last executing test programs:

6m25.92620538s ago: executing program 1 (id=598):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x7, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @broadcast}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x5, 0x0, 0x700, 0x0, 0x18}}}}}, 0x36)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x7, 0xc}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x1, 0xb, 0x5}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000340), &(0x7f0000000380)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000280), 0xa, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'erspan0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, 0x0, 0x0)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000080)=@getchain={0x2c, 0x66, 0x400, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0xe, 0x2}, {0x3}, {0x10, 0xa}}, [{0x8, 0xb, 0x240}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2400c0c0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40088c0)
r7 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310)

6m24.285102303s ago: executing program 1 (id=603):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000fef000/0x1000)=nil})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000007c0)=@newtaction={0xc00, 0x30, 0x1, 0x0, 0x0, {}, [{0xbec, 0x1, [@m_police={0x884, 0x15, 0x0, 0x0, {{0xb}, {0x80c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1800, 0x2, 0x531, 0xe1, 0x0, 0x8, 0x10, 0x0, 0x7fffffff, 0x8, 0x2, 0xff, 0x7, 0x800, 0x5, 0x2, 0x5e, 0x6, 0x101, 0xfffffffc, 0x1fe0000, 0xe0000000, 0x2, 0x3, 0x1, 0x80000001, 0xc7, 0x7f, 0x8, 0x9, 0x4160, 0x10001, 0x0, 0x1, 0x9, 0x8, 0x7eaf, 0x8, 0x5, 0x5, 0xf9, 0x2754, 0x10001, 0x800, 0x7, 0x8, 0x6, 0x7fffffff, 0xd, 0x7, 0x7ff, 0x3, 0x6, 0x4, 0x3, 0x81, 0x4, 0x6, 0x2, 0x5, 0x0, 0x3, 0x401, 0x5, 0x3c, 0x1, 0xc677, 0x546, 0x10001, 0x9, 0x3f78, 0xf07, 0x3, 0x3, 0x2, 0xffffffff, 0x10000, 0xfffffff7, 0x80000001, 0x81, 0x7, 0x0, 0x3, 0x5, 0x7f, 0x6, 0x8, 0x7, 0xc6, 0xb25, 0x8, 0xb, 0x4, 0x5b9b, 0x8, 0x2, 0xfe000000, 0x401, 0x10000000, 0x15, 0x4, 0x7d344b49, 0xfffffff4, 0x6d, 0x2ec7, 0x41e, 0xfffffffc, 0x2, 0x5, 0x4, 0x101, 0x40, 0x6, 0x1, 0xfffffffe, 0xfff, 0x8, 0xd92, 0x4, 0x2, 0x8, 0xffff, 0xfffffffc, 0x1, 0xfffffffb, 0x10001, 0x2, 0xae85, 0x0, 0x0, 0x5, 0x7, 0x2, 0x5, 0x0, 0x5, 0x4, 0x0, 0x10b1, 0x3, 0x3, 0x8, 0x7, 0x3542, 0x6, 0x40, 0x101, 0x9, 0xfffffffa, 0x8, 0x81, 0x4, 0x6, 0x6, 0x7, 0x10, 0x7179, 0x8, 0x6, 0xfffffffd, 0x3, 0x5, 0x0, 0xb85, 0xffffffff, 0x8, 0x0, 0xffffff47, 0xffff8001, 0x63b, 0xe, 0x3, 0x0, 0x8, 0xff, 0x8, 0x7d49, 0x4, 0x5ea8, 0x9, 0x3, 0x4, 0x80, 0x3, 0x0, 0x9, 0x1, 0xa, 0x1, 0xfffffffc, 0x3, 0x6, 0x9, 0x9, 0xbfd2, 0x5, 0x80000001, 0x3, 0x8001, 0x7fff, 0x8000, 0x8000, 0x0, 0x8c, 0x9, 0x8001, 0x80, 0x3, 0x8, 0xffff, 0xe, 0x2, 0x5, 0xbbda, 0x5, 0x9, 0x1, 0x1, 0x0, 0x54, 0x0, 0x200, 0x3, 0x7, 0x4, 0x28d2, 0x4, 0x4, 0x6, 0x5, 0x3, 0x7ff, 0x1, 0x8, 0x70, 0x0, 0x7, 0x0, 0x7ff, 0xa1b, 0x7, 0x2, 0x8, 0x5, 0x7, 0xe7, 0xc51, 0x3, 0x492dd4bb, 0x3b, 0x845a, 0x6, 0x6e, 0x9, 0x1000, 0xfffff801]}], [], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x200, 0xffff, 0x24, 0x7, 0x6, 0x0, 0x1e00, 0x5, 0x80000001, 0x7fffffff, 0x2, 0x5, 0xd800000, 0x7ff, 0x4, 0x4, 0x3, 0xbaa6, 0x0, 0x4, 0x2, 0x39, 0x1, 0x7f, 0x2, 0xd7a, 0xd, 0x5fc, 0x837d, 0x39, 0x1ff, 0xb0, 0xf, 0x2, 0x7, 0x4, 0x2cb6ad4e, 0x3de, 0x6, 0x2, 0x8b, 0x4, 0x9, 0x8, 0xfff, 0x191, 0x0, 0xb00, 0x20000, 0x5, 0x3, 0x7, 0x8, 0x7, 0x2, 0x6, 0x80000001, 0x101, 0x2, 0x3, 0xd2, 0x5, 0x4, 0xe8, 0x4df, 0x80de, 0x4, 0x9, 0x6800, 0x40, 0x1, 0x4000000, 0x5, 0x400, 0x6, 0xe, 0x800, 0x0, 0x2, 0x3, 0x5, 0x17f, 0x2, 0x5, 0x7f9, 0x6, 0x3, 0xfff, 0x5, 0x81, 0x7f, 0xf, 0xa9f, 0x7, 0x5, 0x3ff, 0x3ff, 0xfffe000, 0xffffffff, 0x200, 0x9, 0x2, 0x75, 0x7fff, 0x10001, 0xd06a, 0xfff, 0x81, 0x8, 0x2, 0x9dd4, 0xa, 0x600000, 0x6a7875c5, 0x6, 0x401, 0x7, 0x2491, 0x0, 0x881, 0x4, 0x7, 0xb4, 0x0, 0x4, 0x10, 0x2, 0x3, 0x1, 0x8, 0x1, 0x0, 0x80, 0xa7, 0xd5e, 0x3, 0x7, 0x5, 0x19, 0x8, 0x9, 0x7, 0x0, 0x3, 0xff, 0x6, 0x40, 0x8, 0x3ff, 0x0, 0x9, 0x59, 0x9, 0x7, 0xee52, 0x8001, 0x82a, 0x401, 0xad, 0x1e, 0x9, 0x6, 0x61, 0xe, 0xbe, 0x8, 0x9, 0x7c03, 0xc2, 0x80dc, 0x9, 0x6000, 0xd, 0x3, 0xea6, 0x8, 0x8, 0x2, 0x400, 0x7, 0x7ff, 0x81, 0xbe, 0xdf5e, 0x6, 0x2, 0x59341803, 0x0, 0x7, 0xffffffff, 0x9, 0x9, 0x8, 0x80000000, 0x27ca, 0x28a4511c, 0x51c, 0xe, 0x1, 0x9, 0x9, 0x5, 0x80000000, 0x6, 0x6, 0x0, 0x7, 0x80000001, 0xefab, 0x80, 0xb7a1, 0x1ff, 0x0, 0x8, 0xff, 0x3, 0x12, 0x6, 0xbc59, 0x9, 0xab, 0x8, 0xf5, 0x9, 0xfffffffd, 0x7ff, 0x7ff, 0x1d37, 0x800, 0x7, 0x7, 0xfffffe01, 0x8, 0x7df, 0x7, 0x100, 0x0, 0x6, 0xfff, 0x7ff, 0xc418, 0x0, 0x80000001, 0x3, 0x469, 0x11e02897, 0x547dc0f4, 0x4, 0x1, 0xffc00000, 0x0, 0x6, 0x6, 0x4]}]]}, {0x4e, 0x6, "339b86a183600b492823c792a9a7b4e9cd7377e686c4bc06fb703db60b248e1173729d9178d9d48d1f2697edc8e3d6c95056f0bc7154ef230f6ac3e2ab84a5fd3e89eaf0a0978108a5ec"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_bpf={0xd0, 0x2, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x4}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2, 0x0, 0x8, 0x1, 0x4e}}]}, {0x86, 0x6, "0361e748448d0a97167685d8112cf4cba4331422c47f39bd81b6852468bd88a1411bc72be8bf341d9e71f75fa357ef31c6856003db2218d3cef2e164bc125537bc758f6cb24b095b258ce89e33db2f3bde4554aa6c2f72d4b5d04bd71d64dfc2117f490177dde0e91bc53f3ea48cf29b1d6711308c932f41534a123328135d78953d"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_csum={0x4c, 0x11, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x6, 0x6, 0xb, 0x1ff}, 0x5f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0xb8225112d9d92090, 0x3}}}}, @m_mirred={0x144, 0x9, 0x0, 0x0, {{0xb}, {0x84, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1a6f24f3, 0x8, 0x6, 0x1, 0x4800}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x786, 0x3, 0xb2105a94def58939, 0x81, 0x256461c9}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0x800, 0x20000000, 0x9, 0x400}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0xf, 0x20000000, 0x9, 0x1}, 0x1}}]}, {0x98, 0x6, "b5a090123e4ec9a88272ca743b34a97cfb023cd178aea389180968de456c2f8cb8ebd70bccccf8dac15e0608df2c44cf21408f83fad52348b822812e9636e895e50e2722bfdf971d8bd7ff5e7bcb38acca1b0b5fbeef05f28f16b2f1769a02d334e12240fb49e936ea038eab1ecd12970bf95d54beea3751a7d2a2c0e63a8608ff00a87cbe98c92a7b75534fb226ffb7e4f6d3eb"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_tunnel_key={0x104, 0x7, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @multicast1}]}, {0xa3, 0x6, "7c74cd30dd01c65f186e988888386371969981e35fca88d9a1995384396e08ebc54ca55704bc2da4dade07ecf593bd771cde3598b0ed4cc0d777d9a3bcc37e120509db729ee85965112bce1edb8e57ece44b5090c0b18514a2b4aeed516ecb2a5e83ddcfb5d1c85868bc0addf3757d093ef802ccf2ad8da41478f35f2af9b67d2c2f6e7b2d373919ff3a1bb41d1f0e257ceee1aec5cdf6c8891a5c33ff4a0a"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}, 0xc00}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f00000003c0)=@nullb, r4, &(0x7f00000004c0)='./cgroup.cpu/cgroup.procs\x00')
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r6 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendfile(r6, r0, 0x0, 0x3a)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000180)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x92, 0x3, 0x1, 0x4, 0x30, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x2}, [@extension_unit={0xd, 0x24, 0x8, 0x4, 0x7fff, 0xf1, "f68723e259bb"}, @feature_unit={0xf, 0x24, 0x6, 0x5, 0x5, 0x4, [0x2, 0x7, 0x7, 0x1], 0x7f}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x80, 0x3, 0x6, 0x1}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x4, 0x4, 0x5, {0x7, 0x25, 0x1, 0x82, 0x1, 0x11}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x0, 0x2, 0xc, 0x6}, @as_header={0x7, 0x24, 0x1, 0x9, 0x9, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x3, 0x7, 0xb8, {0x7, 0x25, 0x1, 0x82, 0x3, 0x6}}}}}}}]}}, 0x0)

6m19.952323921s ago: executing program 1 (id=623):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00'})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000048000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000408000140000000000900010073797a300000000008000a400000000284000000060a010400000000000000000100000008000b40000000000900010073797a30"], 0x124}}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000000)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x8800, 0x0)
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000000340))
readv(r6, &(0x7f0000003400)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {0x0}, {0x0}, {0x0}], 0x4)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x141000)

6m16.509709656s ago: executing program 1 (id=636):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000001500)={0xc, 0xe, &(0x7f0000001280)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x103b02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$inet_mptcp(0x2, 0x1, 0x106)
io_uring_setup(0xd6c, &(0x7f0000000080)={0x0, 0xf6fe, 0x800, 0x3, 0x23a})
close_range(r1, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000040)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @private1, @remote, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x3a}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0)

6m15.098390064s ago: executing program 1 (id=639):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x6}, 0x10)
getsockopt$bt_hci(r0, 0x84, 0x84, &(0x7f0000000040)=""/4146, &(0x7f0000000000)=0x1032)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES32], 0x0)

6m14.974421379s ago: executing program 1 (id=641):
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000000)={r4, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000004c0)={0x6, 0x200, 0x0, 0x3, r4}, 0x10)
ioctl$IOCTL_STOP_ACCEL_DEV(r0, 0x40096101, &(0x7f0000000480)={{&(0x7f0000000400)={'Accelerator\x00', {&(0x7f0000000100)=@adf_str={@format={'Dc', '0', 'RingRx\x00'}, {"0f1e1a72463e5dc796fef683680f51f033c4d0ffe59560c580180fae92be23e32d780f4813758b2b2b4846a4344c8be464c6170424d5b0e1cdb7584a91128dd1"}, {&(0x7f0000000040)=@adf_str={@bank={'Bank', '3', 'CoreAffinity\x00'}, {"44f34be0c71269c0f5cf7fc486feae5fcc8f0347c4aa637a9016b5f94031812524572ce3b154793941606eca463ef7378615f684057a43ac0a8e7fe50284792e"}}}}}, {&(0x7f0000000380)={'Accelerator\x00', {&(0x7f00000002c0)=@adf_hex={@normal='NumberCyInstances\x00', {0x7}, {&(0x7f0000000200)=@adf_hex={@normal='NumberCyInstances\x00', {0x3}}}}}}}}}, 0x8})
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0x541b, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x3a, 0x4, 0x40000000)

6m14.7772848s ago: executing program 32 (id=641):
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000000)={r4, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000004c0)={0x6, 0x200, 0x0, 0x3, r4}, 0x10)
ioctl$IOCTL_STOP_ACCEL_DEV(r0, 0x40096101, &(0x7f0000000480)={{&(0x7f0000000400)={'Accelerator\x00', {&(0x7f0000000100)=@adf_str={@format={'Dc', '0', 'RingRx\x00'}, {"0f1e1a72463e5dc796fef683680f51f033c4d0ffe59560c580180fae92be23e32d780f4813758b2b2b4846a4344c8be464c6170424d5b0e1cdb7584a91128dd1"}, {&(0x7f0000000040)=@adf_str={@bank={'Bank', '3', 'CoreAffinity\x00'}, {"44f34be0c71269c0f5cf7fc486feae5fcc8f0347c4aa637a9016b5f94031812524572ce3b154793941606eca463ef7378615f684057a43ac0a8e7fe50284792e"}}}}}, {&(0x7f0000000380)={'Accelerator\x00', {&(0x7f00000002c0)=@adf_hex={@normal='NumberCyInstances\x00', {0x7}, {&(0x7f0000000200)=@adf_hex={@normal='NumberCyInstances\x00', {0x3}}}}}}}}}, 0x8})
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0x541b, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x3a, 0x4, 0x40000000)

5m1.822530173s ago: executing program 3 (id=921):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
dup(r0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="f3c5f60ba0b9aaaaaa310a5ee7e8aaaaaa86dd60fe288f00002b00fe8000000000000000000000000000aafe80000000000000000000"], 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000540)={0x2, @win={{0x2, 0x1, 0x80000000, 0xcb81}, 0x1, 0x9, &(0x7f00000007c0)={{0x4, 0xf, 0xbaf, 0x8000}}, 0x7f, 0x0, 0x6}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000005c0)=ANY=[@ANYBLOB="010000001000f000150001c0505fe8a60999e5a7f40b00359a14c3b3b3247f117f2b8530863f7a558ad20c866c1b7cb724623e4cdb9470fbaa7e38c8a8e918595f82300f2b4f80745871db7def3b1ff4cd6731b0e4ef0eaca6a51c7f"])
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000100)={0x4, r5})
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x30, r7, 0x1, 0x0, 0x1, {{}, {}, {0x14, 0x19, {0xfffbfffe, 0x0, 0x7, 0xc1}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4000000)

5m1.690332235s ago: executing program 3 (id=923):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x2040, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r0, 0xc00864c0, &(0x7f0000000140))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, 0x0, 0x0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)
prctl$PR_SCHED_CORE(0x2a, 0x1, 0x0, 0x2, 0x0)
r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r5, &(0x7f0000000040)='westwood\x00', 0x9)

4m59.848823534s ago: executing program 3 (id=926):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4004, <r2=>r0, 0x2})
mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x2000000)

4m59.638282927s ago: executing program 3 (id=928):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
close(r0)
socket(0x11, 0x800000003, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x10)
r2 = getpid()
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d10501200006010203010902120008000000000904"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f00000003c0)={0x44, &(0x7f00000001c0)={0x40, 0x1b, 0x2, "e1b9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r7)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r7, 0x3b82, &(0x7f00000002c0)={0x18, r8, 0x2, 0x0, &(0x7f0000000240)=[{0xffffffffffffffff, 0x3}, {0x3a00, 0xffffffffbe202872}]})
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000010140)=ANY=[], 0xffdd)
socket$nl_route(0x10, 0x3, 0x0)

