fa588c08b353313f2a5f3c2c2f97a0e9683982dd514d9e8c2baf27777b29b3017ef63c9d99a71273810a708"], 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r8, 0x0, 0xfffffffffffffffd}, 0x18)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000200))
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000022c0)={&(0x7f0000000100)=[<r9=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f0000000340)=[r9], &(0x7f0000000280), &(0x7f0000000200), &(0x7f00000002c0), 0x0, 0x7f})

5.269774178s ago: executing program 1 (id=2413):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x4, 0x2003, 0xc, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000800)=ANY=[@ANYBLOB="84010000", @ANYRES16=r2, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000000000080009000000000008000a"], 0x184}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000000600))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$kcm(0x10, 0x100000000002, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x38, 0xe, &(0x7f0000000980)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x40000000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffb9, 0x10, &(0x7f0000000340)={0x2, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000040)=r6, 0x4)
sendmsg$kcm(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0180000000171300883795c04a31ba377a1b2cc32b38d3740000ffffffffff", 0x36}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000140)={0x0, 0xffffffff}, 0x8)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0xffe4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x2000003}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x2, 0x1fc, &(0x7f0000000780)=ANY=[@ANYBLOB="12015002b8005108101407a0683e010203010902ea01030e00300309040309027f54cc00090502040004040403800109661bede31b6d40ffd5a6457d3483a7c64a2cf09c6b30e3afe9caf13ed9a2924ed053d2b4b24aedb4035d4212c8a5f7df3b67916187c245f81035efe9b53a8d79988d4b00a8aa5926f8b9103fd0e543cebd14ca5d0825146c7ff12ef0b8fe612538542d6f5c9fdc7894374795b8ccb6bdb303b42aa86746d3370ad7a31c090504104000050209072501830200040725018101070009045b060c317135060905051008000600d30725018002000009050610200080ff0407250101060200090500100004090401090504104000ab0005090505022000060d0d48007672bf7524ef90e0a086de3562bf356642bc0201de8fa807c3b757b1c182c0f4c59af7c59293e1bc41956912be0eafd96bdf03aa6117bc3e50fbee59a6e5dfc7206516e091fce94c0c778a134b5368d1af31d240535b0725018002010009050b08000401a9050725010332f60b0725010206ac15090502140000c7070e0905010400020805800905051000020802ae07250103fbff0009050010400008000309050c040002030d07410f8c1ea652c620acd24cbf2bfeb921dfc3f2c147f7c05a53e4f7db6742a64c76fe8d2f319387c80165b1ad6b9054e93ae7385d785e1c040f2c4e5c2388ef8791090509002000010802"], 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'ip_vti0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRESDEC=r0, @ANYBLOB="00000000000000001c001a800800028008000200080000003e127a510800020010"], 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa0}}, 0x0)
socket(0x10, 0x3, 0x0)

4.295951726s ago: executing program 6 (id=2414):
openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r2, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f0000000380)={0x36000000, @reserved})
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESDEC=0x0, @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f000000c3c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f00000000c0)={0x50, 0x0, r3, {0x7, 0x1f, 0x9, 0x7ab78c4493c52f9b, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa5e}}, 0x50)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1301, 0x9f)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000001500010300000000000000000c00000008000400"], 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)

4.024069675s ago: executing program 6 (id=2415):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)={0x38, r1, 0x1, 0x4070bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x20}, @ETHTOOL_A_BITSET_VALUE={0x8, 0x4, "d8dfd91b"}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4807}, 0x8080)
futex(&(0x7f000000cffc)=0x1, 0x6, 0xffffffff, 0x0, 0x0, 0x0) (async)
futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000000), 0xfffffffc)

3.952528099s ago: executing program 6 (id=2416):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
dup(r0)
creat(0x0, 0x1e0)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0xc044)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newtaction={0x14, 0x30, 0xffff}, 0x14}}, 0x0)
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000080)={0xf0f041})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4010, r2, 0xb3706000)
write$selinux_load(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e7578a519f6126ea021a19fcdafc83bb7cc4c8bc74a5ec2b0d07a2123b1ff06f041f2170a55b4d04eb3c4c94cca1ae1060238c6ebf2a30907960600000000"], 0x4c)

3.828052015s ago: executing program 2 (id=2417):
landlock_create_ruleset(0x0, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0x24, 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r5, 0x4c00, r4)
ioctl$LOOP_SET_FD(r5, 0x4c00, r5)
dup2(r4, r1)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x33, 0x0, 0x0)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x28241, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r8 = syz_io_uring_setup(0x1e7f, &(0x7f0000000540)={0x0, 0xac24, 0x10000, 0x2, 0x362}, &(0x7f0000000340), &(0x7f0000000000))
io_uring_enter(r8, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
write$dsp(r7, 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
timer_create(0x1, &(0x7f00000004c0)={0x0, 0x30, 0x1}, &(0x7f0000000500))

3.123460512s ago: executing program 4 (id=2418):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x22, &(0x7f0000000200)=ANY=[@ANYBLOB="bbbbd3bbbbbbaaaaaaaaaa2681002f00000c0400002001140000de17690000040000"], 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x0)
poll(&(0x7f00000001c0)=[{r2, 0x21}, {r2, 0x340}, {r2, 0x1094}], 0x3, 0xd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000080)={'team0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r6, @ANYBLOB='\t\b'], 0x60}, 0x1, 0x0, 0x0, 0x14000}, 0x40010)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000)
r7 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
r9 = dup3(r7, r8, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYRES16=r9, @ANYRESDEC=r1, @ANYRESOCT, @ANYRES16=r2, @ANYBLOB="4dc814031e34bb19b3f8cae8707c4a10d043726c1ae258759d40b5a2d7f8f10ca4f8e55d8d87ecf1d5318823ab88777828c1dbd6b11b68bbf268fcab", @ANYRESDEC=r1, @ANYRES16=r3, @ANYRES16=r10, @ANYRESHEX=r7, @ANYRES64=r5], 0xc8}}, 0x4c000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4000040)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)

3.049694377s ago: executing program 6 (id=2419):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd5000000000000100000008000100", @ANYRES32=r2, @ANYBLOB="44000280402e"], 0x60}, 0x1, 0xf000, 0x0, 0x4008000}, 0x4800)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x2000c010) (fail_nth: 4)

2.707986597s ago: executing program 6 (id=2420):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_rdma(0x10, 0x3, 0x14)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000a20000/0x2000)=nil)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000400)={0x2c, r4, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x88, 0x0, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_WPA_VERSIONS={0x8}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0xfac10, 0xfac0c, 0xfac13]}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x2}, @NL80211_ATTR_AKM_SUITES={0x8, 0x4c, [0xfac0d]}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_PMK={0x20, 0xfe, "ed20ac248da78fc416bca9c5c74159e745340b25a994adfe34610ad5"}], @NL80211_ATTR_TWT_RESPONDER={0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x4}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x4008800)
connect$qrtr(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000300)={'geneve0\x00', &(0x7f0000000500)=@ethtool_cmd={0xb, 0x80000001, 0x8, 0x5, 0xe, 0xff, 0x9, 0x7, 0x5, 0xae, 0x3fffc0, 0x3ff, 0x6, 0x1, 0x1, 0x100, [0x9, 0x40]}})

1.472935095s ago: executing program 6 (id=2421):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000001280)=ANY=[@ANYBLOB="12010003001f66088f051066054802000301090212000104957081"], &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000002640)=@ready={0x0, 0x0, 0x8, "1a222ccb", {0x1, 0x9, 0x3, 0x1}})
r1 = syz_open_dev$I2C(0x0, 0x1, 0x402)
writev(r1, &(0x7f00000026c0)=[{&(0x7f00000025c0)="8e792315b44d8570c46a17ea802f0fdf64ae3d98fa451032b13e076aabdc5a97cddbf5a1d1257e255d9fcb3635b7f7335f", 0x31}, {&(0x7f00000024c0)="03030e81eb109932daf57a3cd447c3224d1e7e7d7f2303a60eb3934e3af6533db4a8f08225d426fc5df95f23856ad37aa7fba5347c419bf82c841ce5dc31d935156e2c25113b955d033ba2f1ae532da529b0e86d7c04c8b27b27ff720f17cf52f5", 0x61}, {&(0x7f0000002540)}, {0x0}], 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'dummy0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/4\x00')
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/mdstat\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000000180)={0x2020}, 0x2024)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x810}, 0x20004000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r7, 0x0, 0x8000)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa1000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x3, &(0x7f0000000480)=@framed={{0x18, 0x2}}, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r9, 0x0, 0xfffffffffffffffd}, 0x18)
ioctl$KVM_CAP_EXIT_HYPERCALL(r5, 0x4068aea3, &(0x7f0000000200))
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001000ffff27bd7000fbb9df2500000006", @ANYRES32=0x0, @ANYBLOB="3d67040000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r3, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x5}, 0xc000802)

1.434495201s ago: executing program 1 (id=2422):
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r0 = socket(0x2a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000400)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000340)={0x14, &(0x7f0000000200)={0x20, 0x10, 0xae, {0xae, 0x2, "1527f31323ed452900e10c58c16f9cafaf385b1981c70ab32151976d68f93ba997fcb69c54fa5d9798398988ee8f25cdcb06f0b1d22ed2b82a74afac87276cf33cb87305df6be0ac0127195e0ffef15030bf6052beb596d7a36cc7c9a4609e4d8da169902ae49c9049a6ea04b2d43a36ee32a3c6e08bdef19f7bb7dc488fbdcff707a30301ae1d338eff9cc41fa0440e4084212370f3b0599e9badc6d8a7970fb688d2c7f73f918f4ad39e6a"}}, &(0x7f00000002c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x424}}}, &(0x7f00000010c0)={0x44, &(0x7f0000000e80)={0x40, 0x16}, 0x0, &(0x7f0000000f40)={0x0, 0x8, 0x1, 0x7f}, 0x0, 0x0, 0x0, &(0x7f0000001040)={0x20, 0x84, 0x2, "6cc5"}, &(0x7f0000001080)={0x20, 0x85, 0x3, "547e98"}})
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x15, &(0x7f0000000040)=0x3, 0x4)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
sendto(r4, &(0x7f0000000140)="050000007a19b90c9daaeca1b1ec5719af0abbb83b0514127c8b417386b5c7cc0f676b6dac18222d5bf3b8b98708a136ddca61719a13016d", 0x38, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r3, 0x40045010, &(0x7f0000000080)=0x8079)
write$dsp(r3, &(0x7f0000000040)="c7", 0x1)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000001140)=0x80)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x0, 0xfa, @scatter={0x4, 0x0, &(0x7f0000000a80)=[{0x0}, {&(0x7f00000006c0)=""/235, 0xeb}, {&(0x7f00000008c0)=""/132, 0x84}, {&(0x7f0000000980)=""/221, 0xdd}]}, 0x0, 0x0, 0x0, 0x0, 0x800001, 0x0})
r5 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r5, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)

1.315987435s ago: executing program 0 (id=2423):
syz_init_net_socket$ax25(0x3, 0x2, 0xc4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, r0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x61e1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000004c0)={0x1, @pix_mp={0x40, 0x0, 0x34324152, 0x0, 0xb, [{0x2}, {0x0, 0xffffffff}, {0x4}, {0x2}, {}, {}, {0x4efe, 0xfffffffe}], 0x0, 0x0, 0x8, 0x0, 0x6}})
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, &(0x7f00000001c0))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4048005)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000007380), 0x0, 0x0)

1.315598161s ago: executing program 2 (id=2424):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x537a}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000440)='net/if_inet6\x00')
pread64(r4, 0x0, 0x0, 0x3c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='io\x00')
r6 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$selinux_context(r6, 0x0, 0x0)
preadv(r5, &(0x7f0000000180)=[{&(0x7f0000000200)=""/163, 0xa3}], 0x1, 0x401, 0x6)
ioctl$SNAPSHOT_S2RAM(r5, 0x330b)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r7, <r8=>0xffffffffffffffff}, 0x4)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0x1d, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x100}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0xb6}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r9, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x208000, 0x0)

337.790307ms ago: executing program 2 (id=2425):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg(r0, &(0x7f0000005e00)=[{{0x0, 0x0, &(0x7f0000002480)=[{0x0}, {&(0x7f0000000100)="5a32d47b11c24def722247cf5277191c62ad2da1b778c59b01de2c08d03f3407af57e81d9b5b5c54d7ef428c8822289b03b00ec52c8a02e46a07c359c050a943", 0x40}, {&(0x7f0000000200)}], 0x3}}], 0x1, 0x48d4)

88.289551ms ago: executing program 2 (id=2426):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400006dc3fb8b8d0baefe0028000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000c40)=ANY=[@ANYBLOB="85000000ae00000025000000000000009500000000000000afcd48d649379071c33390e418ec470db2c6161dba392176dd296303406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c126ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a8f27e02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420b75b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d988c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438a58c5465113f668eb4484350048289d07dbef325d3221a7cb35f812f257941a9781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33320253af570f4ef9c0254afdd89ac3943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b74c516647652bfb6e93002494a5cd74e2a9a4734487062437da23e1efa6ef7674108aaa3ffac859c3577c2637bb3bdc69bc365b1f20dba96b8acca62f3f80045318de0facf2ed44b814e842c2a520159bb6c320cec0910c0b8bd3d547bdfba2e0bb24d117ed0388afd37affbad2f9c77c9c1314a16ffe64f5e3744a2fffd7039670f5706e589a4c38680a377f8c26e6e382067f690089f34b13ee0633a171c7918401acd4575f1443815854f775308c083ff4f4046cfca8bca48e6db6b211113c06797722230af92290231a0f02e247cf96876257dac9ff0b8f07ff5916a8ccd3f15b389d34520f074c6f006e0383280bf0b9765c995ef1e696a1da41d9372a1c9d85f1a83b6213b5fb236fbeda8fb90dee70ca3cfc0833741a0e9341ab4dee09669b832840fef5a2bbebd5957503656c445a428efc5711d1c66093b360c63e63e91cb871f8dc43a915ec87be492daec18847de7032d5c97d0296a1fa97d17f8546290c1a325221f36f8d749d4a9aa1883a41d92228c93b60fe677f4f9d51fadbba6dd46222fd11f678d7e9a307024806cc28cba904f8d12870b4528b8d75fd29adacf0a52cdfaf4e43f00e532cfc15f394db7d521339aa980f81bd78a82d84dba575391bee41c95daf3b576feed54d448d36ad0000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x1, 0x21, 0x0, 0x8000, {{0x5, 0x4, 0x0, 0x3e, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}})
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r0}, 0x4)

0s ago: executing program 4 (id=2427):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = open_tree(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x1801)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f00000002c0)={0x0, 0x3d, "04c59714215706df75c6b2d99d95fae5e61fe93ceec945df3f45c796cc0577418d34b06c821b662136ed9e5f464961b4898c0a33c2a42640d4e3f318fc"}, &(0x7f0000000600)=0x45)
recvmmsg(r1, &(0x7f0000000b80)=[{{0x0, 0xffffffffffffff6c, 0x0, 0x0, 0x0, 0x52}, 0xa}], 0x360, 0x120, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001000)=ANY=[@ANYBLOB="14000000100001000000000000000000c30000000a28000000000a0101000000005e1affd5020000000900010073797a3000000000089cdfa853abde3d90000000030a01030000e6ff00000000020000000000010073797a30000000000900030073797a3200000000140000001100457c8ad1f2d687cb82e63fd4c5268dc4729fb424e8356fc9"], 0x7c}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a3525c373b8be3e8d2672540e4fff5fe79b18763b68b5c8cde0045f31e73285632c09da90f5451b7f64f1faee49a0d8fa57fb52ecde3cb94c60c97e8a9a4b9e8b8a625ef77381a7fed894b680d2bf18225baa8ac2279e4966b3bc0adb5332c5ecbc6c3da241c9215cfc3c563c3bc0291d5f45f8d56d583cff127e3373ade7df08cc06d94780975eeaf693ffb533a47e615651192042ea01b4f8ef2332d798ff7da5ad85ffcb7bf1c66705a1d0c2dded41131fbd3372527cd58da0761821c610c916e7126d0d9f38da2ea2df4048a4c222ffe5949556b16efbc4c824fda8e92f0647858a31f0cebc12f0a4e88ae8d5d6689e499301a23a6d4452da35cb0e51b1b9dd6be08b7e3430b77a1143db66bd7b77995b08262510df7aa578cb52ccae69b26f74ea7a2f5d38e0e49412165b94b6da07a4e82c25dea5ad36d9517e9b7152d01c9fbed0ff5dcd8a1ffbef5a2bddee07d7369e517b0d42d3815015334fe2e9e81c4c9b4e6215b236030bc9c4b806fa70175d7ce4268448e3599265549b96df63550df8bbc692c84ac97293998f3351766e93112904c8a80a5045d57e827b561127040a09b3025320a51965ce5c4ff115fa8ce879045cb290abe97641435585c7bb98be38985ea23e58d2ad96499a5f0842eee3c7a263ca47809ce99ef11208b7260ea0a3848634c82a47405e9075ea05098752817d682ae52df079d32116ee458586118ca243767cf986b3e89d6470df859f910256a723062a88441e992d2a9b9fa1dadaeac1c630dc17497404323653cb9a5355f88b6aa6fe714f0723b6938d7ebcac44fe717f0084bc34e5f86980520bad4e6ae4b173f1e4325f9c547828232c9aaa560fb99b6946d65f6532afca8501938703042be2933b633db1f63e692679f1ee71294204acd45480aff57491375fa7f9d7f880de291348fd2ee42dbfdbd8cc8b84aaacc6809e06c5a73e9a9db1bbb2c731a8fd6807ddb0f5b900213bae81372e2a4325b9aecc0125b2016c72e40db36d2c91d55eb5bc8c455b7e29a32c0f1b36645e004dc0db7f521c436f735e09402fe38d853a2db74d7a18f68ff28fb38e861efd6f2f92ebcfc13bb10e57026443ba84df1e18041d6f9fd4aead2e87c6980d9fa28e8251a809c88dc25b4f29813436318b59bc8bf80115f15e33387ed955cc4423b49d5a4ae6fb37ddfa1e31d712bd4e7f6cb5d2dbba874337aa235dbeeb38cd9f1469ee02270dc55acfefc27f35c0d067ef3341e111282c139c623af9eb0eb7613c0cc7284e7a9945ad1870cb621e1350cfef3a8526d21b214745aed61d78f834c60afe2403a3280bd2349612761d0692ed8048d1b33a158a2882bafd56012a465a336c12a675adbffa91530cfe1b55ae8b0813403256c148e0d0c7f1056f34be5a1f28275025d48fcf9f12bf21453b2c060a9d05b0fed49799809b631349e2e5e1a6e0461d1cd667e8a4ec1b9b088b7bb0ffda7b6110049036d6139a227c53e3825d71d6cb06e96f0eb67076aa5faf026cd603ee91a7ba9fcb13763721d7bbb7c021e7d2395fa566483942052bd74aac4e9acb4bc3ba1d4ecc3fa4b8e99f5f91f6e9ae598ea225a7a889a8fd50ed8e75c21a93764745a7f2846b8f63590fab912d1f10582a862d5e4af02dd44c410642cce20a3877559d4fd83b962d78a61c84cfcf74f6ba0ccb85a19a505b24875daaa7b7ee3083a0f7a034f66031bdcd2dbf2d56c61e30186dc555ad834d855a055529ee6ecf50586ceb29210b44fa704498b238dd68c1e14b36da172f6febdd67b49d833370247e0a024eab77de4aa5efe7f387a9a4cb573c6e344a3c4d2a45f1df4ee883913bd61cf7a39626244ac64cb0345fccdca1131171031be3c6084e0d2941371afd1c268512133ac68cac0ebdb0502db18340adea29132a1cb667056541f2edd8354d52563458d8ecd18c49d5b9dbe0859a0cff6c2ba5cfa4e8736e7e7eaafa061ef86351d3d52f50410aef8f1df813c29d3fd4080242adecc39a8b9b054eb818116d1ce46096c8c983a09164bbe0262df134af33986e0a12a9eac6268939a1ab2e7efd4376a8ff583b93f226711395b9163e49fbc790f67596f28d341cf36e37d7475c2b09278fa66f5b3cbb4161f017bc49e99d19039aed6d620dc01487ecbe043add02927b88ed4de8e3112ebf9ba837134d8adc36e4beeefc5037dc683b585cdee1e265f1ee47934f558c4c13bafb2a06e9951789f6a2243fa074d7b9489ffe32625cf141cb0ce9353c0c6849695f6a23f1b554b225f9e7d1e73bc4bbee326181144584aaae8e2f004aea46e8d334f65123b93fd945f487d917c485b8b65ce7aa1090a301b96ac664c65101db1bd1d224e1d25f8946a5faa0baf1fcf3fb015445f974d415b8e50e9b55435b26358b517112822d99d9cdf45aea3db255ab72f1ac51fd00d812c2fc484a581c72e8fa39d0a3a5ecff51fca9292267e98ca70b005be53b7f32205acfa59d1f623c03c6625d74ba76f95464f3b0617f87246c298e12e73876549ac765147f928fe3fce378100663a32ccbe312d5458db8e5aecc2bd70bedbfd397157bbc291065332e5988744ba63712753bcded54aab53b82894b8272d5be38943b9c948438271097b061e07e983709703af8c69df1aaeb7cda83e92df304002a03438dc0cf2e4b6492feb9be8379cee7fcb874f22a392e6b6470cc6d1b5dd500693e4d26c8f9e48492fdfabb8294bee57f721572ef9239f519eef9a9f4e59950d252095e6a4229a57e4202302388fe316f4d1300973549ff6bd8a3c747db0686aa5a3e30a41993db467ef0197da3cf7cfa356bc7c802177906f39d22777b1b4f930798b83f5ffc4f444ad564e87e2d1fe4f45a40a36e1b5515347f42d5513ec3d70584151d60ae515e5e3e467fa6816744b22c3a08cc318e2a6176547d0ca285067605fbb6a14e9fc40a74d2d27eb5492d0709f04603d36a05a0e4a055cdc7b9e5970aa9960ba6523fd234208cd95926029daa5498bf14ce9beb3fe31113bff7bd22dbd8ccb04593b3edd074092ae8be18ff94c59d376aa4c070e09b237568167a4b0d003e3df329966b5a6285a4547824a9dec2fd82428483c55f57adc35fcbcfb5af22da38fc98603cdfaffea70b9337a339442226305c06005747b4cd368c616f97fe467f087df5bcfc5d072120fa0d837103b65cd0efc2f08f81bc7e5c39435ffcbcc9a41ee94b2bd5708100c1c14a34c28ab5335bfea389444a38fe36132d7f4a9d9cc9a4a6a78646016f6f2a0cb832f0c2c8720c20430aaf3c4658b943648cfd84577ab42cc8fb051c407c5e9f2e2f996ce542485aa020f0b052059e0f18d3a5295383079acd63159f164f222bac96f98a30bb78d0e152b96d97e074208b171c3ce47cbcf747acf2a2873ddea30992686990b15e11bf8bf8be33ddc2fe3ad429a42ad065c32d35bc86d336eaa4e368a0b8b679c07c7419de2f21bd398f15b92d16e90e19f2e66343f88eb6349ac39553a0ccc6b5d61c4a69d3b3ffd10ed7c56408726e8ac25ac0bfdac182b53345d661c13775eb6deec22a17bbdd2189385baa39fc9be062ecbdac11157b64dcac58d1eb4f029a37d744d5c9551b51941353922dccded9da40a5b967513730a6604180e1d3e5c80f7f4a4e8edd75f5d466f66394dc5c4e529e33242ce016d4b479cf54c5876ff4bb1f651d7c975cccf1a7c7e8d9cce2918ca47684d92e7f258204731448986ed81dce4ca5eaf05512f93031ab16eadf0dd62e209839141847b8d2b7512508160be659be016faf2ac3e51a0e8e1f0bde51231c345dcb3ce926f00544c570a8fe3b6b6412d612549aefcf3bee1137c45dccff4ea9396a087ae33b2cbf0ec6d6fedcb5de2546540b4dadf2bd9f6d1f51125969c4ecbf73fd9bbee90e6b8a0240dd124b333a5ce34f29992f7f53d7a0ff2a9f81d84824afbc0f554532171ea8bb3e1f63274c1459d5744633925c7aac244b9bfb74b6f3d47060ae88374d97b553fc3adfda97ed6d3509c39115f740c760dc63becb7ba856affd700358d7f919f0ac4b10432eb5e0ab3c501713758b1d6aa6583fe7f5d59f7d591e172669519d0d27e03516e8c0bdd7659352024e11b0123c157fa4154e15591a61ca2c20f47489f6ff50e1de5cdf91cd5cac45cf3ca9a0bd42d3e25fda42ec0ec9f215b37b74615338f1430de5b0d1dbf83ec3ab6e19f3b09809cf79b1ed6176c59c66357842f23c2dad510816d14a7d9b6f5249fcf24393f62462d0c8ce92eaf0b7852509fed1b02419f4bdabf250c09af9be3710b4d3a6a03f81f0c12f193acd7d98200b8e1abfa7149ab677466df59e6bff602e08b6d53106c76b44a30f090e0ac9e6fd4772da22b745dd8aa7d3426f864d9c560a23ddbf95a09a72aef0ea3d096877b9773c4c495180f6926333d087a85e0211f6b4d10f38ceef3fca5c1019fc70e561db2004dd3084bcbe2bbbceed316ab8961e7ce60121dbcf5092f4070cf3948230e495da4c94caf3a32b8b4eefc7c18fb4d0d0d7499e83050b3cf56682d57b9995c31894786239ffdc729fb9ff70b9fd8c4856f3dfdd67c8e6142ff65dfcb2d7f40687ccce66557564a1427470f6cd124b6321ff125ccde9422ae992356d27a46f05094e7950e2634078f856d00bc6144414dd23d3404e5288e8db77b09f3e84a8b9b30e120551570215c9090a096ba957cfebe6bef5bdd42180c15131cb2b0d270506928a0f2c0ec050f0bdfbcbaa37064e59cc43e6a405518742922b7df2d89e96e73528f2d0fc7ec2d78a1abc5c3f17b9a2dbcd2299a5a64e738816bac07caacd35d4353784e248143fa244ac59ea918627bb0051e678912f8c6a57257f016de91ab6c5dcb9c93d859cb89822ebd44991c0f998170f73495229fb51479ebba8a57d1ce88ccc38e6b679457e964b07b6006971d45f570f9f", 0x0, 0xdb2})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = eventfd2(0x0, 0x80800)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x1, r8})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, 0x0, 0x0)

kernel console output (not intermixed with test programs):