4m56.347315003s ago: executing program 3 (id=938):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$EXT4_IOC_MIGRATE(r1, 0xff01)

4m54.764908143s ago: executing program 3 (id=942):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f00000000c0))
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1) (async)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f00000000c0)) (async)

4m54.346153505s ago: executing program 33 (id=942):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f00000000c0))
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1) (async)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f00000000c0)) (async)

2m46.986530444s ago: executing program 2 (id=1377):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = creat(&(0x7f0000019080)='./file0\x00', 0xecf86c37d530494c)
close(r0)
syz_clone3(&(0x7f0000001240)={0x200200000, 0x0, 0x0, 0x0, {0x3e}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
io_setup(0x1fc, &(0x7f0000000380))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x1c0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x1c8, 0x4, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000005c0)={'gre0\x00', &(0x7f0000000680)={'syztnl0\x00', <r6=>0x0, 0x7, 0x20, 0xef8, 0x8001, {{0x1f, 0x4, 0x0, 0x4, 0x7c, 0x67, 0x0, 0x2, 0x2f, 0x0, @empty, @loopback, {[@noop, @rr={0x7, 0xb, 0xbb, [@empty, @private=0xa010101]}, @end, @rr={0x7, 0x7, 0x18, [@rand_addr=0x64010101]}, @timestamp_prespec={0x44, 0x44, 0xbb, 0x3, 0x4, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@multicast2, 0x5}, {@rand_addr=0x64010101, 0x800}, {@dev={0xac, 0x14, 0x14, 0x27}, 0xeec3}, {@multicast1}, {@broadcast, 0xffff}, {@multicast1, 0x8}, {@empty, 0x5b}]}, @end, @ssrr={0x89, 0xf, 0x45, [@remote, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0xb}]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000600)={'tunl0\x00', &(0x7f0000000740)={'erspan0\x00', r6, 0x8000, 0x0, 0xa, 0x2, {{0x21, 0x4, 0x3, 0x21, 0x84, 0x65, 0x0, 0x3, 0x29, 0x0, @multicast1, @private=0xa010101, {[@ssrr={0x89, 0x1f, 0x59, [@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @private=0xa010102, @remote, @broadcast, @rand_addr=0x64010100]}, @timestamp_addr={0x44, 0x1c, 0x4a, 0x1, 0x7, [{@multicast1, 0x5}, {@loopback, 0xffffff82}, {@empty, 0x80000001}]}, @cipso={0x86, 0x35, 0x1, [{0x2, 0xe, "eff0c4a19ed4e5cbe2b90092"}, {0x7, 0x2}, {0x5, 0x7, "6dc7a94538"}, {0x1, 0xb, "8f74da3cccb46000fd"}, {0x7, 0xd, "2a492a506acf772e733be1"}]}]}}}}})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = dup(r9)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r10, 0x4018aee3, &(0x7f0000000480)=@attr_arm64={0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

2m45.292385144s ago: executing program 2 (id=1380):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x80000, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000080)='b:::\x00\xf9L\xa4\xf8G\xd4\xcc\xcc\x19\x0f\xc6\xaf\xb5n~\xb4\x0f\xa9\b\xa4\x1d\v\xdd\xc9\xc7\xef\x86s\xbc\xfcI\x89\xd1\xe8\xfa\x82_\xd1\xe4_\xac\xaf\xb9\xb2\xca\xae\xcf\x1dc\xa7o\x9dC\x87\xfd\xf8\x8a\x84\xf1\x1dY\xb3,~', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)

2m44.118334702s ago: executing program 2 (id=1386):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000060", @ANYRES16=r3, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x24000040}, 0x0)

2m43.26625568s ago: executing program 2 (id=1389):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
readv(r2, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"})
r3 = syz_open_pts(r2, 0x101)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0xfffffffffffffffc)
r4 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
ioctl$TCSETA(r3, 0x5406, &(0x7f0000000080)={0xfff9, 0x0, 0x1, 0x81, 0x0, "94afaeeb31b3f8d0"})
add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f00000019c0)='s', 0x1, 0xfffffffffffffffe)
keyctl$read(0xb, r4, &(0x7f00000002c0)=""/117, 0xffffffffffffff34)
r5 = dup3(r3, r2, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000011000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x41, 0x0, 0x0)

2m42.279335398s ago: executing program 2 (id=1394):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='net/wireless\x00')
kexec_load(0x100000000000000, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0)
kexec_load(0x0, 0x0, 0x0, 0x0)
kexec_load(0x4, 0x6, &(0x7f0000001800)=[{&(0x7f0000000200)="7a4773bf009cf230f4f519a6cbb48af112b3a73fd80583ac31eedc55a57d0b26cbe59761bf48904422e51d94dd33c21445ef6435478017930d6dc92fd5f899", 0x3f, 0x9, 0xfffffffffffeffff}, {&(0x7f0000000480)="1d6e8c8b3e538ad2b917cce4d680dbf39b1b952fc38e34e22a5ee2994d1cc2f68dd7b27779b955b5f3000e89d01b7b572f427df39037fad2a8bf7c87167419c7be0276c8282db394d736095b9348a345fea595c4b4a577e6b3cde8445608982d269f325609a60fef579c4a69bcfe152c3d1d56c65df0845c9c4d350a219abd050c2f055b74c378f80d6dba487a5115aa832831839676941dbaf4b3f2689bdb4dad9ac26dbf7bd02ab0d2345d28", 0xad, 0x8, 0x9afe720}, {&(0x7f00000002c0)="d956a7822218c69554f553ed85424bbfd4119feaeaa718ced92a3b53543a27432f491c57b2134e215ddf8550a66cf70cffdccc7b3a9d14a19f5084cfa6fb44fa", 0x40, 0x2, 0x3a39}, {&(0x7f0000000580)="9cc90f2c364befa39689ddc8d22a152bccbaa37b3f11d21d4a91855bc6366e2e7ab671864c4f55a3110adb5f9721eba2b7af276075a42c77c4bcde5705e973532404", 0x42, 0x9, 0x2d9f}, {&(0x7f0000000600)="41ed47e08d099df353578fe0f664b22343266a84f4f07aa4170962e5b775b96f063adfa6c9b40b82f6a8df03ecc62bb86c89abc4d0adffe144492bb94005ea7f9a57bb2a4331eabc6b605713d35ede587d0ceac37f083a4c3b71c732fc28a024ec603a8db4adcdd290e1ba2f33c71d692c13c98e719bd451bb519c134c2cabad9a215875d3764b86e6a0ec1ceeac9581d6d2b1edc78d1967926c29dade0cf33ce968ec2d50e1940a36531307d8f22211e61ea388972e533afdb8", 0xba, 0x81, 0x2}, {&(0x7f0000001740)="3b5d2da0c20d2dca882ce87de28be47ee330b7b61747b1101cb5572aa4df9023a73f5d1e72262f51801e5b1fd65c9d5bb965fd5dcf727e9607076c7cb4580bf1c409755179e71a894d862409c770579ef9db7a4c70dafe5c2bf9d6375faca8e35d0a7d24acb1c659969d50d9fe400d298bf981c113989a1b6c", 0x79, 0x9, 0x19}], 0x80000)
preadv(r1, &(0x7f0000000540)=[{&(0x7f00000003c0)=""/189, 0xbd}], 0x1, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000700)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x74, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$vga_arbiter(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="746180676574205043493af7a6192697d552051f3a31"], 0x16)
kexec_load(0xb3cf, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000040)="5f761b19a2", 0x5, 0x5951, 0x1800}, {&(0x7f0000000740)="bf3221fc0422b32fdd0c959285d9f47a5d5b6210182bd199f92ecd09e67004e0584528d6856de00c7242fe11f7fa4435c6eb4cf967b291a18887ceec82bcbef03e7e99b579d4f46c912815f86daf6ecf140deacfee9453dfbff25494fa4d34d11801c2802a5914c53b0c8750ff6e0d887ab3c35b1cdceb6b13a0e917a027f3b0674e0f468db44449faf93c78007502acd7df0b48b2edb94d0e43c2e4f05a853450665cc06fa35cd766b1b713fd5fc4a04a6ec99d0b17a284fd73eca8979aaaf0fe4b2c17e967d0c03c78bec44d47a45ec75b2652766682416a9e7b9cfa8c4203127a5532188284135a35b8d00bfcb55443fb5c0498405f1ced119d1c70dfe4cef1773222d065153df58555e7ee006fbd9093b56813d940b2af7964734590da962165c2517ea98eb7465f4705ebd7825f633d3973ff565aa0e1034ce9bb1ad42e0a426b52f5a0da25b056916425dce7f8c55113b8fed908fb0506c14f3d653ac7dc0c8adebbd978fe2262054c28f2696c2e71ef416881d9453cefc4d85e4e150ba034c865637fcb4cb17846d30087b9aea5ebd0ee974ba8a5422b73736f57c5c1aab38a81296103c7a537d9959c0fe78239c5c6385d24d2fd73fe00bd398d9297059dae18d012f97ef93205d0252a9ee3de135661f1af56620e0bd32c861125c73fd42715fb25655a4f43fef4e7f78df9f5fb6ea09e8d88d321d65f680f56494fe5ea5d193351cf216db3ae0fca28c1cf9bbfaf3ee3825a8e11e50ad80876ee7d06ae68d4f6b51009a956928a0a1be3e0c4f9a0d77346e35eaa15254bec5c902ef62fa56632e4c293a5417967025d3a173572b9cfc61113af7ef65c1c5ea480a72be74d17dbb108e6089a99462831e098223e1ca3098c72722def6cecbc2cd3c1b2574775ae498e4c883a00bbd3a284dbf7ed2e3017f52154d47f64c890bf77f72c3fa049c38cb83ace5823e123dd27dace958279157d40c3b9f9cbd3e2d0e0ff84fb46f19271e90e09fa4e002b47160d4bc9f8cbf4bb7e0d1ee349a5f719db0632ed5ae31536f8505c4a83d4a288befca64a1dd903b572739d1128ee4f6c2bde6051bbdd43fa65ee85d9e95cc8d3f794bdae876830d6d6cc945a5c45aa7418c01bc8d799a6b4429606cfa95720acd4b6d92d01de3b79f77aa725f38c164d1ef65a192cb85af75a3d9462e63147a2b0d42a52343ea79201afa5425eea47e62c2c8e68948935dc4f0935d4de4a1cce61103ae04f61f11b63b8606c0dded703c701fee5909b4d9844b8d174f558c33e8c37feecca47cb09e9704fd424bcd6a7d08e1e623f23d1f21ad1aa65e48aa577b83d4840f79f23cb87bd4190a760465da503e759733e528d7b6225bf45f4c64b3d0f71743dae726bb726feced3ad4e4053b641132e5b4ac0072f8664b74a2db1c880f102dbf12fbedc3b7bcfbef22c684a68b031cc473a077c18ab77a6c4fd37ef65a4278a180116f8d8ed859723e95b6bfd316cc6587b2a54cfff992b81704858f6d37229c848fc1750a2d9fc2f684573138b0043fc03a0d346bea61ada84a44713f1c8b9ca45e2cb7b13f3cbf58891f196bf876c689076b46e635352281308b6c8ec3ea6780b8f6a61ee3fade6c00a4b68bfa2b5461701240d0ef2f618f9bbe38cfb9ebd03e230f6eecef6c0e1b4546c8367a452fd2c8e9c8fb1c93c271a11bf0601d7320535e4a299c80681422f251ee3249657d2512cb28f57dad6d09226f6c84204fd7dcbc400a95291ab02219a0cef67b8e9ebf801b73f61fe8aa64fd21c4aa3704446506c15dcafeb2d470aa4a8f5bf924c9e7ee8f9aa949fb1e1d0534319fe33aae1c47aca3511774b8895de367361ea181c8aeb2501d23c85c26b0068b6c62a37bb14f93772b3483f239b4b4f8ae42d563fff414d739b26ae9eb827421a5ea8d946b176147157e7946946b083a765ada6fdc4abd15155fd5093c97f25af4447f09c3e664348c9bf99fc9d2bc8d290c3d74c2c4e2571319796cd9394c12595c180f0c00e7ccc32017f0c6618b23ea5275617fb3c6e8b51b4280783652997d59be2f9902d3d41d10fb3840e473e4e6f966067e285edd76da6519e11913658c474f748edb5e412fb65b9aed45a28f4add29f4a150f7dd11e47ea6f40aed10bdc3100b5f5e271071485bb604e20613aade39315386b3dc0419375d3bfc2e1f035b6326f6a05a53a3a3cfff73e75572a727171fc6f40ddeff4566c11d4d2eda7e89e998b88411123cfa6e9d403beb6aacaf486827b1c28bed76a936dd463cb408dbf1f86fedc7dc8435918da07028ff24c2aef134d2d8ebfe8fdab92a0351527cfefc6a813bc83bfd6ec203aee347c571b0b9f6bc6923642e2f4410945f5229c44ba8c2049439fc84b2dc7ff1307a84c25d8bd849093543b724ddb04b1ad2ba4065ff29cfac7b8827f1caab09975fbe81e42037370449ca1952438c78cc50f2a8c160e6cf64ce6db161b8d12a95cf9f6fb79ba0e4a12c2f205f27db26ab8e624926ad6827a0cfd4bc8de299ec3ad3138af2f2f2c43917122d051add5720d276311dfe8c9f9da0406c6c3d6a5f8dda606868c89839b1d95fd14110c921e343d992e70ef3cc16fe930819f588dabe1c25460d28a918c408172225a4c39a71f085a1a0e3bd7ee90f8d7a905b29d117c588bd3d95e9d6ef7871167f43ae92d4a1c8e25f60cb48e17629f3733864070d7a97611e70c509338be56fb5caf8b3a56eb438253c6b364fe05e98b2217dc55947f06c99bf98b6296b73aeef9cc8026562207f4ff1e6efaa404ac2207b622b434559151ac5cb747cc180e7fcfaf732fbe24402f0ede42dab48d65602e20d5f25597a0ed64623bba1cbd1773ace821a76a828fb77b6a7a1cc7dff5f484fee4cb1cf68c4be982d1bee8974f00f0e6ad04ec4507d39228bf5a81d3433284d5bb1cb05c96f97246ca4fe6b171ad1861e7362f366a7a7ed577387f2f9162cdc0e1ec4629eb6cceba044c3e4107776b0f993c7dec9e8661877f73fe4795f8ddba9b59085ab53dae2373422c50396b1ed87160f36d8d410548c9a31431c14d67ec795e84748fff97f37bf46c0757f6a3455a135e7f9214ab739592a55c8efce430b34af100b53808d542d08dbcdd541e8feb4020d50dc6e921f767e05efa9407d3d383b6486e31e4136c9c8864edaace9a5758c95c248117557073cb8beefba00a9da7ac163f4bcf79a5d510f66f59a13866ca15f1dc5a7985ac7f59e408453bacfc284fb6a76774fffa0e71035142cf88b091f7c0fdeb3d857d98776b176baaa07f22ffd56349d7059904f62268676a4b62812cdae8ac08de3d1736c2c88c3a2a0b43302631e4358d2089fb723483e0802a99d36abb56425035104a8909e6a10ad2476db59bcdb58ecb10e52118e7a6b32ca9806c6c9526771c4d463217fd41c4d14f06f9f41acb89e4e6391245d35af90aae9c1ea2ffefd4b4ebde9c88f74f31f13bd6b3e0649e3cffd513187ee8491dd7d3524c1ac373e0c4d3c86465e206bca16898aba9e6258790eeeff2c6efcff0011d9f446e643d99a183ff289c21300f0a2f02406e0c8d68e8a93222874baa2c44f492f098931283dea3dafa8292717e8dfa4a1cba775304e8423694d20211bbd3534a56aaa786e3fa9f131d2558f9f23de5e68812aa48f4cd4ab085eae71a1dd03e47400572271adf4d915b8297883f3eb718ccc74d0f439959d54e3575755bd175c6bfddad4eb0a9e768f066b982c44b478f5fb6a4d9140f1ea8998af9cc4e0ebf8c74892ef675e84ce428539cbc61cfdd051765dedcf1c703ffb8df305f28fa0085717472f042c26416ca7513933be651d7878b70b9f320f22ce614f406e96e6e28753942eb1db0fe1da9105ca3e477e02d088ac8e7e622f02402d084ba781c94d526edaf2eee2aa520b03f2edb494f85912e440658b98e0e8b561f40678b2369ae9455197f22fa8e05c11f6b7c5e7636f54828a16855536b60b74fa1215dbeaed057e3a4994b6cc8a13129d9d5e43e899cb8888fbaf37f830401c7f4f3504a06410b0929ffb86899d69f808af1b8c57d54878bd5ebcceff04401b524cfee0a54a8f52640d3bbc2f23dde9370217284212b6e2752ad49be1aeaba333642325643088c4bf42a56ac8689c004349a4b710e95f0bd60339079de6f4d8fbde81ee3fcb7edc36ebd1909fdc5c7451a5a6a6c2a27b755a9ff10ccbdd64b4d5593bed5b9bb93decec1ef046a7c35ccb6fed931db23c342efd0b72e951f3591b60fd08df84d999eb040033469233c0011488cc7238ec941b83813d563b766849a27e6f8eba4342d33da0da46cab144d6e7258c7f91c8ff8f4567ff80ea684aa68895431c982100b9b822d291cd0c69a555dc3c55759793d082b2a395bba6720f8c9d602dece0a1dc5285c777faba022f703fd804c47af179791e7629bbb5dea2bb736ad586ded1a9e58ca70caebc69327a35ce95470636c7a45bbfef98710e0a52cf4c5ce78d615ad36a7e9d23810132c287f173dcb1a3693e9f7a15d0c73a71f526b89b84e9a62e57b13de0a3af2e418fd26d6fbc87e3bd3b15672df4bfb3cbb752ce032e90464a459a9f735ae3d04d01adf0665187237b7e2d00dad04072f98050d98bd4fadf23965b80312bd72d24e18dfad920fb2787aa207073322036d5f39438d4c94023c31fbfa77eb2e2c7918d60e37cf732fa5e727fb00d053c0085458e0c7ef6e56d1e412067d15b8b7e04d4d01345ed10cd8f382a41d4d1ea04a54cd7a579b7e47286cf755cf5a0cfa96fc42195c940c1210767fb66b02d5cae1898326672fe19cc897b98c76675cdac966892d6ca2a0968f82f4ac35d0813a67b584620ab9ac530706c5b1849f2ab0e9b6896b7e61870066d0a0b62aeed3ff04067d73865848d543364c529177fd8dfe98d817e8de3fda704eb26a04220bef17b306087b7ef0efbe0e8f7449b0bdde6c5e2efa4d0ba0105711ee18c4e2efe173470271220ef26467610e8f56966d093bcae4761b2eae0d0e25c9de97735f4d30ba6dfbdb6580d3203593ab05cdfb671dc7c9a56db403eaab3b41c7b84e367c820dd7abc7f36351fe66d62c667c061f76072d89bbebb3b146a19b409c9c4a496ef01edaf982f86fbd19f7b60e418a1eb193e0959ee664c000617fcdb987c09094bde23a0401c83a46eb8323231616233953e24a1f84beda901e16b29a1cec064352bbbaf6eeb2ac3111af1dc805971b90c57849b96432ea5c3231ff0d3f074aa8b38d8c494c6ca5c68e2c1735d68ff6f70804fdc0cd08606cd51eaeed4cd4e8b8b6ce857056cc5979c8182234efe99f16ba10ef5cebe15d6a03ca8d6dd0c09e839852f3c9c6e2b5be8eb8d8ebfcf3030e9cc71aaeee2929f85059afed620a14288e356e2e6ac910f38939a7e9d16544652ee143f7a4e3bca6d28b068a50c8382293f4aad757b9688f05e539fc668b3b4c9ceddd11e0659a09e037e3d96a8336b87b14c6470b98a5eaab5a9f535a0f1d9787d0cc6d083470ea5f21feea3044f77eead66de133e8a1f1fb5cf7b8e8b339a96bcc190a78316e226de683f476d71f779133a9398edb8fbea22593c753d4cd549054ef19c8fb8b9fb3b6cd6be7a5e1705d40d0e438ab5b57548800591a3a9d47ebcdea20555e7d1b4545971a0ba170807a2e6c2da16ad0f7256194164a279d4f42e33b2810ec5cdc6d754df3b62951549b1c1ba8093fe8642fb54f2d9781aa540d04d05550c648855f44e3c6befcf8098b0f4d73f7c36c5f44a2ea26eaef09ad01a61d4c6e45395e", 0x1000, 0x42f3, 0x73}], 0x3c0002)