e = MASTER, mcast_ifn = sit0, syncid = 0, id = 0
[  662.022002][   T24] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  662.373152][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  662.480273][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  662.504540][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  662.967244][   T24] usb 4-1: New USB device found, idVendor=a9cd, idProduct=cdee, bcdDevice= 5.b9
[  663.001730][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.053769][   T24] usb 4-1: config 0 descriptor??
[  663.109358][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  663.142349][   T24] usb 4-1: MIDIStreaming interface descriptor not found
[  663.440038][T13403] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  663.448088][   T30] audit: type=1400 audit(1754599934.621:1194): avc:  denied  { mounton } for  pid=13401 comm="syz.4.1889" path="/393/file0" dev="tmpfs" ino=2087 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  663.488944][T13403] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  663.514281][T13403] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  663.524030][T13403] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock
[  664.307536][   T24] usb 4-1: USB disconnect, device number 61
[  664.471744][ T5980] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  664.626218][ T5980] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  664.789685][T13423] block device autoloading is deprecated and will be removed.
[  665.050004][ T5980] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  665.059929][ T5980] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  665.068990][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.104155][T13412] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  665.119266][ T5980] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  665.401774][   T24] usb 3-1: USB disconnect, device number 51
[  666.801766][ T5923] usb 2-1: new full-speed USB device number 60 using dummy_hcd
[  666.822841][T13441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1900'.
[  667.005363][ T5923] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  667.033829][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.060908][ T5923] usb 2-1: Product: syz
[  667.070959][ T5923] usb 2-1: Manufacturer: syz
[  667.075742][ T5923] usb 2-1: SerialNumber: syz
[  667.182477][ T5923] usb 2-1: config 0 descriptor??
[  667.663989][ T5923] dm9601 2-1:0.0: probe with driver dm9601 failed with error -71
[  667.697148][ T5923] usb 2-1: USB disconnect, device number 60
[  667.751761][   T24] usb 4-1: new full-speed USB device number 62 using dummy_hcd
[  667.814861][   T30] audit: type=1400 audit(1754599939.001:1195): avc:  denied  { setopt } for  pid=13460 comm="syz.1.1907" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  668.006848][   T24] usb 4-1: config 0 has an invalid interface number: 120 but max is 0
[  668.706743][   T24] usb 4-1: config 0 has no interface number 0
[  668.736064][   T24] usb 4-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  668.834275][   T24] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  668.855458][   T24] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  668.864855][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.912974][   T24] usb 4-1: config 0 descriptor??
[  668.927680][T13446] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  668.978966][ T5980] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  668.996175][   T24] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.120/input/input20
[  669.137948][ T5980] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  669.160748][ T5980] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  669.255919][ T5980] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  669.296696][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  669.323211][ T5980] usb 2-1: SerialNumber: syz
[  669.587935][   T30] audit: type=1400 audit(1754599940.761:1196): avc:  denied  { map } for  pid=13460 comm="syz.1.1907" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  670.019543][ T5980] usb 2-1: 0:2 : does not exist
[  670.026701][ T5980] usb 2-1: unit 5: unexpected type 0x03
[  670.147728][ T5980] usb 2-1: USB disconnect, device number 61
[  670.200919][T13482] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  670.232026][   T30] audit: type=1400 audit(1754599941.411:1197): avc:  denied  { ioctl } for  pid=13481 comm="syz.0.1914" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x6405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  670.233616][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  670.407642][ T5930] usb 4-1: USB disconnect, device number 62
[  670.790492][T13504] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  670.811805][ T5930] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  670.838727][T13503] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1919'.
[  670.881175][T13503] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1919'.
[  670.911746][ T5980] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  671.044879][ T5930] usb 4-1: Using ep0 maxpacket: 32
[  671.063313][ T5930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  671.081847][ T5980] usb 2-1: Using ep0 maxpacket: 32
[  671.094415][ T5930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  671.095664][ T5980] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  671.124469][ T5980] usb 2-1: config 0 has no interface number 0
[  671.134567][ T5980] usb 2-1: config 0 interface 89 has no altsetting 0
[  671.134628][ T5930] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  671.158420][ T5980] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  671.170626][ T5980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.179541][ T5980] usb 2-1: Product: syz
[  671.187591][ T5980] usb 2-1: Manufacturer: syz
[  671.193371][ T5980] usb 2-1: SerialNumber: syz
[  671.216127][ T5980] usb 2-1: config 0 descriptor??
[  671.226436][ T5980] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  671.238476][ T5980] em28xx 2-1:0.89: Video interface 89 found: bulk
[  671.241136][ T5930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 79, changing to 10
[  671.305840][ T5930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 34258, setting to 1024
[  671.348072][ T5930] usb 4-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  671.371731][ T5930] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.396786][ T5930] usb 4-1: Product: syz
[  671.409291][ T5930] usb 4-1: Manufacturer: syz
[  671.427879][ T5930] usb 4-1: SerialNumber: syz
[  671.450778][ T5930] usb 4-1: config 0 descriptor??
[  671.476215][T13487] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  671.502718][ T5930] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input21
[  671.545673][ T5206] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  671.647366][ T5206] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  671.672423][ T5206] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  671.699567][ T5206] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  671.839120][T13497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  671.841194][ T5206] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  671.855781][T13497] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  671.882799][   T30] audit: type=1400 audit(1754599943.071:1198): avc:  denied  { bind } for  pid=13512 comm="syz.0.1924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  671.910692][ T5980] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[  671.922193][ T6235] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  671.961110][ T5206] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  671.995988][ T5206] xpad 4-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  672.738799][   T30] audit: type=1400 audit(1754599943.921:1199): avc:  denied  { bind } for  pid=13519 comm="syz.0.1926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  673.313012][ T5909] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  673.473826][ T5909] usb 3-1: Using ep0 maxpacket: 16
[  673.483273][ T5909] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  673.491975][ T5909] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  673.548290][ T5909] usb 3-1: config 0 has no interface number 0
[  673.556525][ T5930] usb 4-1: USB disconnect, device number 63
[  673.596553][ T5909] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0xB has invalid maxpacket 2560, setting to 1024
[  673.677752][ T5909] usb 3-1: config 0 interface 8 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  673.746445][ T5909] usb 3-1: config 0 interface 8 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  673.778060][ T5909] usb 3-1: New USB device found, idVendor=0586, idProduct=1500, bcdDevice=2e.97
[  673.787728][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.795856][ T5909] usb 3-1: Product: syz
[  673.831155][ T5909] usb 3-1: Manufacturer: syz
[  673.858386][ T5909] usb 3-1: SerialNumber: syz
[  673.901813][ T5980] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  673.920059][ T5980] em28xx 2-1:0.89: board has no eeprom
[  673.945867][ T5909] usb 3-1: config 0 descriptor??
[  673.973638][ T5909] omninet 3-1:0.8: required endpoints missing
[  673.991837][ T5980] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[  674.006865][ T5980] em28xx 2-1:0.89: analog set to bulk mode.
[  674.019383][ T5909] em28xx 2-1:0.89: Registering V4L2 extension
[  674.021741][ T5930] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  674.146821][ T5909] em28xx 2-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  674.165900][   T30] audit: type=1400 audit(1754599945.351:1200): avc:  denied  { setopt } for  pid=13550 comm="syz.4.1934" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  674.166606][ T5909] em28xx 2-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  674.204393][ T5980] usb 3-1: USB disconnect, device number 52
[  674.223338][ T5930] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  674.238835][ T5909] em28xx 2-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  674.243234][ T5930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.247809][ T5909] em28xx 2-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  674.277117][ T5909] em28xx 2-1:0.89: Config register raw data: 0xfffffffb
[  674.286013][ T5909] em28xx 2-1:0.89: AC97 chip type couldn't be determined
[  674.287846][ T5930] usb 4-1: config 0 descriptor??
[  674.303693][ T5909] em28xx 2-1:0.89: No AC97 audio processor
[  674.308082][ T5930] cp210x 4-1:0.0: cp210x converter detected
[  674.328167][ T5909] usb 2-1: Decoder not found
[  674.337717][ T5909] em28xx 2-1:0.89: failed to create media graph
[  674.345377][ T5909] em28xx 2-1:0.89: V4L2 device video103 deregistered
[  674.356827][ T5909] em28xx 2-1:0.89: Registering snapshot button...
[  674.408818][ T5909] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input22
[  674.425450][ T5909] em28xx 2-1:0.89: Remote control support is not available for this card.
[  674.534053][   T30] audit: type=1400 audit(1754599945.711:1201): avc:  denied  { bind } for  pid=13554 comm="syz.0.1935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  674.555398][T13556] random: crng reseeded on system resumption
[  674.867594][T13557] netlink: 'syz.0.1935': attribute type 2 has an invalid length.
[  674.875369][T13557] netlink: 'syz.0.1935': attribute type 8 has an invalid length.
[  674.883096][T13557] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1935'.
[  675.339899][   T30] audit: type=1400 audit(1754599945.741:1202): avc:  denied  { append } for  pid=13554 comm="syz.0.1935" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  675.363153][    C0] vkms_vblank_simulate: vblank timer overrun
[  675.374088][   T24] usb 2-1: USB disconnect, device number 62
[  675.400842][   T24] em28xx 2-1:0.89: Disconnecting em28xx
[  675.420591][   T24] em28xx 2-1:0.89: Closing input extension
[  675.511785][   T24] em28xx 2-1:0.89: Deregistering snapshot button
[  675.546158][T13546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.550131][   T24] em28xx 2-1:0.89: Freeing device
[  675.639882][T13546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  675.789039][T13571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.803936][T13571] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.104820][ T5930] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -71
[  676.112759][ T5930] cp210x 4-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  676.120225][ T5930] cp210x 4-1:0.0: GPIO initialisation failed: -71
[  676.130497][T13573] vlan0: entered allmulticast mode
[  676.179558][T13573] bond0: entered allmulticast mode
[  676.192711][T13573] bond_slave_0: entered allmulticast mode
[  676.212449][ T5930] usb 4-1: cp210x converter now attached to ttyUSB0
[  676.221832][T13573] bond_slave_1: entered allmulticast mode
[  676.233263][ T5930] usb 4-1: USB disconnect, device number 64
[  676.253934][ T5930] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  676.282840][ T5930] cp210x 4-1:0.0: device disconnected
[  677.045236][T13589] SELinux:  Context /sbin/dhclient is not valid (left unmapped).
[  677.055499][   T30] audit: type=1400 audit(1754599948.241:1203): avc:  denied  { relabelto } for  pid=13588 comm="syz.0.1947" name="file0" dev="tmpfs" ino=1988 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="/sbin/dhclient"
[  677.080858][    C0] vkms_vblank_simulate: vblank timer overrun
[  677.113443][   T30] audit: type=1400 audit(1754599948.271:1204): avc:  denied  { associate } for  pid=13588 comm="syz.0.1947" name="file0" dev="tmpfs" ino=1988 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="/sbin/dhclient"
[  677.339051][ T5909] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  677.671721][ T5909] usb 3-1: Using ep0 maxpacket: 16
[  677.684693][ T5909] usb 3-1: config 6 has an invalid interface number: 96 but max is 0
[  677.694550][ T5909] usb 3-1: config 6 has no interface number 0
[  677.702289][ T5909] usb 3-1: config 6 interface 96 altsetting 8 endpoint 0x9 has invalid maxpacket 512, setting to 64
[  677.714409][ T5909] usb 3-1: config 6 interface 96 has no altsetting 0
[  677.735252][ T5909] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0011, bcdDevice=28.83
[  677.748745][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.758875][ T5909] usb 3-1: Product: syz
[  677.763574][ T5909] usb 3-1: Manufacturer: syz
[  677.768611][ T5909] usb 3-1: SerialNumber: syz
[  677.775350][T13605] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1952'.
[  677.784331][T13605] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1952'.
[  677.852597][   T24] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  677.908044][ T5930] usb 4-1: new full-speed USB device number 65 using dummy_hcd
[  678.011802][   T24] usb 2-1: Using ep0 maxpacket: 16
[  678.088748][T13612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1946'.
[  678.288738][   T24] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  678.302119][ T5930] usb 4-1: unable to get BOS descriptor or descriptor too short
[  678.345537][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  678.356776][ T5909] kvaser_usb 3-1:6.96: error -ENODEV: Cannot get usb endpoint(s)
[  678.366409][ T5930] usb 4-1: not running at top speed; connect to a high speed hub
[  678.381122][   T24] usb 2-1: config 0 has no interface number 0
[  678.381538][ T5930] usb 4-1: config 3 has an invalid interface number: 106 but max is 0
[  678.397539][ T5909] usb 3-1: USB disconnect, device number 53
[  678.403870][   T24] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0xB has invalid maxpacket 2560, setting to 1024
[  678.429772][ T5930] usb 4-1: config 3 has no interface number 0
[  678.440632][   T24] usb 2-1: config 0 interface 8 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  678.454453][ T5930] usb 4-1: config 3 interface 106 altsetting 10 endpoint 0xD has invalid maxpacket 512, setting to 64
[  678.468031][   T24] usb 2-1: config 0 interface 8 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  678.494320][ T5930] usb 4-1: config 3 interface 106 has no altsetting 0
[  678.513754][ T5930] usb 4-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a
[  678.524791][ T5930] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.538052][ T5930] usb 4-1: Product: Н
[  678.546111][ T5930] usb 4-1: Manufacturer: 㐁
[  678.550939][   T24] usb 2-1: New USB device found, idVendor=0586, idProduct=1500, bcdDevice=2e.97
[  678.562267][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.570531][   T24] usb 2-1: Product: syz
[  678.577532][ T5930] usb 4-1: SerialNumber: ъ
[  678.583108][   T24] usb 2-1: Manufacturer: syz
[  678.610481][   T24] usb 2-1: SerialNumber: syz
[  678.619719][T13600] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  678.648687][   T24] usb 2-1: config 0 descriptor??
[  678.665868][   T24] omninet 2-1:0.8: required endpoints missing
[  678.812640][T13619] syz.0.1956: attempt to access beyond end of device
[  678.812640][T13619] nbd0: rw=4096, sector=0, nr_sectors = 2 limit=0
[  678.827259][T13619] XFS (nbd0): SB validate failed with error -5.
[  678.980805][T13627] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1955'.
[  679.518200][ T5930] kobil_sct 4-1:3.106: KOBIL USB smart card terminal converter detected
[  679.549809][ T5930] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  679.578859][ T5930] usb 4-1: USB disconnect, device number 65
[  679.601019][ T5930] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  679.624418][ T5930] kobil_sct 4-1:3.106: device disconnected
[  679.637098][ T5909] usb 2-1: USB disconnect, device number 63
[  679.813216][ T5980] libceph: connect (1)[c::]:6789 error -22
[  679.819593][ T5980] libceph: mon0 (1)[c::]:6789 connect error
[  679.834814][T13637] ceph: No mds server is up or the cluster is laggy
[  679.843594][ T5980] libceph: connect (1)[c::]:6789 error -22
[  679.851961][ T5980] libceph: mon0 (1)[c::]:6789 connect error
[  679.907875][T13645] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  680.325579][T13649] ipvlan2: entered promiscuous mode
[  680.572770][ T5930] usb 4-1: new low-speed USB device number 66 using dummy_hcd
[  680.753334][ T5930] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  680.766542][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  680.777626][ T5930] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  680.790614][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  680.803300][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  680.817435][ T5930] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  680.825692][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  680.836976][ T5930] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  680.849322][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  680.860971][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  680.872271][   T24] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  680.885779][ T5930] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  680.905167][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  680.916163][ T5930] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  680.928519][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  681.045139][ T5923] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  681.053134][ T5930] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  681.067914][ T5930] usb 4-1: string descriptor 0 read error: -22
[  681.074897][ T5930] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  681.084014][ T5930] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.612312][   T24] usb 2-1: Using ep0 maxpacket: 8
[  681.632233][   T24] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  681.646970][ T5930] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  681.657134][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.676262][   T24] usb 2-1: Product: syz
[  681.680785][   T24] usb 2-1: Manufacturer: syz
[  681.685545][ T5923] usb 3-1: Using ep0 maxpacket: 32
[  681.691051][   T24] usb 2-1: SerialNumber: syz
[  681.697302][ T5923] usb 3-1: config 32 has an invalid interface number: 40 but max is 0
[  681.706315][ T5923] usb 3-1: config 32 has no interface number 0
[  681.720804][ T5923] usb 3-1: config 32 interface 40 has no altsetting 0
[  681.741180][   T24] usb 2-1: config 0 descriptor??
[  681.750111][ T5923] usb 3-1: New USB device found, idVendor=050d, idProduct=1203, bcdDevice=60.3f
[  681.762023][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.842965][T10400] Bluetooth: hci4: command 0x0406 tx timeout
[  681.847439][ T5923] usb 3-1: Product: syz
[  681.874177][ T5923] usb 3-1: Manufacturer: syz
[  681.880066][ T5923] usb 3-1: SerialNumber: syz
[  681.920521][ T5923] belkin_sa 3-1:32.40: Belkin / Peracom / GoHubs USB Serial Adapter converter detected
[  681.931122][T13666] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1965'.
[  681.940310][T13666] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1965'.
[  681.953209][   T24] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  681.980705][ T5923] usb 3-1: bcdDevice: 603f, bfc: 0
[  681.993470][ T5923] usb 3-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0
[  682.150154][T13658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.160527][T13658] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.178310][ T5980] usb 3-1: USB disconnect, device number 54
[  682.188731][ T5980] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0
[  682.203668][ T5980] belkin_sa 3-1:32.40: device disconnected
[  682.690360][T13677] openvswitch: netlink: Flow key attr not present in new flow.
[  683.309979][ T5975] usb 4-1: USB disconnect, device number 66
[  683.750910][   T24] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  683.783051][   T24] usb 2-1: USB disconnect, device number 64
[  684.578609][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  684.675014][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  684.876390][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.016465][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.078626][T13715] netlink: 356 bytes leftover after parsing attributes in process `syz.4.1982'.
[  685.289528][T10400] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  685.299129][T10400] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  685.307366][T10400] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  685.315371][T10400] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  685.323007][T10400] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  685.350468][   T30] audit: type=1400 audit(1754599956.521:1205): avc:  denied  { mounton } for  pid=13724 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  685.383947][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  685.395418][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  686.017482][T13724] lo speed is unknown, defaulting to 1000
[  686.085662][   T13] bridge_slave_1: left allmulticast mode
[  686.101781][   T13] bridge_slave_1: left promiscuous mode
[  686.110107][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  686.128937][   T13] bridge_slave_0: left allmulticast mode
[  686.152788][   T13] bridge_slave_0: left promiscuous mode
[  686.162745][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  686.429259][T13742] FAULT_INJECTION: forcing a failure.
[  686.429259][T13742] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  686.450767][T13742] CPU: 0 UID: 0 PID: 13742 Comm: syz.2.1989 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  686.450794][T13742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  686.450804][T13742] Call Trace:
[  686.450810][T13742]  <TASK>
[  686.450816][T13742]  dump_stack_lvl+0x16c/0x1f0
[  686.450838][T13742]  should_fail_ex+0x512/0x640
[  686.450851][T13742]  _copy_from_user+0x2e/0xd0
[  686.450864][T13742]  generic_map_update_batch+0x380/0x610
[  686.450883][T13742]  ? __pfx_generic_map_update_batch+0x10/0x10
[  686.450900][T13742]  ? __pfx_generic_map_update_batch+0x10/0x10
[  686.450914][T13742]  bpf_map_do_batch+0x5b4/0x680
[  686.450927][T13742]  __sys_bpf+0x4cf9/0x4de0
[  686.450944][T13742]  ? __pfx___sys_bpf+0x10/0x10
[  686.450958][T13742]  ? ksys_write+0x190/0x250
[  686.450971][T13742]  ? __mutex_unlock_slowpath+0x163/0x800
[  686.450997][T13742]  ? fput+0x9b/0xd0
[  686.451011][T13742]  ? ksys_write+0x1ac/0x250
[  686.451022][T13742]  ? __pfx_ksys_write+0x10/0x10
[  686.451035][T13742]  __x64_sys_bpf+0x78/0xc0
[  686.451049][T13742]  ? lockdep_hardirqs_on+0x7c/0x110
[  686.451065][T13742]  do_syscall_64+0xcd/0x4c0
[  686.451076][T13742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.451087][T13742] RIP: 0033:0x7f008598ebe9
[  686.451097][T13742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  686.451107][T13742] RSP: 002b:00007f0086737038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  686.451118][T13742] RAX: ffffffffffffffda RBX: 00007f0085bb6090 RCX: 00007f008598ebe9
[  686.451125][T13742] RDX: 0000000000000038 RSI: 0000200000000000 RDI: 000000000000001a
[  686.451132][T13742] RBP: 00007f0086737090 R08: 0000000000000000 R09: 0000000000000000
[  686.451138][T13742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  686.451144][T13742] R13: 00007f0085bb6128 R14: 00007f0085bb6090 R15: 00007ffe8bdc08d8
[  686.451157][T13742]  </TASK>
[  686.901795][ T5980] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  687.001840][ T5909] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  687.081684][ T5980] usb 3-1: Using ep0 maxpacket: 8
[  687.108238][ T5980] usb 3-1: config 252 has 0 interfaces, different from the descriptor's value: 1
[  687.118130][ T5980] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  687.128086][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.163011][ T5909] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  687.172338][ T5909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  687.182975][ T5909] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  687.192160][ T5909] usb 2-1: config 1 has no interface number 1
[  687.198342][ T5909] usb 2-1: too many endpoints for config 1 interface 0 altsetting 4: 187, using maximum allowed: 30
[  687.209290][ T5909] usb 2-1: config 1 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 187
[  687.222899][ T5909] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  687.237008][ T5909] usb 2-1: config 1 interface 0 has no altsetting 1
[  687.247236][ T5909] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  687.257683][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.266957][ T5909] usb 2-1: Product: syz
[  687.271205][ T5909] usb 2-1: Manufacturer: syz
[  687.278901][ T5909] usb 2-1: SerialNumber: syz
[  687.311347][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  687.326137][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  687.340564][   T13] bond0 (unregistering): Released all slaves
[  687.381986][ T5859] Bluetooth: hci3: command tx timeout
[  687.465934][   T13] : left promiscuous mode
[  687.916392][ T5909] usb 2-1: 2:1 : invalid UAC_AS_GENERAL desc
[  687.968156][   T13] tipc: Disabling bearer <eth:vlan0>
[  688.019627][ T5909] usb 2-1: USB disconnect, device number 65
[  688.067350][   T13] tipc: Left network mode
[  688.453427][T13766] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  688.607926][   T30] audit: type=1400 audit(1754599959.781:1206): avc:  denied  { mounton } for  pid=13764 comm="syz.1.1996" path="/386/file0" dev="tmpfs" ino=2033 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  689.425875][ T5975] usb 3-1: USB disconnect, device number 55
[  689.467107][ T5859] Bluetooth: hci3: command tx timeout
[  689.502171][ T5909] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  689.510302][T13724] chnl_net:caif_netlink_parms(): no params data found
[  689.628066][T13787] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1999'.
[  689.678185][ T5909] usb 2-1: Using ep0 maxpacket: 8
[  689.696717][ T5909] usb 2-1: config 1 interface 0 has no altsetting 0
[  689.768457][ T5909] usb 2-1: New USB device found, idVendor=172f, idProduct=0032, bcdDevice= 0.40
[  689.886150][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.922135][ T5909] usb 2-1: Product: syz
[  689.926356][ T5909] usb 2-1: Manufacturer: ъ
[  689.930862][ T5909] usb 2-1: SerialNumber: syz
[  690.086312][T13724] bridge0: port 1(bridge_slave_0) entered blocking state
[  690.132157][T13724] bridge0: port 1(bridge_slave_0) entered disabled state
[  690.155250][T13724] bridge_slave_0: entered allmulticast mode
[  690.179742][T13724] bridge_slave_0: entered promiscuous mode
[  690.200484][   T30] audit: type=1400 audit(1754599961.381:1207): avc:  denied  { open } for  pid=13764 comm="syz.1.1996" path="/dev/ptyq7" dev="devtmpfs" ino=126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  690.252700][T13724] bridge0: port 2(bridge_slave_1) entered blocking state
[  690.278731][ T5909] usbhid 2-1:1.0: can't add hid device: -71
[  690.284941][T13724] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.287001][   T30] audit: type=1400 audit(1754599961.421:1208): avc:  denied  { ioctl } for  pid=13764 comm="syz.1.1996" path="/dev/ptyq7" dev="devtmpfs" ino=126 ioctlcmd=0x5414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  690.299628][T13724] bridge_slave_1: entered allmulticast mode
[  690.333803][ T5909] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  690.337529][T13724] bridge_slave_1: entered promiscuous mode
[  690.462156][ T5909] usb 2-1: USB disconnect, device number 66
[  690.723560][   T13] hsr_slave_0: left promiscuous mode
[  690.743474][   T13] hsr_slave_1: left promiscuous mode
[  690.759763][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  690.776070][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  690.890367][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  690.898467][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  690.923124][T13819] netlink: 'syz.4.2006': attribute type 2 has an invalid length.
[  690.979333][   T13] dummy0: left allmulticast mode
[  690.993680][   T13] veth1_macvtap: left promiscuous mode
[  691.006713][   T13] veth0_macvtap: left promiscuous mode
[  691.026123][   T13] veth1_vlan: left promiscuous mode
[  691.031600][   T13] veth0_vlan: left promiscuous mode
[  691.496686][T13835] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2010'.
[  691.541921][ T5859] Bluetooth: hci3: command tx timeout
[  691.643289][   T13] team0 (unregistering): Port device team_slave_1 removed
[  691.686801][   T13] team0 (unregistering): Port device team_slave_0 removed
[  692.291298][T13724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  692.312891][ T9639] lo speed is unknown, defaulting to 1000
[  692.325548][ T9639] infiniband syz0: ib_query_port failed (-19)
[  692.330299][T13724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  692.510693][   T30] audit: type=1400 audit(1754599963.691:1209): avc:  denied  { listen } for  pid=13836 comm="syz.2.2011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  692.548092][T13840] bridge0: port 3(gretap0) entered blocking state
[  692.567703][T13840] bridge0: port 3(gretap0) entered disabled state
[  692.581111][T13840] gretap0: entered allmulticast mode
[  692.679315][T13848] overlayfs: failed to clone upperpath
[  692.699558][T13840] gretap0: entered promiscuous mode
[  692.706470][T13840] bridge0: port 3(gretap0) entered blocking state
[  692.713221][T13840] bridge0: port 3(gretap0) entered forwarding state
[  692.726382][T13846] gretap0: left allmulticast mode
[  692.739730][T13843] netlink: 'syz.2.2011': attribute type 4 has an invalid length.
[  692.756898][T13846] gretap0: left promiscuous mode
[  692.766475][T13846] bridge0: port 3(gretap0) entered disabled state
[  692.841572][T13724] team0: Port device team_slave_0 added
[  692.851940][T13841] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1011 sclass=netlink_route_socket pid=13841 comm=syz.2.2011
[  692.867961][T13724] team0: Port device team_slave_1 added
[  693.445430][T13724] batman_adv: batadv0: Adding interface: batadv_slave_0
[  693.598651][T13724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.084396][ T5859] Bluetooth: hci3: command tx timeout
[  694.115044][T13724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  694.203550][T13724] batman_adv: batadv0: Adding interface: batadv_slave_1
[  694.220614][T13724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.390366][T13724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  694.601255][T13874] FAULT_INJECTION: forcing a failure.
[  694.601255][T13874] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  694.603577][   T13] IPVS: stop unused estimator thread 0...
[  694.625589][T13724] hsr_slave_0: entered promiscuous mode
[  694.648073][T13724] hsr_slave_1: entered promiscuous mode
[  694.672387][T13724] debugfs: 'hsr0' already exists in 'hsr'
[  694.698432][T13874] CPU: 0 UID: 0 PID: 13874 Comm: syz.1.2018 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  694.698460][T13874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  694.698471][T13874] Call Trace:
[  694.698476][T13874]  <TASK>
[  694.698483][T13874]  dump_stack_lvl+0x16c/0x1f0
[  694.698506][T13874]  should_fail_ex+0x512/0x640
[  694.698519][T13874]  _copy_to_user+0x32/0xd0
[  694.698533][T13874]  simple_read_from_buffer+0xcb/0x170
[  694.698546][T13874]  proc_fail_nth_read+0x197/0x240
[  694.698560][T13874]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  694.698573][T13874]  ? rw_verify_area+0xcf/0x6c0
[  694.698590][T13874]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  694.698602][T13874]  vfs_read+0x1e1/0xc60
[  694.698615][T13874]  ? __pfx___mutex_lock+0x10/0x10
[  694.698625][T13874]  ? __pfx_vfs_read+0x10/0x10
[  694.698640][T13874]  ? __fget_files+0x20e/0x3c0
[  694.698656][T13874]  ksys_read+0x12a/0x250
[  694.698667][T13874]  ? __pfx_ksys_read+0x10/0x10
[  694.698682][T13874]  do_syscall_64+0xcd/0x4c0
[  694.698694][T13874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.698705][T13874] RIP: 0033:0x7f34d518d5fc
[  694.698716][T13874] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  694.698727][T13874] RSP: 002b:00007f34d605e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  694.698738][T13874] RAX: ffffffffffffffda RBX: 00007f34d53b5fa0 RCX: 00007f34d518d5fc
[  694.698745][T13874] RDX: 000000000000000f RSI: 00007f34d605e0a0 RDI: 0000000000000003
[  694.698751][T13874] RBP: 00007f34d605e090 R08: 0000000000000000 R09: 0000000000000000
[  694.698758][T13874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  694.698764][T13874] R13: 00007f34d53b6038 R14: 00007f34d53b5fa0 R15: 00007ffd1e8cfe68
[  694.698778][T13874]  </TASK>
[  694.905082][T13724] Cannot create hsr debugfs directory
[  695.044925][T13881] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2020'.
[  695.053926][T13881] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2020'.
[  695.482909][T13724] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  695.495904][T13724] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  695.516715][T13724] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  695.537407][T13724] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  695.635156][T13897] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  695.806327][T13724] 8021q: adding VLAN 0 to HW filter on device bond0
[  695.859266][T13724] 8021q: adding VLAN 0 to HW filter on device team0
[  695.919776][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  695.926945][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  696.019004][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state
[  696.026165][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state
[  697.100899][T13724] 8021q: adding VLAN 0 to HW filter on device batadv0
[  697.971280][T13945] vivid-003: disconnect
[  697.982048][T13945] SELinux:  policydb version 318118309 does not match my version range 15-35
[  697.992087][T13945] SELinux: failed to load policy
[  698.670289][T13941] vivid-003: reconnect
[  698.964749][T13724] veth0_vlan: entered promiscuous mode
[  699.071745][   T10] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  699.081146][T13724] veth1_vlan: entered promiscuous mode
[  699.141355][T13724] veth0_macvtap: entered promiscuous mode
[  699.168609][T13724] veth1_macvtap: entered promiscuous mode
[  699.253411][   T10] usb 2-1: Using ep0 maxpacket: 8
[  699.303382][   T30] audit: type=1400 audit(1754599970.451:1210): avc:  denied  { connect } for  pid=13966 comm="syz.2.2033" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  699.324216][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  699.506191][T13724] batman_adv: batadv0: Interface activated: batadv_slave_0
[  699.522230][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  699.547655][   T10] usb 2-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.7f
[  699.567290][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.576680][T13724] batman_adv: batadv0: Interface activated: batadv_slave_1
[  699.591658][   T10] usb 2-1: Product: syz
[  699.606396][   T10] usb 2-1: Manufacturer: syz
[  699.611012][   T10] usb 2-1: SerialNumber: syz
[  699.628801][ T7882] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  699.655490][   T10] usb 2-1: config 0 descriptor??
[  699.665469][ T7882] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  699.690649][   T10] usbtouchscreen 2-1:0.0: probe with driver usbtouchscreen failed with error -8
[  699.784880][ T1150] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  699.832449][   T49] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  699.930054][T13959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  699.964328][T13959] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  700.025293][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  700.040751][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  700.064254][ T9639] usb 2-1: USB disconnect, device number 67
[  700.114390][ T3594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  700.141213][ T3594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  700.171543][   T30] audit: type=1400 audit(1754599971.351:1211): avc:  denied  { mounton } for  pid=13724 comm="syz-executor" path="/root/syzkaller.MxxIol/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  700.411035][   T30] audit: type=1400 audit(1754599971.391:1212): avc:  denied  { mounton } for  pid=13724 comm="syz-executor" path="/root/syzkaller.MxxIol/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  700.450311][   T30] audit: type=1400 audit(1754599971.391:1213): avc:  denied  { mounton } for  pid=13724 comm="syz-executor" path="/root/syzkaller.MxxIol/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=44837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  700.479491][   T30] audit: type=1400 audit(1754599971.521:1214): avc:  denied  { mounton } for  pid=13724 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  700.646565][   T30] audit: type=1400 audit(1754599971.831:1215): avc:  denied  { unmount } for  pid=5858 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  701.514245][T13997] SELinux: failed to load policy