2m41.033223148s ago: executing program 2 (id=1401):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000c0000000400000001000084010000000a000000030000000000000000000000000000010500000020000000000000000000000300000000020000000200000000000000006100302e61616161006100"], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYRES16=r1], 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=unix'])
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r3 = syz_open_dev$MSR(0x0, 0x0, 0x0)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000140)={0xbf48ce7, "1803c809800000000800000000000000000000000000d63175876b4c69a600"})
r5 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x200, 0x0, 0x283}, &(0x7f00000004c0)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x18, 0x0, 0xffffffffffffffff, &(0x7f0000000200)={0x80000008}, r4, 0x3, 0x0, 0x1})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioperm(0x7, 0x81, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000018c0)={'team0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="40000000cd", @ANYRESOCT=r3, @ANYRES64=0x0, @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES16=r7, @ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x8880}, 0x2400c080)
syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x586abc7b6f5091ec, 0xfa00, {0x0, 0x0, 0x13f}}, 0xfdbc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008844)

2m25.457314622s ago: executing program 34 (id=1401):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000c0000000400000001000084010000000a000000030000000000000000000000000000010500000020000000000000000000000300000000020000000200000000000000006100302e61616161006100"], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYRES16=r1], 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=unix'])
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r3 = syz_open_dev$MSR(0x0, 0x0, 0x0)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000140)={0xbf48ce7, "1803c809800000000800000000000000000000000000d63175876b4c69a600"})
r5 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x200, 0x0, 0x283}, &(0x7f00000004c0)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x18, 0x0, 0xffffffffffffffff, &(0x7f0000000200)={0x80000008}, r4, 0x3, 0x0, 0x1})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioperm(0x7, 0x81, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000018c0)={'team0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="40000000cd", @ANYRESOCT=r3, @ANYRES64=0x0, @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES16=r7, @ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x8880}, 0x2400c080)
syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x586abc7b6f5091ec, 0xfa00, {0x0, 0x0, 0x13f}}, 0xfdbc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008844)

1m58.517282761s ago: executing program 4 (id=1142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0xffac, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000003060500000000fffffff500000000000500010007"], 0x28}}, 0x0)

1m39.948486817s ago: executing program 4 (id=1142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0xffac, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000003060500000000fffffff500000000000500010007"], 0x28}}, 0x0)

1m21.076002207s ago: executing program 4 (id=1142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0xffac, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000003060500000000fffffff500000000000500010007"], 0x28}}, 0x0)

1m0.08799455s ago: executing program 4 (id=1142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0xffac, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000003060500000000fffffff500000000000500010007"], 0x28}}, 0x0)

41.624403306s ago: executing program 4 (id=1142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0xffac, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000003060500000000fffffff500000000000500010007"], 0x28}}, 0x0)

17.649371964s ago: executing program 4 (id=1142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0xffac, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000003060500000000fffffff500000000000500010007"], 0x28}}, 0x0)

4.444611625s ago: executing program 7 (id=1883):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_pidfd_open(0x0, 0x0)
setns(r3, 0x8020000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYBLOB="010300000000000000002d"], 0x14}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c00008f7d8183c1fce5dec2a500", @ANYRES16=r6, @ANYBLOB="000227bd7000fcdbdf250c0000000c009900ffff00000f0000000900070050aeb767e3000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x10)

4.395826373s ago: executing program 0 (id=1884):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x117080, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100000001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x10d27e, 0x55)
fallocate(r2, 0x0, 0x0, 0x1001f0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)={0xbc, 0x0, 0x1, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}, [@CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xe, 0x1, 'sip-20000\x00'}}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_NAT_DST={0x48, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast2}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1b}}]}, @CTA_PROTOINFO={0x3c, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x38, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0xfd}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x6}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x10}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x49}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x9}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x8}]}}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000081)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000003680), r5)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r6, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x5c7}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0xa6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x400c020)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040), 0x0)
r7 = accept4(r3, 0x0, 0x0, 0x0)
sendto$unix(r7, &(0x7f00000004c0), 0x0, 0x4014014, 0x0, 0x0)
ioctl$TCSETA(r0, 0x8925, 0x0)
socket(0xf, 0x80000, 0x6)

3.470234329s ago: executing program 7 (id=1885):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[0x0, <r2=>0x0], &(0x7f0000000540), 0x0, 0x2, 0x0, 0x0, r1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000e00)={0x1f, r2, r1})
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x0, 0x32, 0x1, 0x20, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0xd0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
ioctl$FBIOGETCMAP(r3, 0x4604, &(0x7f0000000380)={0xd07, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BTRFS_IOC_BALANCE_CTL(r3, 0x40049421, 0x3)
ioctl$BTRFS_IOC_BALANCE_CTL(r3, 0x40049421, 0x2)
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x400400, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r4, 0xc01064c2, &(0x7f0000000140))
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x4e, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

3.365852898s ago: executing program 0 (id=1886):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x0, 0x96, 0xd1, 0xca}}]}}]}}, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01"], 0x38}}, 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000001280)='./file0\x00', 0x0, 0x0)
r3 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETVERSION(r3, 0x80044942, &(0x7f00000004c0))
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x1, 0x4800003e, r2, 0x0)

3.200531059s ago: executing program 5 (id=1887):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), 0xffffffffffffffff)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0x138, 0x11, 0x148, 0x0, 0x0, 0x238, 0x2a8, 0x2a8, 0x238, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x2000, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@inet=@ecn={{0x28}, {0x50}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x330)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_io_uring_setup(0x497, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f00000024c0)=""/102400, 0x19000)
syz_open_dev$usbfs(0x0, 0x74, 0x101301)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000040)='}\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000240)='}\x00')
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x20, 0x54}, 0x10)

3.034328893s ago: executing program 7 (id=1888):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x69, 0x0, 0x0) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f"], 0x0) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
ptrace$pokeuser(0x6, 0xffffffffffffffff, 0x0, 0xb) (async)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCFLSH(r5, 0x80045438, 0x300000000000000) (async)
sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[], 0x198}, 0x1, 0x0, 0x0, 0x48000}, 0x84) (async)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000000c0)) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.674979397s ago: executing program 6 (id=1889):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f0000000080))
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x5)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x70bd2d, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x2, r3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000000)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000761000/0x2000)=nil, 0x2000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0xd1, &(0x7f0000000040)=0x20f, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000ec563ece59c600000100000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553a9e9421400020077673000"/66], 0x4c}}, 0x0)
setuid(0xee00)
syz_clone(0x10200a00, 0x0, 0x14ac795f07787434, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r4, 0x3a, 0x41, 0x0, 0x0)

2.672302389s ago: executing program 5 (id=1890):
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, 0x0) (async)
sched_setscheduler(0x0, 0x2, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async)
sched_setaffinity(0x0, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102390, 0x18ff6)
syz_init_net_socket$ax25(0x3, 0x5, 0x0) (async)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r2], 0x1c}}, 0x0)
write$nci(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="4004043bcfe968"], 0x7) (async)
r5 = syz_clone(0x24400800, &(0x7f0000000500)="edfd7b56ee46158abd32bf29f8aa64cec048117f411beedc69ecc076112f9cf601613a6064875757d59185fa9efc385eded7dfcc8859bffd99d3c4beb38f09a7915b6e2ea388507e0e94cb64382290d35535b7acdabe3a07c44704c55571e3ecdda912a83088561c11a66a1c6982175928a8064cf61b3e0af1b850a2a78ac21dda0294f07d13ef12e9447078a22aa0a0498495fcb1b1f939cccf980402704bce6d9709b8a8", 0xa5, &(0x7f0000000440), &(0x7f0000000480), &(0x7f0000000640)="94a41ef84f5ab4973f8ebc6fa04db638bf68ed88cd3e7f0ed4a660831e746f2793b45a719bf78f69274039813066545457de3acfeaf369efd92c056381c6c0a19f2eb3e6fe3a8e5f04a90018902e94803bbe36939dd31e109982ed0b66ca9b1673c3b909985ab83364628616e2")
prctl$PR_SCHED_CORE(0x3e, 0x4, r5, 0x1, &(0x7f00000006c0)) (async)
r6 = syz_io_uring_setup(0x3c93, &(0x7f0000000380)={0x0, 0x3d95, 0x2000, 0x1, 0x32a}, &(0x7f0000000140), &(0x7f0000000280))
r7 = syz_io_uring_setup(0xfb, &(0x7f00000001c0)={0x0, 0x5, 0x40, 0x1, 0xffffffff, 0x0, r6}, &(0x7f00000000c0)=<r8=>0x0, &(0x7f0000000400)=<r9=>0x0) (async)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
syz_io_uring_submit(r8, r9, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r11, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103}) (async)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000700)={"8bbd7771306fe9149bb12f77e3f1a3e8a683982e336a0e29a7a808fce79a44b9", 0xffffffffffffffff, <r12=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r12, 0xc0303e03, &(0x7f0000000740)={"95c900b7dd967e14982fa9976af6449e05ce5a0416ed3386f295156434b36eed", 0xffffffffffffffff, <r13=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r12, 0xc0303e03, &(0x7f0000000780)={"5b38109680e22a848e3d1eac4b761128a219cd837bd96338dcfbce7bb7b4b23f", r13}) (async)
ioctl$INCFS_IOC_FILL_BLOCKS(r10, 0x80106720, &(0x7f0000000b40)={0x3, &(0x7f0000000ac0)=[{0x2, 0xd, &(0x7f0000000940)="bc7cfa6d4afc9701333c71039e", 0x1}, {0x40, 0x70, &(0x7f0000000980)="bd32c62fa7c33d63014039932b854be9a4b615bcc723ea8bd40698e21c8ae815957581dcfb0cc79f522c6153b82fc035bacc148b7971f3a873ad466c45d69f146da0653fcdbfba02dc37206cd6abad3499065a10057d3308610076d8bb3f9a7f9bba1775c4217f6f4bdf1a3e1bb02bce", 0x0, 0x1}, {0x3ff, 0x94, &(0x7f0000000a00)="b7d816bda4a3ee71ee4d2a7b8f1b9c1fe82bf115c86ffd4fd0e0c244b4aefd069497ba215d23cca039aaffdc1eff16090feedd058a53360cc68109e6f200d042654c93e9502a5172b4c6488a48f117ac12bf9ccc027f0b59178102474dd256806f679a7df400149e44428efaf53add3f27ccf20f9740690d31832047d7cd39eb68623e1aad7e8b114c8c0c4391059a21a34ce959", 0x1, 0x1}]}) (async)
r14 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r14, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9)
r15 = io_uring_setup(0x3196, &(0x7f0000000b80)={0x0, 0xcfc9, 0x10, 0x2, 0x365, 0x0, r7})
syz_io_uring_setup(0xe45, &(0x7f0000000840)={0x0, 0x3ad0, 0x4, 0x3, 0x1a8, 0x0, r15}, &(0x7f00000008c0), &(0x7f0000000900))

2.620636384s ago: executing program 7 (id=1891):
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85512, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201100153a42908f00a7172918801020301090224000106000000090402ff02ffffff0009050b0000000000000905e9"], 0x0)

2.326395545s ago: executing program 5 (id=1892):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@ipv4_newroute={0x1c, 0x18, 0x811, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0xfd, 0x0, 0xfe, 0x2}}, 0x1c}, 0x1, 0x20}, 0x0)

2.265955148s ago: executing program 6 (id=1893):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000002680)={0x2020}, 0x2020)

2.257718846s ago: executing program 5 (id=1894):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="60000000020601020000740000000000000000000900020073797a31000700000500010007000000050005000a000000140007800800134000e4000008001240ffffffff11000300686173683a69702c706f727400000000050004"], 0x60}}, 0x0)

2.181351948s ago: executing program 6 (id=1895):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001040)='net/rt_cache\x00')
lseek(r0, 0xae7d, 0xae7d) (async)
lseek(r0, 0xae7d, 0xae7d)
signalfd(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
socket(0x2a, 0x2, 0x1c00000) (async)
r2 = socket(0x2a, 0x2, 0x1c00000)
sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa1eaaaa00000000000086dd60fca33f00306700fe800000000000000000000000000000fe8000000000000000000000000000aa21000000000000000003000000000000001758090e541b64f22a8982d3f5aaacd21a0ca186608b74f1000000000000004dd2ecacbbdeaa1ded7522488c403f745c08473cb7c6162baea3febcb60665356f3cfa2513b8a29894ff5d63df8983896803a5c0b5b0d6d99254330e53e6a1daeeb9b264c226708fd09d2c862f303ece5f17efc8b5ac926e2478d728439a42eb826c674f76c36c10a8b84a1710d6c6233760d0689bb5d205a5438781cf45289d9ed318a271969ba6a476585be81b00"], 0x0)
r3 = dup2(0xffffffffffffffff, r2)
bind$ax25(0xffffffffffffffff, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
bind$ax25(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @null, 0x1}, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast]}, 0x48)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040))
socket$inet_udplite(0x2, 0x2, 0x88) (async)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, <r6=>0x0}, &(0x7f0000000280)=0x5)
setresuid(0x0, r6, 0xee01) (async)
setresuid(0x0, r6, 0xee01)
setsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000280)={{{@in6=@local, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e21, 0xc55f, 0x4e20, 0x9, 0x2, 0x0, 0x0, 0x89, 0x0, r6}, {0xffff, 0x1, 0x8, 0x4, 0x401, 0x8, 0x5, 0x3}, {0x8, 0x1d, 0x2, 0x3}, 0x7, 0x0, 0x2, 0x1, 0x3, 0x1}, {{@in=@remote, 0x4d4, 0x3c}, 0xa, @in=@loopback, 0x3502, 0x2, 0x0, 0xb0, 0x81, 0x1, 0x2}}, 0xe8)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x4) (async)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x4)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000, 0x4, &(0x7f000046d000/0x1000)=nil) (async)
mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000, 0x4, &(0x7f000046d000/0x1000)=nil)
ioctl(r4, 0x5, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r7, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r7, 0x0, 0x0)