[  701.698879][T13997] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2037'.
[  701.707985][T13997] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2037'.
[  703.264536][T14011] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1978'.
[  703.297687][T14011] netlink: 'syz.5.1978': attribute type 7 has an invalid length.
[  703.363565][T14011] : entered promiscuous mode
[  703.463269][T14014] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2042'.
[  703.472265][T14014] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2042'.
[  704.120887][T14019] binder: 14018:14019 ioctl d000941e 200000001480 returned -22
[  704.166527][   T30] audit: type=1400 audit(1754599975.351:1216): avc:  denied  { create } for  pid=14039 comm="syz.1.2046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  704.168736][T14040] tmpfs: Unknown parameter '0xffffffffffffffff0x0000000000000000'
[  704.395015][   T30] audit: type=1400 audit(1754599975.351:1217): avc:  denied  { getopt } for  pid=14039 comm="syz.1.2046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  704.698004][   T30] audit: type=1400 audit(1754599975.881:1218): avc:  denied  { write } for  pid=14039 comm="syz.1.2046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  704.791757][   T30] audit: type=1400 audit(1754599975.961:1219): avc:  denied  { append } for  pid=14039 comm="syz.1.2046" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  704.858141][T14043] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  705.274972][T14059] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14059 comm=syz.5.2048
[  706.086475][T14070] ieee802154 phy0 wpan0: encryption failed: -22
[  706.102033][   T30] audit: type=1400 audit(1754599977.271:1220): avc:  denied  { write } for  pid=14060 comm="syz.2.2049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  706.571913][T14078] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2053'.
[  706.943281][   T30] audit: type=1400 audit(1754599978.121:1221): avc:  denied  { lock } for  pid=14082 comm="syz.4.2054" path="socket:[45039]" dev="sockfs" ino=45039 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  707.347983][T14098] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2056'.
[  707.702112][T14100] overlayfs: missing 'workdir'
[  708.403587][T14111] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2059'.
[  711.360421][T14170] Invalid ELF header magic: != ELF
[  711.368021][   T30] audit: type=1400 audit(1754599982.541:1222): avc:  denied  { module_load } for  pid=14168 comm="syz.4.2075" path="/455/bus" dev="tmpfs" ino=2418 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  711.407874][ T9639] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  711.432220][T14169] Invalid ELF header magic: != ELF
[  711.532611][T14173] ipvlan2: entered promiscuous mode
[  711.781892][T13659] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  711.963035][ T9639] usb 3-1: Using ep0 maxpacket: 16
[  711.986460][ T9639] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  712.017936][ T9639] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  712.041044][ T9639] usb 3-1: config 0 has no interface number 0
[  712.047254][ T9639] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0xB has invalid maxpacket 2560, setting to 1024
[  712.059278][ T9639] usb 3-1: config 0 interface 8 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  712.066362][T13659] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  712.088825][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  712.105077][ T9639] usb 3-1: config 0 interface 8 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  712.106149][T14185] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2077'.
[  712.128578][T14185] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2077'.
[  712.284644][T13659] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  712.446531][ T9639] usb 3-1: New USB device found, idVendor=0586, idProduct=1500, bcdDevice=2e.97
[  712.451560][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  712.461089][ T9639] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.500299][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  712.509846][ T9639] usb 3-1: Product: syz
[  712.531479][ T9639] usb 3-1: Manufacturer: syz
[  712.558009][T13659] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  712.560602][ T9639] usb 3-1: SerialNumber: syz
[  712.594637][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  712.617143][ T9639] usb 3-1: config 0 descriptor??
[  712.632180][ T9639] omninet 3-1:0.8: required endpoints missing
[  712.649506][T13659] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  712.711687][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  712.740382][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  712.755203][T10400] Bluetooth: hci1: command 0x0406 tx timeout
[  712.784174][T13659] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  712.791592][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  712.806281][T13659] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  712.859699][ T5923] usb 3-1: USB disconnect, device number 56
[  712.876611][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  712.904763][T13659] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  712.944758][T13659] usb 6-1: string descriptor 0 read error: -22
[  712.966184][T13659] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  712.976642][T14214] syz_tun: entered allmulticast mode
[  712.983419][T13659] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.036950][T13659] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  713.408062][T14230] qnx6: unable to set blocksize
[  713.905261][ T9639] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  714.271265][T14233] SELinux: failed to load policy
[  714.381279][ T5923] usb 6-1: USB disconnect, device number 2
[  714.519124][T14227] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2086'.
[  714.528438][T14227] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2086'.
[  714.704161][ T9639] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  714.767761][ T9639] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  715.130084][ T9639] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  715.145091][ T9639] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  715.154825][ T9639] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.241220][ T9639] usb 3-1: config 0 descriptor??
[  715.248779][T14246] overlayfs: failed to resolve './file1': -2
[  715.608099][T14255] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  715.724332][ T9639] plantronics 0003:047F:FFFF.000C: reserved main item tag 0xd
[  715.849304][ T9639] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  716.259128][T13659] usb 3-1: USB disconnect, device number 57
[  716.352886][ T9639] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  716.506396][T14266] comedi comedi4: comedi_config --init_data is deprecated
[  716.551999][ T9639] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  716.650632][ T9639] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  716.699400][T14271] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2098'.
[  716.721598][ T9639] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  716.772491][ T9639] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.801947][T14262] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  716.813685][ T9639] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  717.101905][T14262] tmpfs: Unknown parameter '
[  717.101905][T14262] '
[  717.404284][T14288] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2099'.
[  717.543574][   T30] audit: type=1400 audit(1754599988.726:1223): avc:  denied  { unmount } for  pid=5846 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  718.748010][T14309] overlayfs: failed to clone upperpath
[  719.054194][T14322] netlink: 'syz.4.2109': attribute type 12 has an invalid length.
[  719.065904][T14323] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  719.127691][T14322] netlink: 'syz.4.2109': attribute type 29 has an invalid length.
[  719.150490][T14322] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2109'.
[  719.203887][T14322] netlink: 'syz.4.2109': attribute type 3 has an invalid length.
[  719.247307][T14322] netlink: 'syz.4.2109': attribute type 2 has an invalid length.
[  719.275955][T14322] netlink: 35 bytes leftover after parsing attributes in process `syz.4.2109'.
[  719.289905][   T30] audit: type=1400 audit(1754599990.476:1224): avc:  denied  { getopt } for  pid=14327 comm="syz.5.2110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  719.473767][T14331] binder: 14327:14331 ioctl c0046209 9999999999999999 returned -22
[  719.488661][   T30] audit: type=1400 audit(1754599990.666:1225): avc:  denied  { bind } for  pid=14327 comm="syz.5.2110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  719.529090][   T30] audit: type=1400 audit(1754599990.666:1226): avc:  denied  { shutdown } for  pid=14327 comm="syz.5.2110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  719.596903][ T5859] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  719.805636][ T5909] usb 2-1: USB disconnect, device number 68
[  720.460813][T14353] FAULT_INJECTION: forcing a failure.
[  720.460813][T14353] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  720.518622][T14353] CPU: 1 UID: 0 PID: 14353 Comm: syz.1.2116 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  720.518648][T14353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  720.518658][T14353] Call Trace:
[  720.518664][T14353]  <TASK>
[  720.518671][T14353]  dump_stack_lvl+0x16c/0x1f0
[  720.518702][T14353]  should_fail_ex+0x512/0x640
[  720.518722][T14353]  _copy_to_user+0x32/0xd0
[  720.518743][T14353]  simple_read_from_buffer+0xcb/0x170
[  720.518764][T14353]  proc_fail_nth_read+0x197/0x240
[  720.518786][T14353]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  720.518808][T14353]  ? rw_verify_area+0xcf/0x6c0
[  720.518833][T14353]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  720.518854][T14353]  vfs_read+0x1e1/0xc60
[  720.518874][T14353]  ? __pfx___mutex_lock+0x10/0x10
[  720.518890][T14353]  ? __pfx_vfs_read+0x10/0x10
[  720.518913][T14353]  ? __fget_files+0x20e/0x3c0
[  720.518941][T14353]  ksys_read+0x12a/0x250
[  720.518958][T14353]  ? __pfx_ksys_read+0x10/0x10
[  720.518987][T14353]  do_syscall_64+0xcd/0x4c0
[  720.519011][T14353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.519029][T14353] RIP: 0033:0x7f34d518d5fc
[  720.519045][T14353] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  720.519060][T14353] RSP: 002b:00007f34d605e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  720.519079][T14353] RAX: ffffffffffffffda RBX: 00007f34d53b5fa0 RCX: 00007f34d518d5fc
[  720.519091][T14353] RDX: 000000000000000f RSI: 00007f34d605e0a0 RDI: 0000000000000004
[  720.519101][T14353] RBP: 00007f34d605e090 R08: 0000000000000000 R09: 0000000000000000
[  720.519112][T14353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  720.519123][T14353] R13: 00007f34d53b6038 R14: 00007f34d53b5fa0 R15: 00007ffd1e8cfe68
[  720.519149][T14353]  </TASK>
[  721.630122][T14373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2119'.
[  721.860409][ T5859] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  722.037006][   T30] audit: type=1800 audit(1754599993.216:1227): pid=14390 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.2125" name="file1" dev="tmpfs" ino=123 res=0 errno=0
[  722.973361][T14407] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  724.478791][T14442] veth1: entered allmulticast mode
[  724.498931][T14442] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2135'.
[  725.037523][T14460] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5133 sclass=netlink_route_socket pid=14460 comm=syz.0.2137
[  725.368263][T14454] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  725.552854][T14462] 9pnet: Could not find request transport: unix=any
[  726.530295][T14483] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  727.063710][ T5923] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  727.323643][ T5923] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  727.739136][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  727.749462][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  727.763139][ T5923] usb 2-1: New USB device found, idVendor=a9cd, idProduct=cdee, bcdDevice= 5.b9
[  727.772678][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.805773][ T5923] usb 2-1: config 0 descriptor??
[  727.840686][ T5923] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  727.866791][ T5923] usb 2-1: MIDIStreaming interface descriptor not found
[  728.296896][T13659] usb 2-1: USB disconnect, device number 69
[  728.499242][ T5859] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  728.894150][T14520] SELinux: failed to load policy
[  729.179591][T14516] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2146'.
[  729.188612][T14516] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2146'.
[  730.101759][T14537] netlink: 'syz.0.2149': attribute type 2 has an invalid length.
[  730.195427][T14537] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2149'.
[  730.672207][   T30] audit: type=1400 audit(1754600001.856:1228): avc:  denied  { map } for  pid=14541 comm="syz.2.2150" path="socket:[47863]" dev="sockfs" ino=47863 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  731.125013][T14571] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  731.782093][T10400] Bluetooth: hci4: command 0x0406 tx timeout
[  731.863266][T14586] openvswitch: netlink: IP tunnel TTL not specified.
[  732.587035][T14598] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  732.757075][T14600] block device autoloading is deprecated and will be removed.
[  732.777252][   T30] audit: type=1400 audit(1754600003.926:1229): avc:  denied  { read } for  pid=14597 comm="syz.2.2160" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  732.800019][   T30] audit: type=1400 audit(1754600003.926:1230): avc:  denied  { open } for  pid=14597 comm="syz.2.2160" path="/418/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  732.833586][   T30] audit: type=1400 audit(1754600003.946:1231): avc:  denied  { ioctl } for  pid=14597 comm="syz.2.2160" path="/418/file0/file0" dev="fuse" ino=64 ioctlcmd=0x933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  733.899890][T14617] syz.1.2162: attempt to access beyond end of device
[  733.899890][T14617] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  733.913228][T14617] befs: (nbd1): unable to read superblock
[  733.920787][   T24] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  734.131740][   T24] usb 3-1: Using ep0 maxpacket: 16
[  734.227817][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  734.240134][   T24] usb 3-1: config 7 has an invalid interface number: 71 but max is 0
[  734.299618][   T24] usb 3-1: config 7 has no interface number 0
[  734.326026][   T24] usb 3-1: config 7 interface 71 altsetting 129 endpoint 0x87 has invalid maxpacket 1024, setting to 64
[  734.413781][   T24] usb 3-1: config 7 interface 71 has no altsetting 0
[  734.539817][   T24] usb 3-1: New USB device found, idVendor=07d1, idProduct=3a08, bcdDevice= 2.97
[  734.596512][T14626] vivid-001: disconnect
[  734.601691][T14626] SELinux:  policydb version 318118309 does not match my version range 15-35
[  734.610484][T14626] SELinux: failed to load policy
[  734.641725][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.650155][   T24] usb 3-1: Product: syz
[  734.654373][   T24] usb 3-1: Manufacturer: syz
[  734.659420][   T24] usb 3-1: SerialNumber: syz
[  734.902392][   T24] usb 3-1: Could not find all expected endpoints
[  734.920202][   T24] usb 3-1: USB disconnect, device number 58
[  735.112326][T14621] vivid-001: reconnect
[  735.192031][   T30] audit: type=1326 audit(1754600006.366:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14652 comm="syz.0.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4538ebe9 code=0x7ffc0000
[  735.242377][   T30] audit: type=1326 audit(1754600006.396:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14652 comm="syz.0.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4538ebe9 code=0x7ffc0000
[  735.266283][   T30] audit: type=1326 audit(1754600006.396:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14652 comm="syz.0.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f3d4538ebe9 code=0x7ffc0000
[  735.329847][   T30] audit: type=1326 audit(1754600006.396:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14652 comm="syz.0.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4538ebe9 code=0x7ffc0000
[  735.374227][   T30] audit: type=1326 audit(1754600006.396:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14652 comm="syz.0.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4538ebe9 code=0x7ffc0000
[  735.416155][   T30] audit: type=1326 audit(1754600006.396:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14652 comm="syz.0.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3d4538ebe9 code=0x7ffc0000
[  735.669383][T14673] SELinux:  policydb magic number 0x6c65732f does not match expected magic number 0xf97cff8c
[  735.679927][T14673] SELinux: failed to load policy
[  735.773766][T14674] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2172'.
[  735.782882][T14674] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2172'.
[  737.111124][T14686] No source specified
[  737.176364][T14683] vivid-000: disconnect
[  737.181248][T14683] SELinux:  policydb version 318118309 does not match my version range 15-35
[  737.190331][T14683] SELinux: failed to load policy
[  737.197238][T14682] vivid-000: reconnect
[  737.403652][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  737.403667][   T30] audit: type=1400 audit(1754600008.576:1291): avc:  denied  { ioctl } for  pid=14703 comm="syz.0.2179" path="socket:[48087]" dev="sockfs" ino=48087 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  737.491770][ T5923] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  737.775952][ T5923] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  737.816557][ T5923] usb 2-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  737.840179][ T5923] usb 2-1: config 2 interface 0 has no altsetting 0
[  737.853306][ T5923] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  737.863651][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.874814][ T5923] usb 2-1: Product: syz
[  737.878996][ T5923] usb 2-1: Manufacturer: syz
[  737.884137][ T5923] usb 2-1: SerialNumber: syz
[  737.948310][T14720] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=14720 comm=syz.4.2181
[  738.289858][   T30] audit: type=1400 audit(1754600009.466:1292): avc:  denied  { write } for  pid=14729 comm="syz.4.2183" path="socket:[48115]" dev="sockfs" ino=48115 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  738.410971][   T30] audit: type=1400 audit(1754600009.496:1293): avc:  denied  { accept } for  pid=14729 comm="syz.4.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  738.459451][   T30] audit: type=1400 audit(1754600009.496:1294): avc:  denied  { read } for  pid=14729 comm="syz.4.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  738.484547][ T5923] ims_pcu 2-1:2.0: Missing CDC union descriptor
[  738.510053][ T5923] ims_pcu 2-1:2.0: probe with driver ims_pcu failed with error -22
[  738.540543][ T5923] usb 2-1: USB disconnect, device number 70
[  738.582171][T10400] Bluetooth: hci4: command 0x0406 tx timeout
[  738.996106][T14746] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2187'.
[  739.005131][T14746] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2187'.
[  740.995681][   T30] audit: type=1400 audit(1754600012.176:1295): avc:  denied  { relabelfrom } for  pid=14771 comm="syz.1.2193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  741.032511][T10400] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  741.051858][T10400] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  741.067842][T10400] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  741.087906][T10400] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  741.095422][T10400] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  741.256662][   T30] audit: type=1400 audit(1754600012.196:1296): avc:  denied  { relabelto } for  pid=14771 comm="syz.1.2193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  741.287415][   T30] audit: type=1400 audit(1754600012.466:1297): avc:  denied  { getopt } for  pid=14779 comm="syz.2.2195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  742.457480][T14813] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  743.238130][T10400] Bluetooth: hci5: command tx timeout
[  743.430412][   T30] audit: type=1400 audit(1754600014.556:1298): avc:  denied  { connect } for  pid=14828 comm="syz.4.2201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  743.687244][T14785] chnl_net:caif_netlink_parms(): no params data found
[  744.225266][T14785] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.253075][T14785] bridge0: port 1(bridge_slave_0) entered disabled state
[  744.270573][T14785] bridge_slave_0: entered allmulticast mode
[  744.288523][T14785] bridge_slave_0: entered promiscuous mode
[  744.308528][T14785] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.431785][T14785] bridge0: port 2(bridge_slave_1) entered disabled state
[  744.439006][T14785] bridge_slave_1: entered allmulticast mode
[  744.469838][T14785] bridge_slave_1: entered promiscuous mode
[  744.657878][T14785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  744.720514][T14785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  745.089081][T14785] team0: Port device team_slave_0 added
[  745.114898][T14785] team0: Port device team_slave_1 added
[  745.230729][T14785] batman_adv: batadv0: Adding interface: batadv_slave_0
[  745.248456][T14785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  745.294725][T14785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  745.311664][T10400] Bluetooth: hci5: command tx timeout
[  745.325968][T14886] vivid-000: disconnect
[  745.329795][T14785] batman_adv: batadv0: Adding interface: batadv_slave_1
[  745.337724][T14886] SELinux:  policydb version 318118309 does not match my version range 15-35
[  745.341353][T14785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  745.373138][T14785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  745.376734][T14886] SELinux: failed to load policy
[  745.469848][T14785] hsr_slave_0: entered promiscuous mode
[  745.484722][T14785] hsr_slave_1: entered promiscuous mode
[  745.497243][T14785] debugfs: 'hsr0' already exists in 'hsr'
[  745.509437][T14785] Cannot create hsr debugfs directory
[  745.875204][T14785] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  745.888895][T14785] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  745.926720][T14785] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  745.965861][T14785] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  745.999110][T14881] vivid-000: reconnect
[  746.188758][T14785] 8021q: adding VLAN 0 to HW filter on device bond0
[  746.261639][T14785] 8021q: adding VLAN 0 to HW filter on device team0
[  746.307787][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.314984][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  746.326594][T14926] netlink: 'syz.4.2212': attribute type 2 has an invalid length.
[  746.360961][T14926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2212'.
[  746.453961][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.461095][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  746.658911][T14925] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2213'.
[  746.828253][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  746.837245][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  747.582484][T10400] Bluetooth: hci5: command tx timeout
[  747.600030][   T30] audit: type=1400 audit(1754600018.376:1299): avc:  denied  { write } for  pid=14936 comm="syz.1.2214" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  747.647777][   T30] audit: type=1400 audit(1754600018.376:1300): avc:  denied  { ioctl } for  pid=14936 comm="syz.1.2214" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9375 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  747.940326][T14785] 8021q: adding VLAN 0 to HW filter on device batadv0
[  748.076610][ T5859] Bluetooth: hci4: Invalid handle: 0x20c9 > 0x0eff
[  749.282457][T14986] sg_write: data in/out 2268/14 bytes for SCSI command 0x0-- guessing data in;
[  749.282457][T14986]    program syz.1.2222 not setting count and/or reply_len properly
[  749.382492][T14991] netlink: 'syz.2.2221': attribute type 2 has an invalid length.
[  749.394411][T14785] veth0_vlan: entered promiscuous mode
[  749.418601][T14785] veth1_vlan: entered promiscuous mode
[  749.622898][ T5859] Bluetooth: hci5: command tx timeout
[  749.725604][T14785] veth0_macvtap: entered promiscuous mode
[  749.749132][T14785] veth1_macvtap: entered promiscuous mode
[  749.786481][T14985] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2221'.
[  749.840230][T14785] batman_adv: batadv0: Interface activated: batadv_slave_0
[  749.877766][T14785] batman_adv: batadv0: Interface activated: batadv_slave_1
[  749.906611][ T3494] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  749.926073][ T3494] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  749.945842][ T3494] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  749.962283][ T5980] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  750.005373][ T3494] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  750.131865][ T5980] usb 2-1: Using ep0 maxpacket: 16
[  750.158448][ T5980] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  750.164794][   T30] audit: type=1400 audit(1754600021.346:1301): avc:  denied  { read } for  pid=14998 comm="syz.4.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  750.201341][ T5980] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  750.248757][T15001] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2226'.
[  750.260206][ T5980] usb 2-1: config 0 has no interface number 0
[  750.266725][ T5980] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0xB has invalid maxpacket 2560, setting to 1024
[  750.284916][ T3458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  750.299136][ T5980] usb 2-1: config 0 interface 8 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  750.319680][ T5980] usb 2-1: config 0 interface 8 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  750.321776][ T3458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  750.342316][ T5980] usb 2-1: New USB device found, idVendor=0586, idProduct=1500, bcdDevice=2e.97
[  750.397246][ T5980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.418713][ T5980] usb 2-1: Product: syz
[  750.438183][ T5980] usb 2-1: Manufacturer: syz
[  750.468465][ T3494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  750.479239][ T5980] usb 2-1: SerialNumber: syz
[  750.486967][ T3494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  750.498234][ T5980] usb 2-1: config 0 descriptor??
[  750.509631][T15004] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  750.518721][ T5980] omninet 2-1:0.8: required endpoints missing
[  750.845947][ T5923] usb 2-1: USB disconnect, device number 71
[  752.550021][T15032] input: syz0 as /devices/virtual/input/input25
[  752.891709][ T5923] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  753.061804][ T5923] usb 2-1: Using ep0 maxpacket: 32
[  753.070004][ T5923] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  753.093326][ T5923] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  753.290740][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  753.309228][ T5923] usb 2-1: Product: syz
[  753.316102][ T5923] usb 2-1: Manufacturer: syz
[  753.326198][ T5923] usb 2-1: SerialNumber: syz
[  753.345074][ T5923] usb 2-1: config 0 descriptor??
[  753.356924][T15036] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  754.111323][ T5923] usb 2-1: USB disconnect, device number 72
[  755.270277][   T30] audit: type=1400 audit(1754600026.446:1302): avc:  denied  { create } for  pid=15077 comm="syz.0.2248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  755.312553][T13659] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  755.481741][T13659] usb 7-1: Using ep0 maxpacket: 16
[  755.488117][T15085] FAULT_INJECTION: forcing a failure.
[  755.488117][T15085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  755.548828][T15085] CPU: 1 UID: 0 PID: 15085 Comm: syz.2.2249 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  755.548854][T15085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  755.548864][T15085] Call Trace:
[  755.548869][T15085]  <TASK>
[  755.548876][T15085]  dump_stack_lvl+0x16c/0x1f0
[  755.548906][T15085]  should_fail_ex+0x512/0x640
[  755.548926][T15085]  _copy_to_user+0x32/0xd0
[  755.548945][T15085]  simple_read_from_buffer+0xcb/0x170
[  755.548965][T15085]  proc_fail_nth_read+0x197/0x240
[  755.548985][T15085]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  755.549006][T15085]  ? rw_verify_area+0xcf/0x6c0
[  755.549030][T15085]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  755.549049][T15085]  vfs_read+0x1e1/0xc60
[  755.549068][T15085]  ? __pfx___mutex_lock+0x10/0x10
[  755.549083][T15085]  ? __pfx_vfs_read+0x10/0x10
[  755.549106][T15085]  ? __fget_files+0x20e/0x3c0
[  755.549123][T15085]  ? find_held_lock+0x10/0x80
[  755.549149][T15085]  ksys_read+0x12a/0x250
[  755.549166][T15085]  ? __pfx_ksys_read+0x10/0x10
[  755.549182][T15085]  ? anon_inode_getfd+0x81/0xb0
[  755.549207][T15085]  do_syscall_64+0xcd/0x4c0
[  755.549224][T15085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.549240][T15085] RIP: 0033:0x7f008598d5fc
[  755.549254][T15085] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  755.549269][T15085] RSP: 002b:00007f0086737030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  755.549285][T15085] RAX: ffffffffffffffda RBX: 00007f0085bb6090 RCX: 00007f008598d5fc
[  755.549296][T15085] RDX: 000000000000000f RSI: 00007f00867370a0 RDI: 0000000000000005
[  755.549306][T15085] RBP: 00007f0086737090 R08: 0000000000000000 R09: 0000000000000000
[  755.549315][T15085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  755.549325][T15085] R13: 00007f0085bb6128 R14: 00007f0085bb6090 R15: 00007ffe8bdc08d8
[  755.549347][T15085]  </TASK>
[  755.771867][T13659] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  755.783170][T13659] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  755.792288][T13659] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.813536][T13659] usb 7-1: config 0 descriptor??
[  756.125381][T15090] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  756.180202][T15089] overlayfs: failed to clone upperpath
[  756.236162][T13659] mcp2221 0003:04D8:00DD.000D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  756.766744][T15102] tipc: Started in network mode
[  756.772107][T15102] tipc: Node identity 4, cluster identity 4711
[  756.779717][T15102] tipc: Node number set to 4
[  757.338958][T15107] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53 sclass=netlink_route_socket pid=15107 comm=syz.0.2255
[  757.677036][T15115] netlink: 'syz.4.2258': attribute type 2 has an invalid length.
[  757.709853][T15115] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2258'.
[  758.165475][   T24] usb 7-1: USB disconnect, device number 2
[  759.219018][T15131] netlink: 'syz.6.2261': attribute type 2 has an invalid length.
[  759.687733][T15144] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2261'.
[  761.728656][T15172] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2272'.
[  761.762326][ T9639] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  761.853852][T15169] netlink: 'syz.0.2269': attribute type 1 has an invalid length.
[  761.892491][T15169] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2269'.
[  761.933473][T15174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2272'.
[  762.044502][T15176] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2273'.
[  762.053581][T15176] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2273'.
[  762.161685][ T9639] usb 2-1: Using ep0 maxpacket: 16
[  762.180163][ T9639] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  762.205548][ T9639] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  762.219291][ T9639] usb 2-1: config 0 has no interface number 0
[  762.225463][ T9639] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0xB has invalid maxpacket 2560, setting to 1024
[  762.236787][ T9639] usb 2-1: config 0 interface 8 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  762.247049][ T9639] usb 2-1: config 0 interface 8 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  762.514556][ T9639] usb 2-1: New USB device found, idVendor=0586, idProduct=1500, bcdDevice=2e.97
[  762.523675][ T9639] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.531966][ T9639] usb 2-1: Product: syz
[  762.536127][ T9639] usb 2-1: Manufacturer: syz
[  762.540689][ T9639] usb 2-1: SerialNumber: syz
[  762.637239][T15187] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  762.845188][ T9639] usb 2-1: config 0 descriptor??
[  762.874997][ T9639] omninet 2-1:0.8: required endpoints missing
[  763.244090][ T5980] usb 2-1: USB disconnect, device number 73
[  763.282531][ T9639] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  763.441713][ T9639] usb 3-1: Using ep0 maxpacket: 32
[  763.455324][ T9639] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  763.472859][ T9639] usb 3-1: config 0 has no interface number 0
[  763.483574][ T9639] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  763.501806][ T9639] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  763.510038][ T9639] usb 3-1: Product: syz
[  763.514869][ T9639] usb 3-1: Manufacturer: syz
[  763.519825][ T9639] usb 3-1: SerialNumber: syz
[  763.531267][ T9639] usb 3-1: config 0 descriptor??
[  763.547486][ T9639] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  763.756960][ T9639] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  763.791708][ T9639] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  763.984401][T15200] FAULT_INJECTION: forcing a failure.
[  763.984401][T15200] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  764.011582][T15200] CPU: 0 UID: 0 PID: 15200 Comm: syz.1.2281 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  764.011610][T15200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  764.011620][T15200] Call Trace:
[  764.011627][T15200]  <TASK>
[  764.011634][T15200]  dump_stack_lvl+0x16c/0x1f0
[  764.011687][T15200]  should_fail_ex+0x512/0x640
[  764.011708][T15200]  _copy_from_iter+0x29f/0x16f0
[  764.011731][T15200]  ? __alloc_skb+0x200/0x380
[  764.011755][T15200]  ? __pfx__copy_from_iter+0x10/0x10
[  764.011777][T15200]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  764.011813][T15200]  netlink_sendmsg+0x829/0xdd0
[  764.011834][T15200]  ? __pfx_netlink_sendmsg+0x10/0x10
[  764.011860][T15200]  ____sys_sendmsg+0xa98/0xc70
[  764.011881][T15200]  ? copy_msghdr_from_user+0x10a/0x160
[  764.011905][T15200]  ? __pfx_____sys_sendmsg+0x10/0x10
[  764.011936][T15200]  ___sys_sendmsg+0x134/0x1d0
[  764.011962][T15200]  ? __pfx____sys_sendmsg+0x10/0x10
[  764.012006][T15200]  ? __mutex_unlock_slowpath+0x100/0x800
[  764.012043][T15200]  __sys_sendmsg+0x16d/0x220
[  764.012068][T15200]  ? __pfx___sys_sendmsg+0x10/0x10
[  764.012109][T15200]  do_syscall_64+0xcd/0x4c0
[  764.012129][T15200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  764.012147][T15200] RIP: 0033:0x7f34d518ebe9
[  764.012162][T15200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  764.012179][T15200] RSP: 002b:00007f34d605e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  764.012197][T15200] RAX: ffffffffffffffda RBX: 00007f34d53b5fa0 RCX: 00007f34d518ebe9
[  764.012208][T15200] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003
[  764.012219][T15200] RBP: 00007f34d605e090 R08: 0000000000000000 R09: 0000000000000000
[  764.012230][T15200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  764.012240][T15200] R13: 00007f34d53b6038 R14: 00007f34d53b5fa0 R15: 00007ffd1e8cfe68
[  764.012264][T15200]  </TASK>
[  764.208724][T15191] netlink: 'syz.2.2278': attribute type 1 has an invalid length.
[  764.219753][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  764.319600][ T5980] usb 3-1: USB disconnect, device number 59
[  764.369920][ T5980] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  764.383819][ T5980] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  764.396136][ T5980] quatech2 3-1:0.51: device disconnected
[  764.447154][T15210] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2284'.
[  764.466856][T15210] dummy0: entered promiscuous mode
[  764.492580][T15210] dummy0: left promiscuous mode
[  764.768954][   T30] audit: type=1326 audit(1754600035.946:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f619818ebe9 code=0x7ffc0000
[  764.822935][T15217] usb usb8: usbfs: process 15217 (syz.0.2287) did not claim interface 0 before use
[  764.825416][   T30] audit: type=1326 audit(1754600035.946:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f619818d550 code=0x7ffc0000
[  764.925477][   T30] audit: type=1326 audit(1754600035.946:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f619818d550 code=0x7ffc0000
[  765.042993][   T30] audit: type=1326 audit(1754600035.946:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f619818ebe9 code=0x7ffc0000
[  765.227718][   T30] audit: type=1326 audit(1754600035.946:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f619818ebe9 code=0x7ffc0000
[  765.298993][   T30] audit: type=1326 audit(1754600035.946:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f619818ebe9 code=0x7ffc0000
[  765.474575][   T30] audit: type=1326 audit(1754600035.946:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f619818ebe9 code=0x7ffc0000
[  765.694530][   T10] libceph: connect (1)[c::]:6789 error -101