2.082419259s ago: executing program 5 (id=1896):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r5, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)="2c10", 0x2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setpriority(0x2, 0x0, 0x77c)

1.829524459s ago: executing program 0 (id=1897):
fanotify_init(0x200, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10)
read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0x51)
r0 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r0, &(0x7f0000009780)={0x2020}, 0x2020)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000100)={0x10, 0xffffffda, 0x3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$sndmidi(0x0, 0x9, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
r2 = socket(0x10, 0x6, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r3}, 0x14)
r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r5 = timerfd_create(0x0, 0x0)
timerfd_settime(r5, 0x3, &(0x7f0000000440)={{0x0, 0x3938700}}, 0x0)
read(r5, &(0x7f0000000240)=""/123, 0x7b)
clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0xa185, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102, 0x1, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x8, 0x2, 0x3, 0x0, 0x3})

1.406683128s ago: executing program 6 (id=1898):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
inotify_init1(0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xff)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
chdir(0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00')
preadv(r3, &(0x7f0000000200)=[{&(0x7f0000000380)=""/106, 0xbe}], 0x1, 0x40fb, 0x9)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
dup(0xffffffffffffffff)
syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4004ec67, 0x10000, 0x3, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r7, r8, <r9=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r5, 0x3b8b, &(0x7f0000000040)={0x10, 0x1, r9})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r5, 0x3b8b, &(0x7f00000000c0)={0x10, 0x0, r9})
r10 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFBR(r10, 0x8940, &(0x7f0000000100)=@add_del={0x2, &(0x7f00000000c0)='syzkaller0\x00'})
socket$inet6_udp(0xa, 0x2, 0x0)

853.91702ms ago: executing program 5 (id=1899):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
ioprio_set$uid(0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
syz_open_dev$MSR(&(0x7f0000000080), 0x8001, 0x0)
r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f00000001c0)={{0x12, 0x1, 0x150, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x70, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0xfffffffd, 0xfffd, 0x8}, {0x6, 0x24, 0x1a, 0x0, 0x18}}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x80}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x0, 0x80, 0x4}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000300)=0x2, 0x8)
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000010c0)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_ringparam={0x33, 0x7f, 0x20000a2e, 0x0, 0x0, 0x3, 0x2000000, 0x0, 0x3000000}})
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="03c9007286c3b619eb3906ef74e7e1b092754fdff60fc08a5054c0e1d37df3121f3e311ad1c1fed5554e66eda3e16973ba802383618f6bf7652255e73f17bfd6d20bd9ba12cbc97e9781f99a5aaf7e10deb7c2f0f153ea04445c40560af1ba1ecbaf89e718b0d1976a82ed4f06df44"], 0x76)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0xfffe, @multicast1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000004c0)=[{0x5, 0x3, 0x8, 0x2}, {0x5, 0x1, 0xc, 0x2}], 0x10, 0x0, @void, @value}, 0x94)
r3 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000b80)=@newtfilter={0x3c, 0x2c, 0xc27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x7, 0xfff3}, {}, {0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_DIVISOR={0x8, 0x8, 0x7}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x841}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
rt_sigaction(0x8, 0x0, 0x0, 0x8, &(0x7f0000000300))

603.573421ms ago: executing program 6 (id=1900):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), 0xffffffffffffffff)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0x138, 0x11, 0x148, 0x0, 0x0, 0x238, 0x2a8, 0x2a8, 0x238, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x2000, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@inet=@ecn={{0x28}, {0x50}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x330)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_io_uring_setup(0x497, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f00000024c0)=""/102400, 0x19000)
syz_open_dev$usbfs(0x0, 0x74, 0x101301)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000040)='}\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000240)='}\x00')
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x20, 0x54}, 0x10)

592.735386ms ago: executing program 0 (id=1901):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x9, 0x5, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r1, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r1, &(0x7f0000000140), 0x0}, 0x20)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x4)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x400, 0x400}, 0x7, [0x1, 0x0, 0x0, 0x0, 0x35b5, 0x1, 0x0, 0x7ff, 0x1fe10edb, 0xfffffffd, 0x0, 0x0, 0xffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4008000, 0x0, 0x0, 0x4, 0x5, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x2, 0x0, 0x3, 0x0, 0xfffffffe, 0x10000004, 0x0, 0x0, 0x0, 0x10, 0x0, 0xffffffff, 0xffffffff], [0x0, 0x0, 0x20, 0x0, 0x0, 0x8000, 0xfffffffe, 0x8, 0x0, 0x0, 0xffff76b5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x69, 0x180e, 0x0, 0x100ae4d, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x8], [0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10000000, 0x0, 0x0, 0x1, 0x0, 0x8, 0x9, 0x80, 0x0, 0x0, 0x4, 0x1ff, 0x5, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400, 0x0, 0x421, 0x400, 0x0, 0xed0, 0x4000000, 0x0, 0xfffffffd], [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0e, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0xfffffffd, 0x0, 0xf, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffefe]}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
shmget$private(0x0, 0x4000, 0x1, &(0x7f0000ffa000/0x4000)=nil)

305.478788ms ago: executing program 0 (id=1902):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x8, 0x64ea00)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000380), 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xfffffffc, 0xff, 0x80000000}, 0x1c)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r3, 0x2)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000300)=@usbdevfs_driver={0x0, 0x1, 0x0})

289.496505ms ago: executing program 6 (id=1903):
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1e0000000000000001"], 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000500)='dlm_unlock_end\x00', r0}, 0x18)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r2, &(0x7f0000000f80)=[{{&(0x7f0000000040)={0x2, 0x4e26, @dev={0xac, 0x14, 0x14, 0xfb}}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000200)="0b12", 0x2}], 0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000070000004608ead00000008111000000000000000000000001"], 0x30}}, {{&(0x7f00000003c0)={0x2, 0x4e24, @broadcast}, 0x10, 0x0, 0x0, &(0x7f00000008c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0xa89}}], 0x18}}], 0x2, 0xc831)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f0000000900)=""/219)
syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
r3 = socket$kcm(0x2, 0x2, 0x73)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYRESOCT=0x0], 0x48)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/anycast6\x00')
pread64(r2, &(0x7f00000066c0)=""/102388, 0x18ff4, 0x800400000000001)
openat$cgroup_type(r4, &(0x7f0000000140), 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f00000001c0)={0x1, 'sit0\x00', {}, 0x4})
bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000280))
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000780)={'batadv_slave_0\x00'})
socket(0x10, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'lo\x00'})
sendmsg$ETHTOOL_MSG_COALESCE_GET(r4, &(0x7f0000000800)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000007c0)={&(0x7f0000000ac0)=ANY=[], 0x1a8}, 0x1, 0x0, 0x0, 0x4000000}, 0x8080)
sendmsg$inet(r2, &(0x7f0000000580)={&(0x7f00000000c0)={0x2, 0x4a23}, 0x10, &(0x7f00000004c0)}, 0x80)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = gettid()
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x400000, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000300)=0x2)
ioctl$PPPIOCSACTIVE(r6, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
read(r6, 0x0, 0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, &(0x7f0000000080)=0x1, 0x0)

152.505085ms ago: executing program 7 (id=1904):
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000001300))
r0 = syz_open_dev$sg(&(0x7f0000000a80), 0x0, 0x8002)
fsopen(0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x3802, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2275, &(0x7f00000018c0))

23.741449ms ago: executing program 0 (id=1905):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000180))
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
pipe2$watch_queue(&(0x7f0000001180)={<r4=>0xffffffffffffffff}, 0x80)
r5 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r5, 0xffffffffffffffff, 0x0)

0s ago: executing program 7 (id=1906):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x100, r1}, 0x0)
close(0xffffffffffffffff)
close(r1)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r2, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
close(r0)

kernel console output (not intermixed with test programs):

SB disconnect, device number 36
[  588.118250][T12192] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  588.283631][T12192] usb 7-1: Using ep0 maxpacket: 16
[  588.368107][T12192] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  588.505523][   T10] usb 1-1: Service connection timeout for: 256
[  588.512202][   T10] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  588.542712][   T10] ath9k_htc: Failed to initialize the device
[  588.597989][T12192] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  588.622504][ T7200] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.651540][ T5907] usb 1-1: ath9k_htc: USB layer deinitialized
[  588.696922][T12192] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  588.779670][T12192] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.815857][T12192] usb 7-1: config 0 descriptor??
[  588.864979][ T7200] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.968344][ T7200] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.168403][ T7200] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.247816][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.275724][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.293234][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.315086][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.332896][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.341957][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.350004][ T7200] bridge_slave_1: left allmulticast mode
[  589.356231][ T7200] bridge_slave_1: left promiscuous mode
[  589.361909][ T7200] bridge0: port 2(bridge_slave_1) entered disabled state
[  589.370627][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.378205][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.387308][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.395628][ T7200] bridge_slave_0: left allmulticast mode
[  589.401396][ T7200] bridge_slave_0: left promiscuous mode
[  589.407118][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.414711][ T7200] bridge0: port 1(bridge_slave_0) entered disabled state
[  589.446407][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.453669][T12192] microsoft 0003:045E:07DA.0017: unknown main item tag 0x0
[  589.471912][T12192] microsoft 0003:045E:07DA.0017: No inputs registered, leaving
[  589.494778][T12192] microsoft 0003:045E:07DA.0017: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0
[  589.517807][T12192] microsoft 0003:045E:07DA.0017: no inputs found
[  589.524174][T12192] microsoft 0003:045E:07DA.0017: could not initialize ff, continuing anyway
[  589.683192][T12693] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1523'.
[  589.745564][T12692] ubi31: detaching mtd0
[  589.768099][T12692] ubi31: mtd0 is detached
[  589.983602][ T5820] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  590.001954][ T5820] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  590.017829][ T5820] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  590.037290][ T5820] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  590.039236][T12702] fuse: Unknown parameter '000000000000000000030x0000000000000006'
[  590.054932][ T5820] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  590.062605][ T5820] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  590.113160][ T7200] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  590.124368][ T7200] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  590.136366][ T7200] bond0 (unregistering): Released all slaves
[  590.174616][T12192] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  590.183276][T12699] lo speed is unknown, defaulting to 1000
[  590.446180][T12192] usb 8-1: device descriptor read/64, error -71
[  591.211112][T10613] usb 7-1: USB disconnect, device number 16
[  591.239410][T12192] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  591.391466][T12699] wg1 speed is unknown, defaulting to 1000
[  591.427971][T12192] usb 8-1: device descriptor read/64, error -71
[  591.432216][T12699] lo speed is unknown, defaulting to 1000
[  591.714768][T12192] usb usb8-port1: attempt power cycle
[  592.094586][T12192] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  592.104619][ T5824] Bluetooth: hci5: command tx timeout
[  592.136832][   T30] audit: type=1400 audit(1742876823.050:883): avc:  denied  { watch_mount } for  pid=12736 comm="syz.0.1534" path="/350" dev="tmpfs" ino=1868 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  592.214732][T12192] usb 8-1: device descriptor read/8, error -71
[  592.402698][T12699] chnl_net:caif_netlink_parms(): no params data found
[  592.475274][T12192] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  592.891455][ T5907] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  592.975677][T12192] usb 8-1: device descriptor read/8, error -71
[  593.084949][ T5907] usb 7-1: Using ep0 maxpacket: 8
[  593.132091][ T5907] usb 7-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=f9.c4
[  593.154706][ T5907] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.159341][T12192] usb usb8-port1: unable to enumerate USB device
[  593.207390][ T5907] usb 7-1: config 0 descriptor??
[  593.280375][ T5907] cytherm 7-1:0.0: Cypress thermometer device now attached
[  593.423519][ T7200] hsr_slave_0: left promiscuous mode
[  593.442457][ T7200] hsr_slave_1: left promiscuous mode
[  593.471605][ T5907] usb 7-1: USB disconnect, device number 17
[  593.494986][ T7200] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  593.509017][ T5907] cytherm 7-1:0.0: Cypress thermometer now disconnected
[  593.537288][ T7200] batman_adv: batadv0: Removing interface: batadv_slave_0
[  593.712850][ T7200] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  593.736790][ T7200] batman_adv: batadv0: Removing interface: batadv_slave_1
[  593.778342][ T7200] veth1_macvtap: left promiscuous mode
[  593.790206][ T7200] veth0_macvtap: left promiscuous mode
[  593.802181][ T7200] veth1_vlan: left promiscuous mode
[  593.820809][ T7200] veth0_vlan: left promiscuous mode
[  593.933131][T12774] ieee802154 phy0 wpan0: encryption failed: -22
[  593.941344][   T30] audit: type=1326 audit(1742876824.870:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12773 comm="syz.7.1541" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcfe038d169 code=0x0
[  594.184579][ T5824] Bluetooth: hci5: command tx timeout
[  594.271485][T12782] netlink: 'syz.5.1543': attribute type 1 has an invalid length.
[  594.994904][ T7200] team0 (unregistering): Port device team_slave_1 removed
[  595.929917][ T7200] team0 (unregistering): Port device team_slave_0 removed
[  596.265581][ T5824] Bluetooth: hci5: command tx timeout
[  596.364688][T12641] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  596.516849][T12641] usb 1-1: Using ep0 maxpacket: 32
[  596.523315][T12641] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  596.544104][T12641] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  596.567356][T12641] usb 1-1: New USB device found, idVendor=0403, idProduct=0030, bcdDevice= 0.00
[  596.577661][T12641] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.593820][T12641] usb 1-1: config 0 descriptor??
[  596.765243][T12782] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  596.765997][T12785] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  596.799750][T12699] bridge0: port 1(bridge_slave_0) entered blocking state
[  596.866740][T12699] bridge0: port 1(bridge_slave_0) entered disabled state
[  596.874025][T12699] bridge_slave_0: entered allmulticast mode
[  596.911127][T12641] usbhid 1-1:0.0: can't add hid device: -71
[  596.935397][T12699] bridge_slave_0: entered promiscuous mode
[  596.942030][T12641] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  596.966009][T12699] bridge0: port 2(bridge_slave_1) entered blocking state
[  596.973109][T12699] bridge0: port 2(bridge_slave_1) entered disabled state
[  596.982172][T12641] usb 1-1: USB disconnect, device number 37
[  597.085938][T12699] bridge_slave_1: entered allmulticast mode
[  597.119454][T12699] bridge_slave_1: entered promiscuous mode
[  597.184102][T12811] lo speed is unknown, defaulting to 1000
[  597.185996][T12699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  597.243744][T12699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  597.252105][T12820] xt_hashlimit: Unknown mode mask 2000, kernel too old?
[  597.607408][T12699] team0: Port device team_slave_0 added
[  597.675283][T12699] team0: Port device team_slave_1 added
[  597.782294][T12811] wg1 speed is unknown, defaulting to 1000
[  598.202808][T12699] batman_adv: batadv0: Adding interface: batadv_slave_0
[  598.238062][T12699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.274153][T12699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  598.315554][T12811] lo speed is unknown, defaulting to 1000
[  598.319281][T12699] batman_adv: batadv0: Adding interface: batadv_slave_1
[  598.328454][T12699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.344543][ T5824] Bluetooth: hci5: command tx timeout
[  598.359636][T12699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  598.505468][T12641] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  598.526392][T12699] hsr_slave_0: entered promiscuous mode
[  598.532577][T12699] hsr_slave_1: entered promiscuous mode
[  598.557663][T12699] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  598.565693][T12699] Cannot create hsr debugfs directory
[  598.666102][T12641] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  598.692012][T12641] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  598.753526][T12641] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  598.779565][T12641] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  598.876820][T12845] bridge0: left promiscuous mode
[  598.881895][T12845] bridge0: entered allmulticast mode
[  599.745030][T12641] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.756946][T12641] usb 8-1: config 0 descriptor??
[  600.415692][T12641] plantronics 0003:047F:FFFF.0018: unknown main item tag 0xd
[  600.425903][T12641] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving
[  600.445630][T12641] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  600.598493][T12699] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  600.727587][T12699] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  600.754063][T12699] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  601.279996][T12699] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  601.310664][T12873] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1560'.
[  601.388729][T10613] usb 8-1: USB disconnect, device number 6
[  601.518236][T12699] 8021q: adding VLAN 0 to HW filter on device bond0
[  601.609311][T12699] 8021q: adding VLAN 0 to HW filter on device team0
[  601.622362][   T82] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.629554][   T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[  602.198672][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  602.205870][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  602.226110][   T30] audit: type=1400 audit(1742876833.150:885): avc:  denied  { write } for  pid=12884 comm="syz.5.1564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  602.323364][T12889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  602.447931][T12699] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  602.458577][T12699] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  603.480770][T12906] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  604.031235][T12699] 8021q: adding VLAN 0 to HW filter on device batadv0
[  604.459391][T12928] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1574'.
[  604.473023][T12928] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1574'.
[  604.605341][T12641] usb 6-1: new full-speed USB device number 31 using dummy_hcd
[  604.658023][T12699] veth0_vlan: entered promiscuous mode
[  604.677745][T12699] veth1_vlan: entered promiscuous mode
[  604.725230][    T9] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  604.748339][T12699] veth0_macvtap: entered promiscuous mode
[  604.769850][T12699] veth1_macvtap: entered promiscuous mode
[  604.781316][T12641] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  604.810489][T12699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.822213][T12641] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1023, setting to 64
[  604.838600][T12699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.848667][T12641] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  604.858493][    T9] usb 7-1: device descriptor read/64, error -71
[  604.864917][T12699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.879981][T12641] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  604.889197][T12699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.899800][T12641] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  604.908556][T12641] usb 6-1: SerialNumber: syz
[  604.913264][T12699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.924694][T12699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.936546][T12931] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  604.944681][T12931] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  604.944759][T12699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.963607][T12641] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  604.974602][T12641] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12
[  604.974930][T12955] tmpfs: Bad value for 'mpol'
[  604.992822][T12699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.010792][T12699] batman_adv: batadv0: Interface activated: batadv_slave_0
[  605.035604][T12699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  605.050740][T12699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.062373][T12699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  605.086361][T12699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.098878][T12699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  605.109430][    T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  605.124900][T12699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.139885][T12699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  605.153380][T12699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.172200][T12641] usb 6-1: USB disconnect, device number 31
[  605.191090][T12699] batman_adv: batadv0: Interface activated: batadv_slave_1
[  605.202019][T12699] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  605.202052][T12699] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  605.202121][T12699] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  605.202146][T12699] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  605.254813][    T9] usb 7-1: device descriptor read/64, error -71
[  605.364849][    T9] usb usb7-port1: attempt power cycle
[  605.409263][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  605.424521][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  605.502994][ T7200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  605.510961][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880266af400: rx timeout, send abort
[  605.523666][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880266af400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  605.543937][ T7200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  605.785972][    T9] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  605.820498][T12985] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  605.855428][T12986] netdevsim netdevsim7: Direct firmware load for ./file0 failed with error -2
[  605.864794][T12986] netdevsim netdevsim7: Falling back to sysfs fallback for: ./file0
[  606.605004][    T9] usb 7-1: device descriptor read/8, error -71
[  606.855215][    T9] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  607.474351][    T9] usb 7-1: device descriptor read/8, error -71
[  607.506948][   T82] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.592905][T12996] lo speed is unknown, defaulting to 1000
[  607.594232][   T30] audit: type=1400 audit(1742876838.510:886): avc:  denied  { read } for  pid=13003 comm="syz.0.1583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  607.618300][    C1] vkms_vblank_simulate: vblank timer overrun
[  607.664833][    T9] usb usb7-port1: unable to enumerate USB device
[  607.890146][T12996] wg1 speed is unknown, defaulting to 1000
[  607.902307][T12996] lo speed is unknown, defaulting to 1000
[  608.024097][   T82] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.129822][   T82] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.236866][   T82] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  608.347739][   T82] bridge_slave_1: left allmulticast mode
[  608.353532][   T82] bridge_slave_1: left promiscuous mode
[  608.366599][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.375689][   T82] bridge_slave_0: left allmulticast mode
[  608.381443][   T82] bridge_slave_0: left promiscuous mode
[  608.387847][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.247937][   T30] audit: type=1400 audit(1742876840.140:887): avc:  denied  { write } for  pid=13026 comm="syz.6.1587" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  609.271206][    C1] vkms_vblank_simulate: vblank timer overrun
[  609.396277][   T30] audit: type=1400 audit(1742876840.320:888): avc:  denied  { ioctl } for  pid=13035 comm="syz.6.1588" path="socket:[42046]" dev="sockfs" ino=42046 ioctlcmd=0x891c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  609.441532][ T5820] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  609.462991][ T5820] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  609.476054][ T5820] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  609.553170][ T5820] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  609.562737][ T5820] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  609.642393][ T5820] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  609.676761][   T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  609.690310][   T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  609.701275][   T82] bond0 (unregistering): Released all slaves
[  609.739554][T13036] lo speed is unknown, defaulting to 1000
[  609.821659][T13036] wg1 speed is unknown, defaulting to 1000
[  609.828768][T13036] lo speed is unknown, defaulting to 1000
[  610.355211][T13054] netlink: 'syz.0.1591': attribute type 4 has an invalid length.
[  611.242676][T13062] openvswitch: netlink: IPv4 tunnel dst address is zero
[  611.592052][T13036] chnl_net:caif_netlink_parms(): no params data found
[  611.607287][   T30] audit: type=1400 audit(1742876842.510:889): avc:  denied  { read } for  pid=13077 comm="syz.0.1596" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  611.704684][T12192] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  611.720615][ T5824] Bluetooth: hci5: command tx timeout
[  611.775546][   T30] audit: type=1400 audit(1742876842.510:890): avc:  denied  { open } for  pid=13077 comm="syz.0.1596" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  611.804647][   T30] audit: type=1400 audit(1742876842.510:891): avc:  denied  { ioctl } for  pid=13077 comm="syz.0.1596" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  612.044047][   T82] hsr_slave_0: left promiscuous mode
[  612.074600][T12192] usb 6-1: Using ep0 maxpacket: 32
[  612.084963][T12192] usb 6-1: config 0 has no interfaces?
[  612.097676][T12192] usb 6-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  612.146769][T12192] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.233067][T12192] usb 6-1: Product: syz
[  612.242927][T12192] usb 6-1: Manufacturer: syz
[  612.247863][T12192] usb 6-1: SerialNumber: syz
[  612.334803][   T82] hsr_slave_1: left promiscuous mode
[  612.371405][T12192] usb 6-1: config 0 descriptor??
[  612.544302][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  612.567684][   T82] batman_adv: batadv0: Removing interface: batadv_slave_0
[  612.602572][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  612.622286][   T82] batman_adv: batadv0: Removing interface: batadv_slave_1
[  612.677407][   T82] veth1_macvtap: left promiscuous mode
[  612.685905][   T82] veth0_macvtap: left promiscuous mode
[  612.691828][   T82] veth1_vlan: left promiscuous mode
[  612.697685][   T82] veth0_vlan: left promiscuous mode
[  612.941146][ T3166] usb 6-1: USB disconnect, device number 32
[  613.383153][   T82] team0 (unregistering): Port device team_slave_1 removed
[  613.404612][   T10] usb 1-1: new full-speed USB device number 38 using dummy_hcd
[  613.426407][   T82] team0 (unregistering): Port device team_slave_0 removed
[  613.566496][   T10] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  613.580400][   T10] usb 1-1: config 0 has no interface number 0
[  613.587399][   T10] usb 1-1: too many endpoints for config 0 interface 1 altsetting 169: 206, using maximum allowed: 30
[  613.602331][   T10] usb 1-1: config 0 interface 1 altsetting 169 has 0 endpoint descriptors, different from the interface descriptor's value: 206
[  613.616015][   T10] usb 1-1: config 0 interface 1 has no altsetting 0
[  613.622634][   T10] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  613.632065][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.652813][   T10] usb 1-1: config 0 descriptor??
[  613.785137][ T5824] Bluetooth: hci5: command tx timeout
[  613.822668][   T30] audit: type=1400 audit(1742876844.740:892): avc:  denied  { execmod } for  pid=13114 comm="syz.5.1607" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=42221 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  613.849244][   T30] audit: type=1400 audit(1742876844.740:893): avc:  denied  { execute } for  pid=13114 comm="syz.5.1607" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=42221 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  614.043552][T10613] IPVS: starting estimator thread 0...
[  614.045363][   T10] usb 1-1: string descriptor 0 read error: -71
[  614.069475][   T10] usb 1-1: selecting invalid altsetting 1
[  614.076248][   T10] dvb_ttusb_budget: ttusb_init_controller: error
[  614.096678][   T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  614.144543][T13120] IPVS: using max 38 ests per chain, 91200 per kthread
[  614.179871][   T10] DVB: Unable to find symbol cx22700_attach()
[  614.220111][   T10] DVB: Unable to find symbol tda10046_attach()
[  614.226908][   T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  614.245644][   T10] usb 1-1: USB disconnect, device number 38
[  614.384604][T10613] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  614.395777][T13036] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.405578][T13036] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.412923][T13036] bridge_slave_0: entered allmulticast mode
[  614.420230][T13036] bridge_slave_0: entered promiscuous mode
[  614.428179][T13036] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.437733][T13036] bridge0: port 2(bridge_slave_1) entered disabled state
[  614.445549][T13036] bridge_slave_1: entered allmulticast mode
[  614.452371][T13036] bridge_slave_1: entered promiscuous mode