[  765.700624][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  765.702833][   T30] audit: type=1326 audit(1754600035.946:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f619818ebe9 code=0x7ffc0000
[  766.123038][T15234] ceph: No mds server is up or the cluster is laggy
[  766.169478][T15244] FAULT_INJECTION: forcing a failure.
[  766.169478][T15244] name failslab, interval 1, probability 0, space 0, times 0
[  766.182543][T15244] CPU: 0 UID: 0 PID: 15244 Comm: syz.0.2294 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  766.182565][T15244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  766.182571][T15244] Call Trace:
[  766.182577][T15244]  <TASK>
[  766.182582][T15244]  dump_stack_lvl+0x16c/0x1f0
[  766.182602][T15244]  should_fail_ex+0x512/0x640
[  766.182613][T15244]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  766.182628][T15244]  should_failslab+0xc2/0x120
[  766.182641][T15244]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  766.182652][T15244]  ? do_syscall_64+0xcd/0x4c0
[  766.182662][T15244]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.182672][T15244]  ? __alloc_skb+0x2b2/0x380
[  766.182688][T15244]  ? __pfx___mutex_lock+0x10/0x10
[  766.182700][T15244]  __alloc_skb+0x2b2/0x380
[  766.182715][T15244]  ? __pfx___alloc_skb+0x10/0x10
[  766.182735][T15244]  netlink_dump+0x19b/0xd30
[  766.182754][T15244]  ? __pfx_netlink_dump+0x10/0x10
[  766.182769][T15244]  ? rcu_is_watching+0x12/0xc0
[  766.182783][T15244]  ? kasan_quarantine_put+0x10a/0x240
[  766.182800][T15244]  ? kfree_skbmem+0x1a4/0x1f0
[  766.182814][T15244]  netlink_recvmsg+0x7dc/0xa90
[  766.182831][T15244]  ? __pfx_netlink_recvmsg+0x10/0x10
[  766.182854][T15244]  sock_recvmsg+0x1f9/0x250
[  766.182872][T15244]  ____sys_recvmsg+0x218/0x6b0
[  766.182886][T15244]  ? __pfx_____sys_recvmsg+0x10/0x10
[  766.182904][T15244]  ? __lock_acquire+0x62e/0x1ce0
[  766.182923][T15244]  ___sys_recvmsg+0x114/0x1a0
[  766.182939][T15244]  ? __pfx____sys_recvmsg+0x10/0x10
[  766.182957][T15244]  ? find_held_lock+0x2b/0x80
[  766.182979][T15244]  do_recvmmsg+0x2fe/0x750
[  766.182998][T15244]  ? __pfx_do_recvmmsg+0x10/0x10
[  766.183013][T15244]  ? ksys_write+0x190/0x250
[  766.183027][T15244]  ? __mutex_unlock_slowpath+0x163/0x800
[  766.183048][T15244]  ? __fget_files+0x20e/0x3c0
[  766.183064][T15244]  __x64_sys_recvmmsg+0x22a/0x280
[  766.183081][T15244]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  766.183103][T15244]  do_syscall_64+0xcd/0x4c0
[  766.183113][T15244]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.183124][T15244] RIP: 0033:0x7f3d4538ebe9
[  766.183133][T15244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  766.183144][T15244] RSP: 002b:00007f3d461d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  766.183154][T15244] RAX: ffffffffffffffda RBX: 00007f3d455b6090 RCX: 00007f3d4538ebe9
[  766.183161][T15244] RDX: 0000000000000002 RSI: 0000200000004380 RDI: 0000000000000007
[  766.183167][T15244] RBP: 00007f3d461d1090 R08: 0000000000000000 R09: 0000000000000000
[  766.183173][T15244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  766.183179][T15244] R13: 00007f3d455b6128 R14: 00007f3d455b6090 R15: 00007fff5804a728
[  766.183193][T15244]  </TASK>
[  766.783011][   T30] audit: type=1326 audit(1754600035.946:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f619818d550 code=0x7ffc0000
[  766.847910][   T30] audit: type=1326 audit(1754600035.946:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15214 comm="syz.4.2286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f619818ebe9 code=0x7ffc0000
[  766.915755][T15248] binder: 15247:15248 ioctl 4018620d 0 returned -22
[  767.063490][T15262] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2299'.
[  767.308323][T15269] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  768.081445][T15273] ceph: No mds server is up or the cluster is laggy
[  768.089369][T15282] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2305'.
[  769.184831][T15286] netlink: 'syz.2.2307': attribute type 21 has an invalid length.
[  769.193762][T15286] FAULT_INJECTION: forcing a failure.
[  769.193762][T15286] name failslab, interval 1, probability 0, space 0, times 0
[  769.209497][T15286] CPU: 0 UID: 0 PID: 15286 Comm: syz.2.2307 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  769.209522][T15286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  769.209531][T15286] Call Trace:
[  769.209536][T15286]  <TASK>
[  769.209543][T15286]  dump_stack_lvl+0x16c/0x1f0
[  769.209580][T15286]  should_fail_ex+0x512/0x640
[  769.209594][T15286]  ? __kmalloc_noprof+0xbf/0x510
[  769.209613][T15286]  ? fib_create_info+0x53f/0x46b0
[  769.209631][T15286]  should_failslab+0xc2/0x120
[  769.209651][T15286]  __kmalloc_noprof+0xd2/0x510
[  769.209665][T15286]  ? irq_work_queue+0xce/0x100
[  769.209689][T15286]  fib_create_info+0x53f/0x46b0
[  769.209720][T15286]  ? __pfx__printk+0x10/0x10
[  769.209738][T15286]  ? __pfx_fib_create_info+0x10/0x10
[  769.209760][T15286]  ? __mutex_trylock_common+0xe9/0x250
[  769.209790][T15286]  fib_table_insert+0x177/0x1c40
[  769.209815][T15286]  ? rcu_is_watching+0x12/0xc0
[  769.209836][T15286]  ? trace_contention_end+0xdd/0x130
[  769.209861][T15286]  ? __pfx_fib_table_insert+0x10/0x10
[  769.209890][T15286]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  769.209910][T15286]  ? rtm_to_fib_config+0x895/0x1390
[  769.209931][T15286]  ? inet_rtm_newroute+0x124/0x210
[  769.209949][T15286]  inet_rtm_newroute+0x124/0x210
[  769.209968][T15286]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  769.209995][T15286]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  769.210014][T15286]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  769.210031][T15286]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  769.210050][T15286]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  769.210071][T15286]  rtnetlink_rcv_msg+0x95e/0xe90
[  769.210090][T15286]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  769.210114][T15286]  ? ref_tracker_free+0x37c/0x830
[  769.210136][T15286]  netlink_rcv_skb+0x158/0x420
[  769.210153][T15286]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  769.210171][T15286]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  769.210197][T15286]  ? netlink_deliver_tap+0x1ae/0xd30
[  769.210229][T15286]  netlink_unicast+0x5a7/0x870
[  769.210248][T15286]  ? __pfx_netlink_unicast+0x10/0x10
[  769.210266][T15286]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  769.210299][T15286]  netlink_sendmsg+0x8d1/0xdd0
[  769.210319][T15286]  ? __pfx_netlink_sendmsg+0x10/0x10
[  769.210343][T15286]  ____sys_sendmsg+0xa98/0xc70
[  769.210364][T15286]  ? copy_msghdr_from_user+0x10a/0x160
[  769.210388][T15286]  ? __pfx_____sys_sendmsg+0x10/0x10
[  769.210419][T15286]  ___sys_sendmsg+0x134/0x1d0
[  769.210444][T15286]  ? __pfx____sys_sendmsg+0x10/0x10
[  769.210490][T15286]  ? __mutex_unlock_slowpath+0x100/0x800
[  769.210523][T15286]  __sys_sendmsg+0x16d/0x220
[  769.210558][T15286]  ? __pfx___sys_sendmsg+0x10/0x10
[  769.210600][T15286]  do_syscall_64+0xcd/0x4c0
[  769.210619][T15286]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.210637][T15286] RIP: 0033:0x7f008598ebe9
[  769.210653][T15286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  769.210670][T15286] RSP: 002b:00007f0086758038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  769.210687][T15286] RAX: ffffffffffffffda RBX: 00007f0085bb5fa0 RCX: 00007f008598ebe9
[  769.210698][T15286] RDX: 0000000020000800 RSI: 0000200000000080 RDI: 0000000000000003
[  769.210709][T15286] RBP: 00007f0086758090 R08: 0000000000000000 R09: 0000000000000000
[  769.210720][T15286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  769.210731][T15286] R13: 00007f0085bb6038 R14: 00007f0085bb5fa0 R15: 00007ffe8bdc08d8
[  769.210756][T15286]  </TASK>
[  769.811255][T15295] SELinux:  policydb magic number 0x6c65732f does not match expected magic number 0xf97cff8c
[  769.821972][T15295] SELinux: failed to load policy
[  769.842264][ T5980] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  769.974267][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  769.974290][   T30] audit: type=1400 audit(1754600041.126:1323): avc:  denied  { listen } for  pid=15288 comm="syz.0.2309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  770.001678][ T5980] usb 3-1: Using ep0 maxpacket: 32
[  770.132225][T15294] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2306'.
[  770.141328][T15294] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2306'.
[  770.295053][ T5980] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  770.934278][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.944806][ T5980] usb 3-1: config 0 descriptor??
[  770.954293][ T5980] gspca_main: sq930x-2.14.0 probing 041e:403c
[  771.176810][   T30] audit: type=1400 audit(1754600042.356:1324): avc:  denied  { accept } for  pid=15299 comm="syz.1.2311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  771.203226][T15306] netlink: 'syz.1.2311': attribute type 1 has an invalid length.
[  771.232131][   T30] audit: type=1400 audit(1754600042.406:1325): avc:  denied  { relabelfrom } for  pid=15301 comm="syz.6.2312" name="" dev="pipefs" ino=51330 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  771.281454][T15307] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  771.289521][T15307] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock
[  771.298337][T15307] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  771.306561][T15307] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock
[  771.572251][T15313] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  772.151197][T15325] syz_tun: entered allmulticast mode
[  772.598359][T15326] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  772.767243][T15318] syz_tun: left allmulticast mode
[  773.471942][ T5980] gspca_sq930x: reg_w 0105 bc00 failed -71
[  773.477895][ T5980] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[  773.505125][ T5980] usb 3-1: USB disconnect, device number 60
[  774.114990][   T30] audit: type=1400 audit(1754600045.276:1326): avc:  denied  { accept } for  pid=15334 comm="syz.6.2321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  774.567533][T15353] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  774.631314][ T5859] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  775.091870][ T5859] Bluetooth: hci1: command 0x0406 tx timeout
[  775.584652][T15365] syz.0.2328: attempt to access beyond end of device
[  775.584652][T15365] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  775.701823][T15365] EXT4-fs (nbd0): unable to read superblock
[  776.321843][   T10] usb 2-1: new low-speed USB device number 74 using dummy_hcd
[  776.495359][   T10] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  776.558274][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  776.821992][   T10] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  776.834442][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  776.922132][ T9639] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  776.996558][T15388] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2336'.
[  777.008424][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  777.090252][   T10] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  777.107605][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  777.127893][   T10] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  777.165659][ T9639] usb 7-1: Using ep0 maxpacket: 16
[  777.175674][ T9639] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[  777.193151][ T9639] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  777.211654][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  777.228368][ T9639] usb 7-1: config 0 has no interface number 0
[  777.234871][ T9639] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0xB has invalid maxpacket 2560, setting to 1024
[  777.246519][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  777.257887][ T9639] usb 7-1: config 0 interface 8 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  777.268728][ T9639] usb 7-1: config 0 interface 8 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  777.282110][   T10] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  777.289718][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  777.356323][   T10] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  777.370996][ T9639] usb 7-1: New USB device found, idVendor=0586, idProduct=1500, bcdDevice=2e.97
[  777.496273][   T30] audit: type=1400 audit(1754600048.556:1327): avc:  denied  { write } for  pid=15389 comm="syz.0.2337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  777.508885][ T9639] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.517394][   T30] audit: type=1400 audit(1754600048.566:1328): avc:  denied  { write } for  pid=15389 comm="syz.0.2337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  777.579302][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  777.580079][T15395] netlink: 'syz.0.2338': attribute type 1 has an invalid length.
[  777.596083][ T9639] usb 7-1: Product: syz
[  777.605645][   T10] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  777.617004][ T9639] usb 7-1: Manufacturer: syz
[  777.628127][ T9639] usb 7-1: SerialNumber: syz
[  777.639834][ T9639] usb 7-1: config 0 descriptor??
[  777.647613][   T10] usb 2-1: string descriptor 0 read error: -22
[  777.657680][   T10] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  777.692687][T15395] bond2: (slave veth7): Enslaving as an active interface with a down link
[  777.701725][T10400] Bluetooth: hci4: command 0x0406 tx timeout
[  777.726934][T15395] bond2: entered promiscuous mode
[  777.743617][ T9639] omninet 7-1:0.8: required endpoints missing
[  777.750273][T15395] bond2: entered allmulticast mode
[  777.756911][T15395] 8021q: adding VLAN 0 to HW filter on device bond2
[  777.756976][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.765693][   T30] audit: type=1400 audit(1754600048.946:1329): avc:  denied  { ioctl } for  pid=15394 comm="syz.0.2338" path="socket:[51685]" dev="sockfs" ino=51685 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  777.853163][   T10] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  777.979870][   T10] usb 7-1: USB disconnect, device number 3
[  778.000865][T10400] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  778.123535][T15411] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  778.170560][T15408] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2344'.
[  778.179608][T15408] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2344'.
[  778.297796][   T30] audit: type=1400 audit(1754600049.476:1330): avc:  denied  { create } for  pid=15417 comm="syz.2.2347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  778.318268][    C1] vkms_vblank_simulate: vblank timer overrun
[  778.892268][T15434] netlink: 'syz.0.2348': attribute type 2 has an invalid length.
[  778.967532][   T24] usb 3-1: new low-speed USB device number 61 using dummy_hcd
[  778.992497][T15431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2348'.
[  779.171882][ T5975] usb 2-1: USB disconnect, device number 74
[  779.194149][   T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  779.251167][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  779.378570][   T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  779.398110][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  779.419931][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  779.434439][   T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  779.463472][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  779.507534][T15448] netlink: 348 bytes leftover after parsing attributes in process `syz.4.2355'.
[  779.516654][   T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  779.516685][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  779.516710][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  779.517663][   T24] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  779.571852][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  779.582848][   T24] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  779.605141][T15450] FAULT_INJECTION: forcing a failure.
[  779.605141][T15450] name failslab, interval 1, probability 0, space 0, times 0
[  779.619533][T15450] CPU: 1 UID: 0 PID: 15450 Comm: syz.1.2356 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  779.619552][T15450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  779.619559][T15450] Call Trace:
[  779.619563][T15450]  <TASK>
[  779.619568][T15450]  dump_stack_lvl+0x16c/0x1f0
[  779.619589][T15450]  should_fail_ex+0x512/0x640
[  779.619599][T15450]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  779.619618][T15450]  should_failslab+0xc2/0x120
[  779.619631][T15450]  __kmalloc_cache_noprof+0x6a/0x3e0
[  779.619648][T15450]  ? netdevice_event+0x365/0x9d0
[  779.619668][T15450]  netdevice_event+0x365/0x9d0
[  779.619686][T15450]  ? __pfx_netdevice_event+0x10/0x10
[  779.619703][T15450]  ? __pfx_del_netdev_ips+0x10/0x10
[  779.619718][T15450]  ? __pfx_pass_all_filter+0x10/0x10
[  779.619741][T15450]  ? lockdep_rtnl_is_held+0x26/0x40
[  779.619757][T15450]  notifier_call_chain+0xbc/0x410
[  779.619773][T15450]  ? __pfx_netdevice_event+0x10/0x10
[  779.619793][T15450]  call_netdevice_notifiers_info+0xbe/0x140
[  779.619807][T15450]  unregister_netdevice_many_notify+0xf76/0x24c0
[  779.619822][T15450]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  779.619837][T15450]  ? __call_rcu_common.constprop.0+0x3f0/0xa10
[  779.619850][T15450]  ? find_held_lock+0x2b/0x80
[  779.619865][T15450]  unregister_netdevice_queue+0x305/0x3f0
[  779.619876][T15450]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  779.619891][T15450]  _cfg80211_unregister_wdev+0x64b/0x830
[  779.619906][T15450]  ieee80211_if_remove+0x250/0x400
[  779.619922][T15450]  ieee80211_del_iface+0x16/0x20
[  779.619936][T15450]  cfg80211_remove_virtual_intf+0xdd/0x2a0
[  779.619953][T15450]  nl80211_del_interface+0x106/0x190
[  779.619965][T15450]  genl_family_rcv_msg_doit+0x209/0x2f0
[  779.619979][T15450]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  779.619996][T15450]  ? bpf_lsm_capable+0x9/0x10
[  779.620012][T15450]  ? security_capable+0x7e/0x260
[  779.620025][T15450]  ? ns_capable+0xd7/0x110
[  779.620039][T15450]  genl_rcv_msg+0x55c/0x800
[  779.620053][T15450]  ? __pfx_genl_rcv_msg+0x10/0x10
[  779.620065][T15450]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  779.620078][T15450]  ? __pfx_nl80211_del_interface+0x10/0x10
[  779.620095][T15450]  ? __pfx_nl80211_post_doit+0x10/0x10
[  779.620110][T15450]  netlink_rcv_skb+0x158/0x420
[  779.620120][T15450]  ? __pfx_genl_rcv_msg+0x10/0x10
[  779.620133][T15450]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  779.620149][T15450]  ? netlink_deliver_tap+0x1ae/0xd30
[  779.620167][T15450]  genl_rcv+0x28/0x40
[  779.620177][T15450]  netlink_unicast+0x5a7/0x870
[  779.620189][T15450]  ? __pfx_netlink_unicast+0x10/0x10
[  779.620199][T15450]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  779.620220][T15450]  netlink_sendmsg+0x8d1/0xdd0
[  779.620233][T15450]  ? __pfx_netlink_sendmsg+0x10/0x10
[  779.620248][T15450]  ____sys_sendmsg+0xa98/0xc70