[  614.518656][T13036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  614.544957][T10613] usb 8-1: device descriptor read/64, error -71
[  614.563756][T13036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  614.621891][   T30] audit: type=1400 audit(1742876845.500:894): avc:  denied  { getopt } for  pid=13131 comm="syz.5.1610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  614.804686][T10613] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  614.980889][T10613] usb 8-1: device descriptor read/64, error -71
[  615.335771][T10613] usb usb8-port1: attempt power cycle
[  615.351025][T13139] gfs2: gfs2 mount does not exist
[  615.419119][T13036] team0: Port device team_slave_0 added
[  615.495718][T13036] team0: Port device team_slave_1 added
[  615.622808][T13036] batman_adv: batadv0: Adding interface: batadv_slave_0
[  615.640125][T13036] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  615.706330][T13036] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  615.734546][T13036] batman_adv: batadv0: Adding interface: batadv_slave_1
[  615.741522][T13036] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  615.826745][T13036] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  615.834795][T10613] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  615.864734][ T5824] Bluetooth: hci5: command tx timeout
[  615.886169][T10613] usb 8-1: device descriptor read/8, error -71
[  615.984633][ T3166] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  616.136897][T10613] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  616.224706][ T3166] usb 6-1: Using ep0 maxpacket: 32
[  616.293975][T10613] usb 8-1: device descriptor read/8, error -71
[  616.343688][ T3166] usb 6-1: config 0 has no interfaces?
[  616.537830][ T3166] usb 6-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  616.561658][T13036] hsr_slave_0: entered promiscuous mode
[  616.568736][ T3166] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.588961][T13036] hsr_slave_1: entered promiscuous mode
[  616.597176][ T3166] usb 6-1: Product: syz
[  616.604993][T13036] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  616.612794][ T3166] usb 6-1: Manufacturer: syz
[  616.632552][ T3166] usb 6-1: SerialNumber: syz
[  616.644477][T13036] Cannot create hsr debugfs directory
[  616.656381][T10613] usb usb8-port1: unable to enumerate USB device
[  616.672123][ T3166] usb 6-1: config 0 descriptor??
[  617.766269][T13184] smc: ib device syz1 ibport 1 applied user defined pnetid SYZ0
[  617.785735][T10613] usb 6-1: USB disconnect, device number 33
[  617.874326][T13191] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  618.052865][ T5824] Bluetooth: hci5: command tx timeout
[  618.519307][T13197] /dev/nbd6: Can't lookup blockdev
[  619.020370][   T30] audit: type=1400 audit(1742876849.940:895): avc:  denied  { getopt } for  pid=13186 comm="syz.7.1621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  619.245979][T13207] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1626'.
[  619.368061][T13036] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  619.444211][T13036] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  619.453048][T13213] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1629'.
[  619.469290][T13036] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  619.490515][T13216] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1628'.
[  619.512680][T13036] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  619.551147][T13213] xt_CT: No such helper "pptp"
[  619.551288][T13219] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1627'.
[  620.426807][T13036] 8021q: adding VLAN 0 to HW filter on device bond0
[  620.684011][T13036] 8021q: adding VLAN 0 to HW filter on device team0
[  620.713502][ T1801] bridge0: port 1(bridge_slave_0) entered blocking state
[  620.720635][ T1801] bridge0: port 1(bridge_slave_0) entered forwarding state
[  620.896453][   T30] audit: type=1400 audit(1742876851.810:896): avc:  denied  { mount } for  pid=13234 comm="syz.6.1632" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  620.938926][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  620.946023][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  620.967734][T13248] FAULT_INJECTION: forcing a failure.
[  620.967734][T13248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  621.027241][T13248] CPU: 0 UID: 0 PID: 13248 Comm: syz.5.1633 Not tainted 6.14.0-syzkaller #0
[  621.027260][T13248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  621.027266][T13248] Call Trace:
[  621.027270][T13248]  <TASK>
[  621.027274][T13248]  dump_stack_lvl+0x16c/0x1f0
[  621.027294][T13248]  should_fail_ex+0x50a/0x650
[  621.027313][T13248]  _copy_from_user+0x2e/0xd0
[  621.027325][T13248]  snd_pcm_oss_write2+0x1c6/0x3f0
[  621.027339][T13248]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  621.027350][T13248]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  621.027366][T13248]  ? snd_pcm_oss_prepare+0x11e/0x220
[  621.027379][T13248]  snd_pcm_oss_write+0x727/0xa00
[  621.027396][T13248]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  621.027408][T13248]  vfs_write+0x24c/0x1150
[  621.027425][T13248]  ? __fget_files+0x1fc/0x3a0
[  621.027435][T13248]  ? __pfx_lock_release+0x10/0x10
[  621.027451][T13248]  ? __pfx_vfs_write+0x10/0x10
[  621.027467][T13248]  ? lock_acquire+0x2f/0xb0
[  621.027480][T13248]  ? __fget_files+0x40/0x3a0
[  621.027492][T13248]  ? __fget_files+0x206/0x3a0
[  621.027505][T13248]  ksys_write+0x12b/0x250
[  621.027514][T13248]  ? __pfx_ksys_write+0x10/0x10
[  621.027527][T13248]  do_syscall_64+0xcd/0x250
[  621.027543][T13248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.027557][T13248] RIP: 0033:0x7f387a78d169
[  621.027566][T13248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.027576][T13248] RSP: 002b:00007f387b685038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  621.027586][T13248] RAX: ffffffffffffffda RBX: 00007f387a9a5fa0 RCX: 00007f387a78d169
[  621.027593][T13248] RDX: 000000000000fdbc RSI: 0000200000000500 RDI: 0000000000000005
[  621.027599][T13248] RBP: 00007f387b685090 R08: 0000000000000000 R09: 0000000000000000
[  621.027604][T13248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  621.027612][T13248] R13: 0000000000000000 R14: 00007f387a9a5fa0 R15: 00007ffe0b984e88
[  621.027625][T13248]  </TASK>
[  621.504830][T12192] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  621.590699][   T30] audit: type=1400 audit(1742876852.510:897): avc:  denied  { unmount } for  pid=9488 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  621.664650][T12192] usb 1-1: Using ep0 maxpacket: 32
[  621.681631][T12192] usb 1-1: config 0 has no interfaces?
[  621.694020][T12192] usb 1-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  621.718793][T12192] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.829564][T12192] usb 1-1: Product: syz
[  621.847835][T12192] usb 1-1: Manufacturer: syz
[  621.860016][T12192] usb 1-1: SerialNumber: syz
[  622.372573][T13282] 9pnet_fd: Insufficient options for proto=fd
[  622.381115][T13036] 8021q: adding VLAN 0 to HW filter on device batadv0
[  622.395044][T12192] usb 1-1: config 0 descriptor??
[  622.395739][T13263] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  622.414826][T13263] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  622.441091][T13263] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  622.474774][T13263] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  622.480868][T13263] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  622.520955][T13263] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  622.548676][T13263] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  622.576071][T13263] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  622.582080][T13263] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  622.605184][T10613] IPVS: starting estimator thread 0...
[  622.622730][T13263] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  622.746407][T13294] IPVS: using max 31 ests per chain, 74400 per kthread
[  622.884912][T10613] usb 1-1: USB disconnect, device number 39
[  622.972628][T13036] veth0_vlan: entered promiscuous mode
[  623.007443][T13036] veth1_vlan: entered promiscuous mode
[  623.086237][T13036] veth0_macvtap: entered promiscuous mode
[  623.140797][T13036] veth1_macvtap: entered promiscuous mode
[  623.169426][T13036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  623.180969][T13036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.199247][T13036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  623.211764][T13036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.229993][T13036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  623.240883][T13036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.252154][T13036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  623.264998][T13036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.275825][T13036] batman_adv: batadv0: Interface activated: batadv_slave_0
[  623.286938][T13036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  623.304703][ T3166] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  623.307554][T13036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.334116][T13036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  623.350256][T13036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.363189][T13036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  623.383853][T13036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.399800][T13036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  623.410737][T13036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.434330][T13036] batman_adv: batadv0: Interface activated: batadv_slave_1
[  623.485104][ T3166] usb 8-1: Using ep0 maxpacket: 8
[  623.500395][T13036] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  623.500769][ T3166] usb 8-1: config 6 has an invalid interface number: 2 but max is 0
[  623.516831][T13036] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  623.538968][ T3166] usb 8-1: config 6 has no interface number 0
[  623.546294][ T3166] usb 8-1: config 6 interface 2 altsetting 255 endpoint 0xB has invalid wMaxPacketSize 0
[  623.557422][ T3166] usb 8-1: config 6 interface 2 altsetting 255 has an endpoint descriptor with address 0xE9, changing to 0x89
[  623.569526][ T3166] usb 8-1: config 6 interface 2 altsetting 255 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  623.581468][ T3166] usb 8-1: config 6 interface 2 altsetting 255 endpoint 0x89 has invalid wMaxPacketSize 0
[  623.591768][ T3166] usb 8-1: config 6 interface 2 has no altsetting 0
[  623.599380][T13036] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  623.600379][ T3166] usb 8-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  623.624559][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout
[  623.631164][T13263] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  623.631228][T13036] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  623.976017][ T3166] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.994263][ T3166] usb 8-1: Product: syz
[  624.037724][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  624.044615][ T3166] usb 8-1: Manufacturer: syz
[  624.049395][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  624.055716][ T3166] usb 8-1: SerialNumber: syz
[  624.103665][ T3166] hso 8-1:6.2: Failed to find BULK IN ep
[  624.426376][ T5824] Bluetooth: hci2: command 0x0406 tx timeout
[  624.505731][ T5820] Bluetooth: hci3: command 0x0c1a tx timeout
[  624.505760][ T5830] Bluetooth: hci4: command 0x0c1a tx timeout
[  624.511757][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[  624.525156][ T3166] usb 8-1: USB disconnect, device number 11
[  624.584672][ T5824] Bluetooth: hci5: command 0x0c1a tx timeout
[  624.917489][   T10] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  624.976122][ T7055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  624.999142][ T7055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  625.094504][   T10] usb 1-1: device descriptor read/64, error -71
[  625.167206][ T7055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  625.188181][ T7055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  625.364509][   T10] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  625.534640][   T10] usb 1-1: device descriptor read/64, error -71
[  625.667272][   T10] usb usb1-port1: attempt power cycle
[  625.677188][T13356] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1646'.
[  625.714728][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout
[  625.928359][   T82] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  626.005165][T10613] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  626.058358][   T10] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  626.096993][   T82] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  626.100737][   T10] usb 1-1: device descriptor read/8, error -71
[  626.164669][T10613] usb 7-1: Using ep0 maxpacket: 16
[  626.182794][T10613] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.201525][T10613] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  626.231029][T10613] usb 7-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[  626.240936][T10613] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.262133][   T82] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  626.279262][T10613] usb 7-1: config 0 descriptor??
[  626.398264][   T10] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  626.431446][   T82] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  626.442093][   T10] usb 1-1: device descriptor read/8, error -71
[  626.511808][   T30] audit: type=1400 audit(1742876857.430:898): avc:  denied  { create } for  pid=13357 comm="syz.6.1648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  626.546784][ T5906] usb 7-1: USB disconnect, device number 22
[  626.559845][   T10] usb usb1-port1: unable to enumerate USB device
[  626.571154][   T82] bridge_slave_1: left allmulticast mode
[  626.577267][   T82] bridge_slave_1: left promiscuous mode
[  626.582952][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[  626.592722][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[  626.602344][   T82] bridge_slave_0: left allmulticast mode
[  626.609162][   T82] bridge_slave_0: left promiscuous mode
[  626.619679][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[  627.010819][   T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  627.021015][   T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  627.030921][   T82] bond0 (unregistering): Released all slaves
[  627.505086][ T5906] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  628.094619][   T30] audit: type=1400 audit(1742876858.980:899): avc:  denied  { listen } for  pid=13406 comm="syz.0.1655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  628.134468][   T30] audit: type=1400 audit(1742876859.000:900): avc:  denied  { accept } for  pid=13406 comm="syz.0.1655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  628.254688][ T5906] usb 7-1: Using ep0 maxpacket: 32
[  628.275403][ T5906] usb 7-1: config 0 has no interfaces?
[  628.282653][ T5906] usb 7-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  628.304597][ T5906] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.347135][   T30] audit: type=1326 audit(1742876859.270:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13419 comm="syz.5.1657" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f387a78d169 code=0x0
[  628.384489][ T5906] usb 7-1: Product: syz
[  628.388695][ T5906] usb 7-1: Manufacturer: syz
[  628.393287][ T5906] usb 7-1: SerialNumber: syz
[  628.433117][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  628.443859][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  628.486345][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  628.530390][ T3166] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  628.539512][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  628.548797][ T5830] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  628.556596][ T5906] usb 7-1: config 0 descriptor??
[  628.563881][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  628.676065][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[  628.729946][T13423] lo speed is unknown, defaulting to 1000
[  628.747038][ T3166] usb 8-1: config 0 has an invalid interface number: 47 but max is 0
[  628.758033][ T3166] usb 8-1: config 0 has no interface number 0
[  628.764143][ T3166] usb 8-1: config 0 interface 47 has no altsetting 0
[  628.771435][ T3166] usb 8-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  628.780725][ T3166] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.110518][T13434] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  629.119482][T13434] batadv_slave_1: entered promiscuous mode
[  629.208058][   T30] audit: type=1400 audit(1742876860.080:902): avc:  denied  { accept } for  pid=13428 comm="syz.0.1658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  629.486002][ T3166] usb 8-1: config 0 descriptor??
[  629.580274][   T82] hsr_slave_0: left promiscuous mode
[  629.648075][   T82] hsr_slave_1: left promiscuous mode
[  629.653901][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  629.739590][   T82] batman_adv: batadv0: Removing interface: batadv_slave_0
[  629.752438][   T82] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  629.760858][   T82] batman_adv: batadv0: Removing interface: batadv_slave_1
[  629.792031][   T82] veth1_macvtap: left promiscuous mode
[  629.808588][   T82] veth0_macvtap: left promiscuous mode
[  629.815404][   T82] veth1_vlan: left promiscuous mode
[  629.820797][   T82] veth0_vlan: left promiscuous mode
[  629.868050][ T3166] kaweth 8-1:0.47: Firmware present in device.
[  630.442315][ T3166] kaweth 8-1:0.47: Error reading configuration (-71), no net device created
[  630.464711][ T3166] kaweth 8-1:0.47: probe with driver kaweth failed with error -5
[  630.483615][ T3166] usb 8-1: USB disconnect, device number 12
[  630.670759][T10613] usb 7-1: USB disconnect, device number 23
[  630.679910][ T5824] Bluetooth: hci5: command tx timeout
[  632.747196][ T5824] Bluetooth: hci5: command tx timeout
[  632.904156][   T82] team0 (unregistering): Port device team_slave_1 removed
[  632.949253][   T82] team0 (unregistering): Port device team_slave_0 removed
[  633.379775][T13423] wg1 speed is unknown, defaulting to 1000
[  633.379920][T13459] netlink: 'syz.6.1662': attribute type 21 has an invalid length.
[  633.407357][T13423] lo speed is unknown, defaulting to 1000
[  634.566962][T13516] FAULT_INJECTION: forcing a failure.
[  634.566962][T13516] name failslab, interval 1, probability 0, space 0, times 0
[  634.597174][T13423] chnl_net:caif_netlink_parms(): no params data found
[  634.633718][T13516] CPU: 1 UID: 0 PID: 13516 Comm: syz.5.1672 Not tainted 6.14.0-syzkaller #0
[  634.633743][T13516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  634.633753][T13516] Call Trace:
[  634.633758][T13516]  <TASK>
[  634.633765][T13516]  dump_stack_lvl+0x16c/0x1f0
[  634.633793][T13516]  should_fail_ex+0x50a/0x650
[  634.633820][T13516]  ? fs_reclaim_acquire+0xae/0x150
[  634.633847][T13516]  should_failslab+0xc2/0x120
[  634.633867][T13516]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  634.633886][T13516]  ? __alloc_skb+0x2b1/0x380
[  634.633913][T13516]  __alloc_skb+0x2b1/0x380
[  634.633936][T13516]  ? __pfx___alloc_skb+0x10/0x10
[  634.633961][T13516]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  634.633990][T13516]  netlink_alloc_large_skb+0x69/0x130
[  634.634015][T13516]  netlink_sendmsg+0x689/0xd70
[  634.634042][T13516]  ? __pfx_netlink_sendmsg+0x10/0x10
[  634.634074][T13516]  ____sys_sendmsg+0xaaf/0xc90
[  634.634092][T13516]  ? copy_msghdr_from_user+0x10b/0x160
[  634.634116][T13516]  ? __pfx_____sys_sendmsg+0x10/0x10
[  634.634147][T13516]  ___sys_sendmsg+0x135/0x1e0
[  634.634173][T13516]  ? __pfx____sys_sendmsg+0x10/0x10
[  634.634208][T13516]  ? __pfx_lock_release+0x10/0x10
[  634.634230][T13516]  ? trace_lock_acquire+0x14e/0x1f0
[  634.634258][T13516]  ? __fget_files+0x206/0x3a0
[  634.634281][T13516]  __sys_sendmsg+0x16e/0x220
[  634.634307][T13516]  ? __pfx___sys_sendmsg+0x10/0x10
[  634.634347][T13516]  do_syscall_64+0xcd/0x250
[  634.634372][T13516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.634398][T13516] RIP: 0033:0x7f387a78d169
[  634.634411][T13516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  634.634426][T13516] RSP: 002b:00007f387b685038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  634.634443][T13516] RAX: ffffffffffffffda RBX: 00007f387a9a5fa0 RCX: 00007f387a78d169
[  634.634453][T13516] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  634.634463][T13516] RBP: 00007f387b685090 R08: 0000000000000000 R09: 0000000000000000
[  634.634472][T13516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  634.634481][T13516] R13: 0000000000000000 R14: 00007f387a9a5fa0 R15: 00007ffe0b984e88
[  634.634502][T13516]  </TASK>
[  634.867236][ T5824] Bluetooth: hci5: command tx timeout
[  634.914550][ T5906] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  634.992155][T13423] bridge0: port 1(bridge_slave_0) entered blocking state
[  635.086797][T13423] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.094023][T13423] bridge_slave_0: entered allmulticast mode
[  635.103744][T13423] bridge_slave_0: entered promiscuous mode
[  635.124316][T13423] bridge0: port 2(bridge_slave_1) entered blocking state
[  635.131815][T13423] bridge0: port 2(bridge_slave_1) entered disabled state
[  635.139134][T13423] bridge_slave_1: entered allmulticast mode
[  635.149796][T13423] bridge_slave_1: entered promiscuous mode
[  635.716007][ T5906] usb 8-1: config 8 has an invalid interface number: 34 but max is 0
[  635.745278][ T5906] usb 8-1: config 8 has no interface number 0
[  635.751394][ T5906] usb 8-1: config 8 interface 34 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  635.757210][T13423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  635.847242][ T5906] usb 8-1: config 8 interface 34 has no altsetting 0
[  635.904049][ T5906] usb 8-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=7b.88
[  635.926405][T13423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  635.945741][ T5906] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.963249][ T5906] usb 8-1: Product: syz
[  635.969846][T13544] ax25_connect(): syz.0.1678 uses autobind, please contact jreuter@yaina.de
[  635.979181][ T5906] usb 8-1: Manufacturer: syz
[  635.983866][ T5906] usb 8-1: SerialNumber: syz
[  635.985358][T13423] team0: Port device team_slave_0 added
[  636.483053][T13423] team0: Port device team_slave_1 added
[  636.498479][ T5906] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  636.509123][T13423] batman_adv: batadv0: Adding interface: batadv_slave_0
[  636.530360][T13423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  636.571308][ T5906] snd-usb-audio 8-1:8.34: probe with driver snd-usb-audio failed with error -2