[  779.620261][T15450]  ? copy_msghdr_from_user+0x10a/0x160
[  779.620277][T15450]  ? __pfx_____sys_sendmsg+0x10/0x10
[  779.620296][T15450]  ___sys_sendmsg+0x134/0x1d0
[  779.620312][T15450]  ? __pfx____sys_sendmsg+0x10/0x10
[  779.620341][T15450]  ? __mutex_unlock_slowpath+0x100/0x800
[  779.620363][T15450]  __sys_sendmsg+0x16d/0x220
[  779.620379][T15450]  ? __pfx___sys_sendmsg+0x10/0x10
[  779.620404][T15450]  do_syscall_64+0xcd/0x4c0
[  779.620415][T15450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  779.620427][T15450] RIP: 0033:0x7f34d518ebe9
[  779.620436][T15450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  779.620447][T15450] RSP: 002b:00007f34d605e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  779.620458][T15450] RAX: ffffffffffffffda RBX: 00007f34d53b5fa0 RCX: 00007f34d518ebe9
[  779.620464][T15450] RDX: 000000002000c000 RSI: 0000200000000200 RDI: 0000000000000007
[  779.620471][T15450] RBP: 00007f34d605e090 R08: 0000000000000000 R09: 0000000000000000
[  779.620477][T15450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  779.620488][T15450] R13: 00007f34d53b6038 R14: 00007f34d53b5fa0 R15: 00007ffd1e8cfe68
[  779.620502][T15450]  </TASK>
[  780.009119][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.025377][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  780.036731][   T24] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  780.051799][   T24] usb 3-1: string descriptor 0 read error: -22
[  780.058020][   T24] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  780.067193][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.105691][   T24] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  780.122415][T15448] fuse: Invalid rootmode
[  780.296302][T15463] afs: Unknown parameter 'dyn$'
[  780.404594][   T30] audit: type=1400 audit(1754600051.586:1331): avc:  denied  { unmount } for  pid=14785 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  780.784194][T15472] FAULT_INJECTION: forcing a failure.
[  780.784194][T15472] name failslab, interval 1, probability 0, space 0, times 0
[  780.797084][T15472] CPU: 0 UID: 0 PID: 15472 Comm: syz.6.2364 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  780.797110][T15472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  780.797120][T15472] Call Trace:
[  780.797127][T15472]  <TASK>
[  780.797134][T15472]  dump_stack_lvl+0x16c/0x1f0
[  780.797165][T15472]  should_fail_ex+0x512/0x640
[  780.797182][T15472]  ? fs_reclaim_acquire+0xae/0x150
[  780.797208][T15472]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  780.797232][T15472]  should_failslab+0xc2/0x120
[  780.797254][T15472]  __kmalloc_noprof+0xd2/0x510
[  780.797279][T15472]  tomoyo_realpath_from_path+0xc2/0x6e0
[  780.797310][T15472]  tomoyo_mount_acl+0x664/0x850
[  780.797331][T15472]  ? bpf_ksym_find+0x127/0x1c0
[  780.797357][T15472]  ? is_bpf_text_address+0x94/0x1a0
[  780.797378][T15472]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  780.797398][T15472]  ? __kernel_text_address+0xd/0x40
[  780.797419][T15472]  ? unwind_get_return_address+0x59/0xa0
[  780.797442][T15472]  ? arch_stack_walk+0xa6/0x100
[  780.797495][T15472]  ? tomoyo_domain+0xbb/0x150
[  780.797519][T15472]  ? tomoyo_profile+0x47/0x60
[  780.797549][T15472]  tomoyo_mount_permission+0x16d/0x420
[  780.797569][T15472]  ? tomoyo_mount_permission+0x14f/0x420
[  780.797592][T15472]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  780.797637][T15472]  security_sb_mount+0x9b/0x260
[  780.797661][T15472]  path_mount+0x15f/0x1fd0
[  780.797690][T15472]  ? __pfx_path_mount+0x10/0x10
[  780.797715][T15472]  ? kmem_cache_free+0x2d1/0x4d0
[  780.797732][T15472]  ? putname+0x154/0x1a0
[  780.797759][T15472]  ? putname+0x154/0x1a0
[  780.797785][T15472]  ? __x64_sys_mount+0x28d/0x310
[  780.797806][T15472]  __x64_sys_mount+0x28d/0x310
[  780.797830][T15472]  ? __pfx___x64_sys_mount+0x10/0x10
[  780.797861][T15472]  do_syscall_64+0xcd/0x4c0
[  780.797881][T15472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.797899][T15472] RIP: 0033:0x7f123c78ebe9
[  780.797914][T15472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  780.797931][T15472] RSP: 002b:00007f123d653038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  780.797949][T15472] RAX: ffffffffffffffda RBX: 00007f123c9b6180 RCX: 00007f123c78ebe9
[  780.797961][T15472] RDX: 0000200000000180 RSI: 0000200000000300 RDI: 0000200000000080
[  780.797973][T15472] RBP: 00007f123d653090 R08: 0000000000000000 R09: 0000000000000000
[  780.797984][T15472] R10: 0000000001010480 R11: 0000000000000246 R12: 0000000000000002
[  780.797995][T15472] R13: 00007f123c9b6218 R14: 00007f123c9b6180 R15: 00007ffcf5a54208
[  780.798020][T15472]  </TASK>
[  780.798043][T15472] ERROR: Out of memory at tomoyo_realpath_from_path.
[  781.141961][ T5859] Bluetooth: hci1: unexpected event for opcode 0x041c
[  781.585981][ T9639] usb 3-1: USB disconnect, device number 61
[  782.094101][T15489] vivid-003: disconnect
[  782.099235][T15489] SELinux:  policydb version 318118309 does not match my version range 15-35
[  782.108302][T15489] SELinux: failed to load policy
[  782.599801][T15485] vivid-003: reconnect
[  782.867634][T15500] vivid-000: disconnect
[  782.879180][T15500] SELinux:  policydb version 318118309 does not match my version range 15-35
[  782.888274][T15500] SELinux: failed to load policy
[  783.495110][T15490] vivid-000: reconnect
[  784.185046][T15506] Bluetooth: hci2: command 0x0c1a tx timeout
[  784.335498][T15518] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2376'.
[  784.344732][   T30] audit: type=1400 audit(1754600055.516:1332): avc:  denied  { map } for  pid=15517 comm="syz.0.2376" path="socket:[51957]" dev="sockfs" ino=51957 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  784.368793][    C1] vkms_vblank_simulate: vblank timer overrun
[  784.391359][   T30] audit: type=1400 audit(1754600055.516:1333): avc:  denied  { accept } for  pid=15517 comm="syz.0.2376" path="socket:[51957]" dev="sockfs" ino=51957 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  784.659443][T15529] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2381'.
[  784.983101][T15536] syz.1.2380: attempt to access beyond end of device
[  784.983101][T15536] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  785.141558][T15542] overlayfs: failed to clone upperpath
[  785.150774][T10400] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  785.160542][T10400] Bluetooth: hci1: Injecting HCI hardware error event
[  785.216944][T15542] tc_dump_action: action bad kind
[  785.250707][T15542] netlink: 'syz.4.2385': attribute type 10 has an invalid length.
[  785.258935][T15542] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2385'.
[  785.270323][T15542] dummy0: entered promiscuous mode
[  785.280288][T15542] bridge0: port 3(dummy0) entered blocking state
[  785.289400][T15542] bridge0: port 3(dummy0) entered disabled state
[  785.330529][T15542] dummy0: entered allmulticast mode
[  785.461719][T10400] Bluetooth: hci1: command 0x0406 tx timeout
[  785.481379][ T5859] Bluetooth: hci1: hardware error 0x00
[  785.589504][T15556] netlink: 'syz.2.2386': attribute type 2 has an invalid length.
[  785.625325][T15556] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2386'.
[  786.011789][   T24] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  786.127385][   T30] audit: type=1400 audit(1754600057.313:1334): avc:  denied  { create } for  pid=15564 comm="syz.4.2390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  786.568023][T10400] Bluetooth: hci2: connection err: -111
[  786.721684][   T24] usb 2-1: Using ep0 maxpacket: 16
[  786.732861][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  786.745853][   T24] usb 2-1: config 3 has an invalid interface number: 106 but max is 0
[  786.754194][   T24] usb 2-1: config 3 has no interface number 0
[  786.761055][   T24] usb 2-1: config 3 interface 106 has no altsetting 0
[  786.772914][   T24] usb 2-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a
[  786.789809][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.799387][   T24] usb 2-1: Product: syz
[  786.804066][   T24] usb 2-1: Manufacturer: syz
[  786.809239][   T24] usb 2-1: SerialNumber: syz
[  787.623225][ T5859] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  789.687367][   T24] kobil_sct 2-1:3.106: KOBIL USB smart card terminal converter detected
[  789.822018][   T24] usb 2-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  789.875340][   T24] usb 2-1: USB disconnect, device number 75
[  789.900657][T15600] TCP: tcp_parse_options: Illegal window scaling value 64 > 14 received
[  789.992233][   T24] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  790.019335][   T24] kobil_sct 2-1:3.106: device disconnected
[  791.412745][   T30] audit: type=1326 audit(1754600062.583:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15623 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008598ebe9 code=0x7ffc0000
[  791.452790][T15625] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20000
[  791.640969][   T30] audit: type=1326 audit(1754600062.583:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15623 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008598ebe9 code=0x7ffc0000
[  791.853921][   T30] audit: type=1326 audit(1754600062.583:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15623 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f008598ebe9 code=0x7ffc0000
[  791.880425][   T30] audit: type=1326 audit(1754600062.583:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15623 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008598ebe9 code=0x7ffc0000
[  791.907831][T15631] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2409'.
[  791.960797][   T30] audit: type=1326 audit(1754600062.583:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15623 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f008598ebe9 code=0x7ffc0000
[  792.301900][   T30] audit: type=1326 audit(1754600062.583:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15623 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f008598ebe9 code=0x7ffc0000
[  792.392451][T15674] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2413'.
[  792.416980][T15674] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2413'.
[  792.851794][   T10] usb 2-1: new full-speed USB device number 76 using dummy_hcd
[  793.758393][T15692] vivid-003: disconnect
[  793.764853][T15692] SELinux:  policydb version 318118309 does not match my version range 15-35
[  793.773943][T15692] SELinux: failed to load policy
[  794.460568][T15689] vivid-003: reconnect
[  794.535882][T15696] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2419'.
[  794.550392][T15696] FAULT_INJECTION: forcing a failure.
[  794.550392][T15696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  794.567497][T15696] CPU: 1 UID: 0 PID: 15696 Comm: syz.6.2419 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  794.567521][T15696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  794.567530][T15696] Call Trace:
[  794.567536][T15696]  <TASK>
[  794.567543][T15696]  dump_stack_lvl+0x16c/0x1f0
[  794.567573][T15696]  should_fail_ex+0x512/0x640
[  794.567592][T15696]  _copy_from_iter+0x29f/0x16f0
[  794.567614][T15696]  ? __alloc_skb+0x200/0x380
[  794.567638][T15696]  ? __pfx__copy_from_iter+0x10/0x10
[  794.567665][T15696]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  794.567700][T15696]  netlink_sendmsg+0x829/0xdd0
[  794.567720][T15696]  ? __pfx_netlink_sendmsg+0x10/0x10
[  794.567745][T15696]  ____sys_sendmsg+0xa98/0xc70
[  794.567766][T15696]  ? copy_msghdr_from_user+0x10a/0x160
[  794.567791][T15696]  ? __pfx_____sys_sendmsg+0x10/0x10
[  794.567820][T15696]  ___sys_sendmsg+0x134/0x1d0
[  794.567847][T15696]  ? __pfx____sys_sendmsg+0x10/0x10
[  794.567897][T15696]  ? __mutex_unlock_slowpath+0x100/0x800
[  794.567933][T15696]  __sys_sendmsg+0x16d/0x220
[  794.567959][T15696]  ? __pfx___sys_sendmsg+0x10/0x10
[  794.568001][T15696]  do_syscall_64+0xcd/0x4c0
[  794.568018][T15696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.568036][T15696] RIP: 0033:0x7f123c78ebe9
[  794.568054][T15696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  794.568071][T15696] RSP: 002b:00007f123d695038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  794.568088][T15696] RAX: ffffffffffffffda RBX: 00007f123c9b5fa0 RCX: 00007f123c78ebe9
[  794.568100][T15696] RDX: 000000002000c010 RSI: 0000200000000440 RDI: 0000000000000003
[  794.568111][T15696] RBP: 00007f123d695090 R08: 0000000000000000 R09: 0000000000000000
[  794.568122][T15696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  794.568133][T15696] R13: 00007f123c9b6038 R14: 00007f123c9b5fa0 R15: 00007ffcf5a54208
[  794.568157][T15696]  </TASK>
[  795.274575][T15703] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2418'.
[  796.083799][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  796.093258][   T10] usb 2-1: unable to read config index 0 descriptor/start: -71
[  796.102016][   T10] usb 2-1: can't read configurations, error -71
[  796.602397][ T5980] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  796.761733][ T5980] usb 7-1: Using ep0 maxpacket: 8
[  796.957821][ T5980] usb 7-1: unable to get BOS descriptor or descriptor too short
[  797.087113][ T5980] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  797.196038][ T5980] usb 7-1: config 4 has 0 interfaces, different from the descriptor's value: 1
[  797.214503][ T5980] usb 7-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  797.226709][ T5980] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  797.241890][ T5980] usb 7-1: Manufacturer: syz
[  797.246495][ T5980] usb 7-1: SerialNumber: syz
[  797.413362][ T5859] Bluetooth: hci5: link tx timeout
[  797.419531][ T5859] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  797.511688][ T9639] ------------[ cut here ]------------
[  797.517404][ T9639] refcount_t: underflow; use-after-free.
[  797.538132][T15710] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2421'.
[  797.560658][ T9639] WARNING: CPU: 0 PID: 9639 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
[  797.570164][ T9639] Modules linked in:
[  797.574766][ T9639] CPU: 0 UID: 0 PID: 9639 Comm: kworker/0:0 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  797.586566][ T9639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  797.596862][ T9639] Workqueue: md_misc mddev_delayed_delete
[  797.603088][ T9639] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  797.609274][ T9639] Code: ff 89 de e8 a8 f0 d8 fc 84 db 0f 85 66 ff ff ff e8 bb f5 d8 fc c6 05 3c c2 b0 0b 01 90 48 c7 c7 00 80 15 8c e8 47 94 97 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 98 f5 d8 fc 0f b6 1d 17 c2 b0 0b 31
[  797.629080][ T9639] RSP: 0018:ffffc90003a8fc10 EFLAGS: 00010286
[  797.635475][ T9639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a3358
[  797.643967][ T9639] RDX: ffff88802759a440 RSI: ffffffff817a3365 RDI: 0000000000000001
[  797.647567][T15710] dummy0: entered promiscuous mode
[  797.652028][ T9639] RBP: ffff888069548130 R08: 0000000000000001 R09: 0000000000000000
[  797.665118][ T9639] R10: 0000000000000001 R11: fffffffffffd4e88 R12: ffff888069548134
[  797.673102][ T9639] R13: dffffc0000000000 R14: ffff888069548130 R15: ffffc90003a8fd10
[  797.681071][ T9639] FS:  0000000000000000(0000) GS:ffff8881246c4000(0000) knlGS:0000000000000000
[  797.690121][ T9639] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  797.696718][ T9639] CR2: 0000555593765808 CR3: 000000006a6b9000 CR4: 00000000003526f0
[  797.704788][ T9639] Call Trace:
[  797.708057][ T9639]  <TASK>
[  797.710995][ T9639]  kobject_put+0x230/0x5a0
[  797.715490][ T9639]  process_one_work+0x9cc/0x1b70
[  797.720466][ T9639]  ? __pfx_process_one_work+0x10/0x10
[  797.725970][ T9639]  ? assign_work+0x1a0/0x250
[  797.730624][ T9639]  worker_thread+0x6c8/0xf10
[  797.735262][ T9639]  ? __kthread_parkme+0x19e/0x250
[  797.740311][ T9639]  ? __pfx_worker_thread+0x10/0x10
[  797.745477][ T9639]  kthread+0x3c5/0x780
[  797.749548][ T9639]  ? __pfx_kthread+0x10/0x10
[  797.754162][ T9639]  ? rcu_is_watching+0x12/0xc0
[  797.758914][ T9639]  ? __pfx_kthread+0x10/0x10
[  797.763509][ T9639]  ret_from_fork+0x5d4/0x6f0
[  797.768083][ T9639]  ? __pfx_kthread+0x10/0x10
[  797.772671][ T9639]  ret_from_fork_asm+0x1a/0x30
[  797.777425][ T9639]  </TASK>
[  797.780427][ T9639] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  797.787678][ T9639] CPU: 0 UID: 0 PID: 9639 Comm: kworker/0:0 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  797.799360][ T9639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  797.809384][ T9639] Workqueue: md_misc mddev_delayed_delete
[  797.815083][ T9639] Call Trace:
[  797.818337][ T9639]  <TASK>
[  797.821240][ T9639]  dump_stack_lvl+0x3d/0x1f0
[  797.825806][ T9639]  vpanic+0x6e8/0x7a0
[  797.829776][ T9639]  ? __pfx_vpanic+0x10/0x10
[  797.834257][ T9639]  ? refcount_warn_saturate+0x14a/0x210
[  797.839784][ T9639]  panic+0xca/0xd0
[  797.843491][ T9639]  ? __pfx_panic+0x10/0x10
[  797.847885][ T9639]  ? check_panic_on_warn+0x1f/0xb0
[  797.852963][ T9639]  check_panic_on_warn+0xab/0xb0
[  797.857869][ T9639]  __warn+0xf6/0x3c0
[  797.861731][ T9639]  ? preempt_schedule_notrace+0x62/0xe0
[  797.867251][ T9639]  ? refcount_warn_saturate+0x14a/0x210
[  797.872766][ T9639]  report_bug+0x3c3/0x580
[  797.877079][ T9639]  ? refcount_warn_saturate+0x14a/0x210
[  797.882595][ T9639]  handle_bug+0x184/0x210
[  797.886895][ T9639]  exc_invalid_op+0x17/0x50
[  797.891377][ T9639]  asm_exc_invalid_op+0x1a/0x20
[  797.896208][ T9639] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  797.902341][ T9639] Code: ff 89 de e8 a8 f0 d8 fc 84 db 0f 85 66 ff ff ff e8 bb f5 d8 fc c6 05 3c c2 b0 0b 01 90 48 c7 c7 00 80 15 8c e8 47 94 97 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 98 f5 d8 fc 0f b6 1d 17 c2 b0 0b 31
[  797.921940][ T9639] RSP: 0018:ffffc90003a8fc10 EFLAGS: 00010286
[  797.927994][ T9639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a3358
[  797.935948][ T9639] RDX: ffff88802759a440 RSI: ffffffff817a3365 RDI: 0000000000000001
[  797.943905][ T9639] RBP: ffff888069548130 R08: 0000000000000001 R09: 0000000000000000
[  797.951869][ T9639] R10: 0000000000000001 R11: fffffffffffd4e88 R12: ffff888069548134
[  797.959824][ T9639] R13: dffffc0000000000 R14: ffff888069548130 R15: ffffc90003a8fd10
[  797.967774][ T9639]  ? __warn_printk+0x198/0x350
[  797.972517][ T9639]  ? __warn_printk+0x1a5/0x350
[  797.977269][ T9639]  kobject_put+0x230/0x5a0
[  797.981664][ T9639]  process_one_work+0x9cc/0x1b70
[  797.986594][ T9639]  ? __pfx_process_one_work+0x10/0x10
[  797.991942][ T9639]  ? assign_work+0x1a0/0x250
[  797.996502][ T9639]  worker_thread+0x6c8/0xf10
[  798.001067][ T9639]  ? __kthread_parkme+0x19e/0x250
[  798.006067][ T9639]  ? __pfx_worker_thread+0x10/0x10
[  798.011147][ T9639]  kthread+0x3c5/0x780
[  798.015187][ T9639]  ? __pfx_kthread+0x10/0x10
[  798.019761][ T9639]  ? rcu_is_watching+0x12/0xc0
[  798.024496][ T9639]  ? __pfx_kthread+0x10/0x10
[  798.029055][ T9639]  ret_from_fork+0x5d4/0x6f0
[  798.033616][ T9639]  ? __pfx_kthread+0x10/0x10
[  798.038190][ T9639]  ret_from_fork_asm+0x1a/0x30
[  798.042932][ T9639]  </TASK>
[  798.046118][ T9639] Kernel Offset: disabled
[  798.050415][ T9639] Rebooting in 86400 seconds..