[  636.608158][T13423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  636.625842][T13423] batman_adv: batadv0: Adding interface: batadv_slave_1
[  636.632804][T13423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  636.664937][ T5906] usb 8-1: USB disconnect, device number 13
[  636.750328][T13423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  636.905597][ T5824] Bluetooth: hci5: command tx timeout
[  636.971398][T11564] udevd[11564]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:8.34/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  637.633593][T13567] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1682'.
[  637.656469][T13423] hsr_slave_0: entered promiscuous mode
[  637.679330][T13423] hsr_slave_1: entered promiscuous mode
[  637.700282][T13423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  637.746944][T13423] Cannot create hsr debugfs directory
[  637.879330][   T30] audit: type=1400 audit(1742876868.800:903): avc:  denied  { ioctl } for  pid=13571 comm="syz.7.1684" path="/42/file0/file0" dev="fuse" ino=3 ioctlcmd=0x92b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  637.936672][T13573] md2: using deprecated bitmap file support
[  637.942980][T13573] md2: error: bitmap file must be a regular file
[  638.144813][T13581] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  638.162836][ T5906] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  638.166417][T13581] netlink: zone id is out of range
[  638.204232][ T5906] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  638.225860][T13581] netlink: del zone limit has 4 unknown bytes
[  639.096800][   T30] audit: type=1400 audit(1742876870.010:904): avc:  denied  { shutdown } for  pid=13603 comm="syz.7.1687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  639.098727][T13604] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input24
[  639.134996][ T5906] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  639.335492][ T5906] usb 6-1: Using ep0 maxpacket: 8
[  639.353232][ T5906] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  639.385840][ T5906] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  639.407463][T13423] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  639.423528][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.539897][T13423] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  639.753309][T13423] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  639.791562][ T5906] usb 6-1: config 0 descriptor??
[  639.888656][T13423] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  639.923075][T13618] netlink: 18 bytes leftover after parsing attributes in process `syz.7.1689'.
[  639.930098][ T5906] gspca_main: vc032x-2.14.0 probing 046d:0892
[  640.117832][   T30] audit: type=1400 audit(1742876871.040:905): avc:  denied  { name_bind 0x1000000 } for  pid=13621 comm="syz.6.1690" path="socket:[44497]" dev="sockfs" ino=44497 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  640.182985][T13423] 8021q: adding VLAN 0 to HW filter on device bond0
[  640.470793][T13423] 8021q: adding VLAN 0 to HW filter on device team0
[  640.481216][ T7200] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.488308][ T7200] bridge0: port 1(bridge_slave_0) entered forwarding state
[  640.853402][ T3555] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.860546][ T3555] bridge0: port 2(bridge_slave_1) entered forwarding state
[  641.109564][T13423] 8021q: adding VLAN 0 to HW filter on device batadv0
[  641.126044][T13654] afs: Unknown parameter './file0'
[  641.375879][T13423] veth0_vlan: entered promiscuous mode
[  641.427987][T13423] veth1_vlan: entered promiscuous mode
[  641.500481][T13423] veth0_macvtap: entered promiscuous mode
[  641.521198][T13423] veth1_macvtap: entered promiscuous mode
[  641.540811][T13423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.563022][T13423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.593500][T13423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.623033][T13423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.643746][T13423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.680658][T13423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.749492][T13423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.761332][T13423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.772718][T13423] batman_adv: batadv0: Interface activated: batadv_slave_0
[  641.783495][T13423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  641.896139][T13423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.774320][T13423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  642.792738][T13423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.805216][T13423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  642.816160][T13423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  643.426891][T13423] batman_adv: batadv0: Interface activated: batadv_slave_1
[  643.473746][T13423] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  643.488361][T13423] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  643.499147][T13423] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  643.511598][T13423] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  643.596210][T13699] kvm: kvm [13698]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x35000bf4a7e59801
[  643.821700][ T5874] usb 6-1: USB disconnect, device number 34
[  644.198601][ T3555] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  644.218753][ T3555] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  644.225712][T13713] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1701'.
[  644.256366][T13713] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1701'.
[  644.394563][  T969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  644.402420][  T969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  644.759120][T13726] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1704'.
[  644.768164][T13726] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  645.159126][T13726] batman_adv: batadv0: Removing interface: batadv_slave_1
[  645.610821][   T30] audit: type=1400 audit(1742876876.400:906): avc:  denied  { watch_sb } for  pid=13732 comm="syz.0.1707" path="/403/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=2153 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  645.706319][T13739] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1708'.
[  646.981931][ T1801] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  647.199807][ T1801] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  647.337121][ T1801] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  647.435845][ T1801] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  647.619820][ T1801] bridge_slave_1: left allmulticast mode
[  647.641170][ T1801] bridge_slave_1: left promiscuous mode
[  647.652489][ T1801] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.670066][ T1801] bridge_slave_0: left allmulticast mode
[  647.684279][ T1801] bridge_slave_0: left promiscuous mode
[  647.708287][ T1801] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.181760][ T1801] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  648.192533][ T1801] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  648.203218][ T1801] bond0 (unregistering): Released all slaves
[  648.469160][   T30] audit: type=1400 audit(1742876879.390:907): avc:  denied  { mount } for  pid=13819 comm="syz.5.1719" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  648.542503][   T30] audit: type=1400 audit(1742876879.460:908): avc:  denied  { unmount } for  pid=8121 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  648.584829][T10613] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  648.805517][T10613] usb 7-1: Using ep0 maxpacket: 32
[  648.884172][T10613] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7
[  649.006177][T10613] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024
[  649.036242][T10613] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  649.062728][T10613] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.066398][T13830] FAULT_INJECTION: forcing a failure.
[  649.066398][T13830] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  649.081079][T10613] usb 7-1: Product: syz
[  649.088471][T13830] CPU: 0 UID: 0 PID: 13830 Comm: syz.5.1721 Not tainted 6.14.0-syzkaller #0
[  649.088492][T13830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  649.088502][T13830] Call Trace:
[  649.088506][T13830]  <TASK>
[  649.088513][T13830]  dump_stack_lvl+0x16c/0x1f0
[  649.088541][T13830]  should_fail_ex+0x50a/0x650
[  649.088587][T13830]  _copy_from_user+0x2e/0xd0
[  649.088605][T13830]  copy_msghdr_from_user+0x99/0x160
[  649.088630][T13830]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  649.088656][T13830]  ? hlock_class+0x4e/0x130
[  649.088673][T13830]  ? __lock_acquire+0x15a9/0x3c40
[  649.088699][T13830]  ___sys_sendmsg+0xff/0x1e0
[  649.088726][T13830]  ? __pfx____sys_sendmsg+0x10/0x10
[  649.088749][T13830]  ? __pfx___lock_acquire+0x10/0x10
[  649.088770][T13830]  ? handle_mm_fault+0x497/0xaa0
[  649.088807][T13830]  ? __pfx___might_resched+0x10/0x10
[  649.088833][T13830]  ? __might_fault+0xe3/0x190
[  649.088856][T13830]  __sys_sendmmsg+0x201/0x420
[  649.088884][T13830]  ? __pfx___sys_sendmmsg+0x10/0x10
[  649.088918][T13830]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  649.088950][T13830]  ? fput+0x67/0x440
[  649.088976][T13830]  ? ksys_write+0x1ba/0x250
[  649.088991][T13830]  ? __pfx_ksys_write+0x10/0x10
[  649.089010][T13830]  __x64_sys_sendmmsg+0x9c/0x100
[  649.089035][T13830]  ? lockdep_hardirqs_on+0x7c/0x110
[  649.089056][T13830]  do_syscall_64+0xcd/0x250
[  649.089081][T13830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.089105][T13830] RIP: 0033:0x7f387a78d169
[  649.089119][T13830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.089135][T13830] RSP: 002b:00007f387b685038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  649.089151][T13830] RAX: ffffffffffffffda RBX: 00007f387a9a5fa0 RCX: 00007f387a78d169
[  649.089162][T13830] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000003
[  649.089172][T13830] RBP: 00007f387b685090 R08: 0000000000000000 R09: 0000000000000000
[  649.089182][T13830] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000002
[  649.089191][T13830] R13: 0000000000000000 R14: 00007f387a9a5fa0 R15: 00007ffe0b984e88
[  649.089213][T13830]  </TASK>
[  649.097428][T10613] usb 7-1: Manufacturer: syz
[  649.113415][ T5906] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  649.150645][T10613] usb 7-1: SerialNumber: syz
[  649.342228][T10613] usb 7-1: config 0 descriptor??
[  649.344057][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  649.358318][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  649.384879][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  649.398372][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  649.408223][ T5830] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  649.416884][T10613] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  649.437473][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  649.509977][T13838] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1722'.
[  649.540910][T13832] lo speed is unknown, defaulting to 1000
[  649.567710][ T5906] usb 8-1: Using ep0 maxpacket: 32
[  649.598811][T10613] usb 7-1: USB disconnect, device number 24
[  649.607280][   T82] usb 7-1: Failed to submit usb control message: -71
[  649.641574][ T5906] usb 8-1: config 0 has an invalid interface number: 146 but max is 0
[  649.659905][   T82] usb 7-1: unable to send the bmi data to the device: -71
[  649.674541][ T5906] usb 8-1: config 0 has no interface number 0
[  649.680671][ T5906] usb 8-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  649.707367][   T82] usb 7-1: unable to get target info from device
[  649.713742][   T82] usb 7-1: could not get target info (-71)
[  649.734526][ T5906] usb 8-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  649.749717][   T82] usb 7-1: could not probe fw (-71)
[  649.766538][ T5906] usb 8-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  649.963658][ T5906] usb 8-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  649.974577][ T5906] usb 8-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  649.986400][ T5906] usb 8-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  649.993418][T13855] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1725'.
[  649.997786][ T5906] usb 8-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  650.006148][ T1801] hsr_slave_0: left promiscuous mode
[  650.077877][ T1801] hsr_slave_1: left promiscuous mode
[  650.097647][ T1801] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  650.147671][ T1801] batman_adv: batadv0: Removing interface: batadv_slave_0
[  650.207268][ T1801] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  650.260866][ T1801] batman_adv: batadv0: Removing interface: batadv_slave_1
[  650.279167][ T5906] usb 8-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 29797, setting to 1024
[  650.290519][ T5906] usb 8-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  650.300675][ T5906] usb 8-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  650.316499][ T5906] usb 8-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  650.325794][ T5906] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.333813][ T5906] usb 8-1: Product: syz
[  650.338072][ T5906] usb 8-1: Manufacturer: syz
[  650.342682][ T5906] usb 8-1: SerialNumber: syz
[  650.363449][ T5906] usb 8-1: config 0 descriptor??
[  650.366360][ T1801] veth1_macvtap: left promiscuous mode
[  650.374301][ T1801] veth0_macvtap: left promiscuous mode
[  650.380302][ T1801] veth1_vlan: left promiscuous mode
[  650.383417][T13826] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  650.386352][ T1801] veth0_vlan: left promiscuous mode
[  650.403661][T13826] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  650.412832][ T5906] microtek usb (rev 0.4.3): will this work? Response EP is not usually 3
[  650.426473][ T5906] microtek usb (rev 0.4.3): will this work? Image data EP is not usually 2
[  650.443692][ T5906] scsi host1: microtekX6
[  650.633004][T10613] usb 8-1: USB disconnect, device number 14
[  650.942422][ T1801] team0 (unregistering): Port device team_slave_1 removed
[  650.991290][ T1801] team0 (unregistering): Port device team_slave_0 removed
[  651.554763][ T5830] Bluetooth: hci5: command tx timeout
[  651.599030][T13832] wg1 speed is unknown, defaulting to 1000
[  651.606023][T13832] lo speed is unknown, defaulting to 1000
[  652.128148][T13832] chnl_net:caif_netlink_parms(): no params data found
[  652.174600][   T30] audit: type=1400 audit(1742876883.080:909): avc:  denied  { ioctl } for  pid=13888 comm="syz.6.1734" path="socket:[47259]" dev="sockfs" ino=47259 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  652.284507][ T5906] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  653.302745][T13890] could not allocate digest TFM handle crct10dif-generic
[  653.349870][ T5906] usb 6-1: Using ep0 maxpacket: 32
[  653.382101][ T5906] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  653.399210][ T5906] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  653.455017][ T5906] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  653.466162][ T5906] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.543961][ T5906] usb 6-1: config 0 descriptor??
[  653.559872][ T5906] hub 6-1:0.0: bad descriptor, ignoring hub
[  653.562815][T13923] ptm ptm21: ldisc open failed (-12), clearing slot 21
[  653.573090][ T5906] hub 6-1:0.0: probe with driver hub failed with error -5
[  653.590066][ T5906] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  653.614530][T13832] bridge0: port 1(bridge_slave_0) entered blocking state
[  653.621646][T13832] bridge0: port 1(bridge_slave_0) entered disabled state
[  653.628762][ T5830] Bluetooth: hci5: command tx timeout
[  653.671023][T13832] bridge_slave_0: entered allmulticast mode
[  653.688659][T13832] bridge_slave_0: entered promiscuous mode
[  653.696457][T13832] bridge0: port 2(bridge_slave_1) entered blocking state
[  653.704531][T13832] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.712078][T13832] bridge_slave_1: entered allmulticast mode
[  653.786022][T13832] bridge_slave_1: entered promiscuous mode
[  655.306976][T13935] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.314271][T13935] bridge0: port 1(bridge_slave_0) entered disabled state
[  655.321720][T13935] bridge0: entered allmulticast mode
[  655.704528][ T5830] Bluetooth: hci5: command tx timeout
[  655.790692][T13938] bond0: entered promiscuous mode
[  655.798645][T13938] bond_slave_0: entered promiscuous mode
[  655.812145][T13938] bond_slave_1: entered promiscuous mode
[  656.803993][T13938] batadv0: entered promiscuous mode
[  656.820952][T13938] bond0: left promiscuous mode
[  656.829172][T13938] bond_slave_0: left promiscuous mode
[  656.835332][T13938] bond_slave_1: left promiscuous mode
[  656.841272][T13938] batadv0: left promiscuous mode
[  656.960939][T13832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  656.972197][T13832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.677104][T13832] team0: Port device team_slave_0 added
[  657.703985][T13832] team0: Port device team_slave_1 added
[  657.715904][T12641] usb 6-1: USB disconnect, device number 35
[  657.795513][ T5824] Bluetooth: hci5: command tx timeout
[  657.878654][T13832] batman_adv: batadv0: Adding interface: batadv_slave_0
[  657.895366][T13971] kvm: kvm [13970]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x35000bf4a7e59801
[  657.911791][T13832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  657.944275][T13832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  658.294681][T12641] usb 8-1: new full-speed USB device number 15 using dummy_hcd
[  658.312035][T13832] batman_adv: batadv0: Adding interface: batadv_slave_1
[  658.321837][T13832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.350430][T13832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  658.377041][    T9] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  658.389174][T13832] hsr_slave_0: entered promiscuous mode
[  658.397922][T13832] hsr_slave_1: entered promiscuous mode
[  658.403699][T13832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  658.411386][T13832] Cannot create hsr debugfs directory
[  658.458703][T12641] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  658.481466][T12641] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 96, setting to 64
[  658.492799][T12641] usb 8-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  658.507753][T12641] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  658.523573][T12641] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  658.531816][T12641] usb 8-1: SerialNumber: syz
[  658.538732][    T9] usb 6-1: Using ep0 maxpacket: 8
[  658.559831][T13968] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  658.672746][T13983] Cannot find del_set index 514 as target
[  659.085433][T12641] hub 8-1:1.0: bad descriptor, ignoring hub
[  659.101033][    T9] usb 6-1: config 6 has an invalid interface number: 2 but max is 0
[  659.113357][T12641] hub 8-1:1.0: probe with driver hub failed with error -5
[  659.127923][    T9] usb 6-1: config 6 has no interface number 0
[  659.141148][    T9] usb 6-1: config 6 interface 2 altsetting 255 endpoint 0xB has invalid wMaxPacketSize 0
[  659.172449][    T9] usb 6-1: config 6 interface 2 altsetting 255 has an endpoint descriptor with address 0xE9, changing to 0x89
[  659.203634][    T9] usb 6-1: config 6 interface 2 altsetting 255 endpoint 0x89 has invalid wMaxPacketSize 0
[  659.228643][    T9] usb 6-1: config 6 interface 2 has no altsetting 0
[  659.269998][    T9] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  659.303479][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.379853][T13968] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  659.404775][    T9] usb 6-1: Product: syz
[  659.409029][    T9] usb 6-1: Manufacturer: syz
[  659.413663][    T9] usb 6-1: SerialNumber: syz
[  659.463033][    T9] hso 6-1:6.2: Failed to find INT IN ep
[  659.670723][T12192] usb 6-1: USB disconnect, device number 36
[  659.757919][T13832] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  659.777087][T13832] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  659.797351][T13832] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  659.829263][   T30] audit: type=1400 audit(1742876890.750:910): avc:  denied  { audit_write } for  pid=14006 comm="syz.6.1751" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  659.857124][T12641] cdc_ether 8-1:1.0 eth9: register 'cdc_ether' at usb-dummy_hcd.7-1, CDC Ethernet Device, 42:42:42:42:42:42
[  659.857214][T13832] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  659.886161][ T5824] Bluetooth: hci5: command 0x0405 tx timeout
[  660.709176][T13968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  660.734830][T13968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  660.736583][T13832] 8021q: adding VLAN 0 to HW filter on device bond0
[  660.828101][T14018] input: syz0 as /devices/virtual/input/input25
[  661.056038][T10613] usb 8-1: USB disconnect, device number 15
[  661.188896][T13832] 8021q: adding VLAN 0 to HW filter on device team0
[  661.220043][T10613] cdc_ether 8-1:1.0 eth9: unregister 'cdc_ether' usb-dummy_hcd.7-1, CDC Ethernet Device
[  661.259410][ T7055] bridge0: port 1(bridge_slave_0) entered blocking state
[  661.266563][ T7055] bridge0: port 1(bridge_slave_0) entered forwarding state
[  661.280023][ T7055] bridge0: port 2(bridge_slave_1) entered blocking state
[  661.287158][ T7055] bridge0: port 2(bridge_slave_1) entered forwarding state
[  661.446742][T13832] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  661.520432][T13832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  661.946291][T14048] netlink: 'syz.7.1759': attribute type 1 has an invalid length.
[  661.954164][T14048] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1759'.
[  661.973115][T14051] FAULT_INJECTION: forcing a failure.
[  661.973115][T14051] name failslab, interval 1, probability 0, space 0, times 0
[  661.988516][T14051] CPU: 1 UID: 0 PID: 14051 Comm: syz.6.1760 Not tainted 6.14.0-syzkaller #0
[  661.988540][T14051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  661.988549][T14051] Call Trace:
[  661.988553][T14051]  <TASK>
[  661.988560][T14051]  dump_stack_lvl+0x16c/0x1f0
[  661.988585][T14051]  should_fail_ex+0x50a/0x650
[  661.988609][T14051]  ? fs_reclaim_acquire+0xae/0x150
[  661.988653][T14051]  should_failslab+0xc2/0x120
[  661.988671][T14051]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  661.988687][T14051]  ? alloc_empty_file+0x73/0x1e0
[  661.988711][T14051]  alloc_empty_file+0x73/0x1e0
[  661.988730][T14051]  dentry_open+0x46/0xd0
[  661.988750][T14051]  open_namespace+0x100/0x190
[  661.988775][T14051]  ? __pfx_open_namespace+0x10/0x10
[  661.988800][T14051]  ? do_raw_spin_unlock+0x172/0x230
[  661.988821][T14051]  pidfd_ioctl+0x775/0x20b0
[  661.988844][T14051]  ? __pfx_pidfd_ioctl+0x10/0x10
[  661.988869][T14051]  ? selinux_file_ioctl+0x180/0x270
[  661.988893][T14051]  ? selinux_file_ioctl+0xb4/0x270
[  661.988918][T14051]  ? __pfx_pidfd_ioctl+0x10/0x10
[  661.988939][T14051]  __x64_sys_ioctl+0x190/0x200
[  661.988963][T14051]  do_syscall_64+0xcd/0x250
[  661.988986][T14051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.989014][T14051] RIP: 0033:0x7fad2718d169
[  661.989028][T14051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.989043][T14051] RSP: 002b:00007fad27f02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  661.989058][T14051] RAX: ffffffffffffffda RBX: 00007fad273a5fa0 RCX: 00007fad2718d169
[  661.989068][T14051] RDX: 0000000000000000 RSI: 000000000000ff02 RDI: 0000000000000003
[  661.989078][T14051] RBP: 00007fad27f02090 R08: 0000000000000000 R09: 0000000000000000
[  661.989088][T14051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  661.989097][T14051] R13: 0000000000000000 R14: 00007fad273a5fa0 R15: 00007fff1b3b8318
[  661.989119][T14051]  </TASK>
[  662.007883][T13832] 8021q: adding VLAN 0 to HW filter on device batadv0
[  662.492475][T12641] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  663.133149][T13832] veth0_vlan: entered promiscuous mode
[  663.134616][T12192] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  663.145328][T13832] veth1_vlan: entered promiscuous mode
[  663.295318][T12641] usb 7-1: Using ep0 maxpacket: 32
[  663.323096][T12641] usb 7-1: config 0 has no interfaces?
[  663.330543][T12641] usb 7-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  663.347161][T12641] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.364577][T12192] usb 1-1: Using ep0 maxpacket: 8
[  663.374593][T12641] usb 7-1: Product: syz
[  663.380313][T12192] usb 1-1: config 6 has an invalid interface number: 2 but max is 0
[  663.384612][T13832] veth0_macvtap: entered promiscuous mode
[  663.401511][T12641] usb 7-1: Manufacturer: syz
[  663.408098][T13832] veth1_macvtap: entered promiscuous mode
[  663.411652][T12192] usb 1-1: config 6 has no interface number 0
[  663.421791][T12641] usb 7-1: SerialNumber: syz
[  663.442934][T12641] usb 7-1: config 0 descriptor??
[  663.452255][T12192] usb 1-1: config 6 interface 2 altsetting 255 endpoint 0xB has invalid wMaxPacketSize 0
[  663.460057][T13832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  663.478219][T12192] usb 1-1: config 6 interface 2 altsetting 255 has an endpoint descriptor with address 0xE9, changing to 0x89
[  663.487725][T13832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.513669][T12192] usb 1-1: config 6 interface 2 altsetting 255 endpoint 0x89 has invalid wMaxPacketSize 0
[  663.517654][T13832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  663.544170][T12192] usb 1-1: config 6 interface 2 has no altsetting 0
[  663.556981][T13832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.564069][T12192] usb 1-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  663.573257][T13832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  663.586609][T12192] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.586636][T12192] usb 1-1: Product: syz
[  663.586652][T12192] usb 1-1: Manufacturer: syz
[  663.609302][T12192] usb 1-1: SerialNumber: syz
[  663.614862][T13832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.629036][T12192] hso 1-1:6.2: Failed to find INT IN ep
[  663.635413][T13832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  663.659737][T13832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.691012][T13832] batman_adv: batadv0: Interface activated: batadv_slave_0
[  663.722268][T13832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  663.749565][T13832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.772933][T13832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  663.793905][T13832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  663.819727][T13832] batman_adv: batadv0: Interface activated: batadv_slave_1
[  663.856278][T12192] usb 1-1: USB disconnect, device number 44
[  663.888398][T13832] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  663.912789][T13832] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  663.934218][T13832] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  663.955908][T13832] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  664.149971][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  664.168592][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  664.225419][ T3545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  664.252557][ T3545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  665.426041][T14116] kAFS: No cell specified
[  665.458468][ T5819] usb 7-1: USB disconnect, device number 25
[  665.499697][  T969] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.634895][  T969] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.969173][  T969] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.030598][  T969] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.125053][  T969] bridge_slave_1: left allmulticast mode
[  666.130735][  T969] bridge_slave_1: left promiscuous mode
[  666.139263][  T969] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.149235][  T969] bridge_slave_0: left allmulticast mode
[  666.155233][  T969] bridge_slave_0: left promiscuous mode
[  666.160882][  T969] bridge0: port 1(bridge_slave_0) entered disabled state
[  666.487675][  T969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  666.497877][  T969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  666.511408][  T969] bond0 (unregistering): Released all slaves
[  666.898195][T14137] xt_CONNSECMARK: invalid mode: 3
[  668.398152][T14149] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1774'.
[  668.897423][   T30] audit: type=1400 audit(1742876899.800:911): avc:  denied  { link } for  pid=14151 comm="syz.5.1775" name="#1d" dev="tmpfs" ino=1295 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  669.324635][   T30] audit: type=1400 audit(1742876899.800:912): avc:  denied  { rename } for  pid=14151 comm="syz.5.1775" name="#1e" dev="tmpfs" ino=1295 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  669.455347][ T5824] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  669.473543][ T5824] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  669.482780][ T5824] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  669.490958][ T5824] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  669.498403][ T5824] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  669.505796][ T5824] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  669.620628][  T969] hsr_slave_0: left promiscuous mode
[  669.707391][  T969] hsr_slave_1: left promiscuous mode
[  669.713167][  T969] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  669.724933][ T5819] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  669.754207][  T969] batman_adv: batadv0: Removing interface: batadv_slave_0
[  670.291036][T10613] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  670.456941][T10613] usb 1-1: Using ep0 maxpacket: 16
[  670.469473][T10613] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  670.486689][  T969] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  670.502929][  T969] batman_adv: batadv0: Removing interface: batadv_slave_1
[  670.521913][T10613] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  670.642665][ T5819] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  670.674352][ T5819] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  670.774446][T10613] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  670.792113][  T969] veth1_macvtap: left promiscuous mode
[  670.818749][ T5819] usb 8-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  670.834442][T10613] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  670.844696][ T5819] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.845526][  T969] veth0_macvtap: left promiscuous mode
[  670.853641][T10613] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  670.876418][ T5819] usb 8-1: config 0 descriptor??
[  670.894054][T10613] usb 1-1: string descriptor 0 read error: -71
[  670.900306][T10613] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  670.918317][T10613] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  670.934728][T10613] usb 1-1: config 0 descriptor??
[  670.943678][T10613] usb 1-1: can't set config #0, error -71
[  670.952261][  T969] veth1_vlan: left promiscuous mode
[  670.962775][T10613] usb 1-1: USB disconnect, device number 45
[  670.969244][  T969] veth0_vlan: left promiscuous mode
[  671.219423][   T30] audit: type=1400 audit(1742876902.120:913): avc:  denied  { ioctl } for  pid=14160 comm="syz.7.1776" path="socket:[48026]" dev="sockfs" ino=48026 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  671.709874][ T5824] Bluetooth: hci5: command tx timeout
[  671.874201][T14195] netlink: 168 bytes leftover after parsing attributes in process `syz.6.1780'.
[  672.053916][   T30] audit: type=1400 audit(1742876902.960:914): avc:  denied  { create } for  pid=14200 comm="syz.6.1783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  672.079194][   T30] audit: type=1400 audit(1742876903.000:915): avc:  denied  { ioctl } for  pid=14200 comm="syz.6.1783" path="socket:[48177]" dev="sockfs" ino=48177 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  672.090181][ T5819] usbhid 8-1:0.0: can't add hid device: -71
[  672.103903][    C0] vkms_vblank_simulate: vblank timer overrun
[  672.116033][T14202] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1782'.
[  672.125132][ T5819] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  672.158015][ T5819] usb 8-1: USB disconnect, device number 16
[  672.209979][   T30] audit: type=1400 audit(1742876903.130:916): avc:  denied  { connect } for  pid=14203 comm="syz.6.1784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  672.398433][  T969] team0 (unregistering): Port device team_slave_1 removed
[  672.454007][  T969] team0 (unregistering): Port device team_slave_0 removed
[  672.775751][T14209] ax25_connect(): syz.7.1786 uses autobind, please contact jreuter@yaina.de
[  673.097301][T14202] batman_adv: batadv0: Removing interface: batadv_slave_1
[  673.312081][T14158] lo speed is unknown, defaulting to 1000
[  673.603159][T14231] lo: entered allmulticast mode
[  673.644038][T14231] tunl0: entered allmulticast mode
[  673.678016][T14231] gre0: entered allmulticast mode
[  673.702401][T14231] gretap0: entered allmulticast mode
[  673.765177][T14231] erspan0: entered allmulticast mode
[  673.784785][ T5824] Bluetooth: hci5: command tx timeout
[  673.811762][T14231] ip_vti0: entered allmulticast mode
[  673.879366][T14231] ip6_vti0: entered allmulticast mode
[  673.923674][T14231] sit0: entered allmulticast mode
[  673.945368][   T30] audit: type=1400 audit(1742876904.860:917): avc:  denied  { getopt } for  pid=14244 comm="syz.7.1791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  674.346599][T14231] ip6tnl0: entered allmulticast mode
[  674.466264][T14231] ip6gre0: entered allmulticast mode
[  674.543383][T14231] syz_tun: entered allmulticast mode
[  674.618608][T14231] ip6gretap0: entered allmulticast mode
[  674.694359][T14158] wg1 speed is unknown, defaulting to 1000
[  674.701276][T14158] lo speed is unknown, defaulting to 1000
[  674.763551][T14255] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1795'.
[  674.906012][T14261] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  674.924462][T10613] IPVS: starting estimator thread 0...
[  675.014589][T14265] IPVS: using max 33 ests per chain, 79200 per kthread
[  675.054497][ T5906] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  675.100420][T14275] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1799'.
[  675.214862][ T5906] usb 1-1: Using ep0 maxpacket: 16
[  675.241757][T14158] chnl_net:caif_netlink_parms(): no params data found
[  675.264123][ T5906] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  675.281947][ T5906] usb 1-1: config 0 has no interface number 0
[  675.308568][ T5906] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  675.324749][T14281] ax25_connect(): syz.7.1800 uses autobind, please contact jreuter@yaina.de
[  675.335411][T10613] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  675.335853][ T5906] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  675.484789][T10613] usb 6-1: Using ep0 maxpacket: 16
[  675.500888][T10613] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  675.500904][ T5906] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  675.519341][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  675.535454][ T5906] usb 1-1: Product: syz
[  675.560916][T10613] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  675.571120][ T5906] usb 1-1: SerialNumber: syz
[  675.743480][ T5906] usb 1-1: config 0 descriptor??
[  675.765216][T14158] bridge0: port 1(bridge_slave_0) entered blocking state
[  675.772378][T14158] bridge0: port 1(bridge_slave_0) entered disabled state
[  675.785053][T10613] usb 6-1: config 0 has no interface number 0
[  675.785077][ T5906] cm109 1-1:0.8: invalid payload size 0, expected 4
[  675.797231][T10613] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  675.811987][T10613] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.812382][T14158] bridge_slave_0: entered allmulticast mode
[  675.830316][T10613] usb 6-1: Product: syz
[  675.831947][ T5906] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input26
[  675.840449][T10613] usb 6-1: Manufacturer: syz
[  675.852849][T14158] bridge_slave_0: entered promiscuous mode
[  675.855526][T10613] usb 6-1: SerialNumber: syz
[  675.869352][ T5824] Bluetooth: hci5: command tx timeout
[  675.890672][   T30] audit: type=1400 audit(1742876906.800:918): avc:  denied  { read } for  pid=14285 comm="syz.6.1801" path="socket:[48452]" dev="sockfs" ino=48452 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  675.894014][T10613] usb 6-1: config 0 descriptor??
[  675.922552][T10613] usb 6-1: Found UVC 0.00 device syz (046d:08f3)
[  675.929006][T10613] usb 6-1: No valid video chain found.
[  675.941570][T14158] bridge0: port 2(bridge_slave_1) entered blocking state
[  675.996909][T14158] bridge0: port 2(bridge_slave_1) entered disabled state
[  676.055721][T14158] bridge_slave_1: entered allmulticast mode
[  676.088257][T14158] bridge_slave_1: entered promiscuous mode
[  676.130941][T14255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.165562][T14255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.181614][T14158] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  676.190023][   T30] audit: type=1400 audit(1742876907.100:919): avc:  denied  { listen } for  pid=14267 comm="syz.5.1798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  676.198826][T14158] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  676.215081][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  676.234058][ T5824] Bluetooth: hci1: Malformed LE Event: 0x0d
[  676.268770][T10613] usb 6-1: USB disconnect, device number 37
[  676.352335][T14302] lo speed is unknown, defaulting to 1000
[  676.393376][T14302] wg1 speed is unknown, defaulting to 1000
[  676.396522][T14304] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1804'.
[  676.408372][T14302] lo speed is unknown, defaulting to 1000
[  676.483377][T14158] team0: Port device team_slave_0 added
[  676.500799][T14255] xt_CT: You must specify a L4 protocol and not use inversions on it
[  676.515018][T14158] team0: Port device team_slave_1 added
[  676.551222][T14158] batman_adv: batadv0: Adding interface: batadv_slave_0
[  676.558299][T14158] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  676.584234][    C0] vkms_vblank_simulate: vblank timer overrun
[  676.776995][T14158] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  676.797188][ T5906] usb 1-1: USB disconnect, device number 46
[  676.968706][ T5906] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  677.133377][T14158] batman_adv: batadv0: Adding interface: batadv_slave_1
[  677.149112][T14158] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  677.176956][T14158] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  677.263518][T14158] hsr_slave_0: entered promiscuous mode
[  677.277441][T14158] hsr_slave_1: entered promiscuous mode
[  677.296115][T14158] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  677.306808][   T30] audit: type=1400 audit(1742876908.230:920): avc:  denied  { write } for  pid=14323 comm="syz.6.1810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  677.325513][T14158] Cannot create hsr debugfs directory
[  677.461116][   T30] audit: type=1400 audit(1742876908.370:921): avc:  denied  { append } for  pid=14326 comm="syz.6.1811" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  678.269606][ T5824] Bluetooth: hci5: command tx timeout
[  678.411729][   T30] audit: type=1400 audit(1742876909.310:922): avc:  denied  { connect } for  pid=14330 comm="syz.0.1813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  678.498651][T14340] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1814'.
[  678.848624][T14347] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  678.893088][T14347] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2816 sclass=netlink_route_socket pid=14347 comm=syz.0.1816
[  680.595873][T10613] libceph: connect (1)[c::]:6789 error -101
[  680.601852][T10613] libceph: mon0 (1)[c::]:6789 connect error
[  680.941515][T14363] ceph: No mds server is up or the cluster is laggy
[  680.949143][T12641] libceph: connect (1)[b::]:6789 error -101
[  680.984325][T12641] libceph: mon0 (1)[b::]:6789 connect error
[  681.143092][T14158] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  681.829107][ T5819] libceph: connect (1)[c::]:6789 error -101
[  681.845658][ T5819] libceph: mon0 (1)[c::]:6789 connect error
[  681.866891][T14158] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  681.895560][T14372] ceph: No mds server is up or the cluster is laggy
[  681.994825][T14158] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  682.011970][T14158] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  682.811449][T14158] 8021q: adding VLAN 0 to HW filter on device bond0
[  682.901259][T14158] 8021q: adding VLAN 0 to HW filter on device team0
[  682.952059][ T7200] bridge0: port 1(bridge_slave_0) entered blocking state
[  682.959219][ T7200] bridge0: port 1(bridge_slave_0) entered forwarding state
[  683.026206][ T7055] bridge0: port 2(bridge_slave_1) entered blocking state
[  683.033360][ T7055] bridge0: port 2(bridge_slave_1) entered forwarding state
[  683.196589][T14416] netlink: 'syz.5.1827': attribute type 1 has an invalid length.
[  683.614314][T14158] 8021q: adding VLAN 0 to HW filter on device batadv0
[  684.870104][T14467] netlink: 'syz.0.1836': attribute type 1 has an invalid length.
[  684.882881][T14467] netlink: 'syz.0.1836': attribute type 2 has an invalid length.
[  685.345894][T10613] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  685.474904][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  685.481386][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  685.536805][T14158] veth0_vlan: entered promiscuous mode
[  685.545294][T10613] usb 1-1: device descriptor read/64, error -71
[  685.588674][T14158] veth1_vlan: entered promiscuous mode
[  685.674145][T14158] veth0_macvtap: entered promiscuous mode
[  685.697979][T14158] veth1_macvtap: entered promiscuous mode
[  685.729735][T14158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  685.754200][T14158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  685.795147][T14158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  685.805835][T10613] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  685.878613][T14158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  685.933100][T14158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  685.993755][T10613] usb 1-1: device descriptor read/64, error -71
[  686.000823][T14158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  686.032302][T14158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  686.151173][T10613] usb usb1-port1: attempt power cycle
[  686.163861][T14158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  686.179974][T14158] batman_adv: batadv0: Interface activated: batadv_slave_0
[  686.198141][T14495] veth0_vlan: entered allmulticast mode
[  686.799130][T14158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  686.829991][T14158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  686.844792][T14158] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  686.855577][T14158] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  686.867701][T14158] batman_adv: batadv0: Interface activated: batadv_slave_1
[  686.885122][T14158] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  686.911684][T14158] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  686.931906][T14158] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  687.105287][T10613] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  687.119349][T14158] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  687.135620][T10613] usb 1-1: device descriptor read/8, error -71
[  687.394693][T10613] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  687.655107][T10613] usb 1-1: device descriptor read/8, error -71
[  687.810036][T10613] usb usb1-port1: unable to enumerate USB device
[  687.862646][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  687.910176][  T969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  687.945479][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  687.975856][  T969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  688.064910][T14524] FAULT_INJECTION: forcing a failure.
[  688.064910][T14524] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  688.111490][T14524] CPU: 1 UID: 0 PID: 14524 Comm: syz.0.1845 Not tainted 6.14.0-syzkaller #0
[  688.111518][T14524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  688.111528][T14524] Call Trace:
[  688.111534][T14524]  <TASK>
[  688.111541][T14524]  dump_stack_lvl+0x16c/0x1f0
[  688.111570][T14524]  should_fail_ex+0x50a/0x650
[  688.111601][T14524]  _copy_from_iter+0x2a1/0x1560
[  688.111620][T14524]  ? trace_lock_acquire+0x14e/0x1f0
[  688.111640][T14524]  ? __alloc_skb+0x1fe/0x380
[  688.111666][T14524]  ? __pfx__copy_from_iter+0x10/0x10
[  688.111682][T14524]  ? __virt_addr_valid+0x1a4/0x590
[  688.111704][T14524]  ? __virt_addr_valid+0x5e/0x590
[  688.111721][T14524]  ? __phys_addr_symbol+0x30/0x80
[  688.111738][T14524]  ? __check_object_size+0x488/0x710
[  688.111763][T14524]  netlink_sendmsg+0x813/0xd70
[  688.111793][T14524]  ? __pfx_netlink_sendmsg+0x10/0x10
[  688.111827][T14524]  ____sys_sendmsg+0xaaf/0xc90
[  688.111847][T14524]  ? copy_msghdr_from_user+0x10b/0x160
[  688.111872][T14524]  ? __pfx_____sys_sendmsg+0x10/0x10
[  688.111904][T14524]  ___sys_sendmsg+0x135/0x1e0
[  688.111931][T14524]  ? __pfx____sys_sendmsg+0x10/0x10
[  688.111974][T14524]  ? __pfx_lock_release+0x10/0x10
[  688.111996][T14524]  ? trace_lock_acquire+0x14e/0x1f0
[  688.112024][T14524]  ? __fget_files+0x206/0x3a0
[  688.112047][T14524]  __sys_sendmsg+0x16e/0x220
[  688.112074][T14524]  ? __pfx___sys_sendmsg+0x10/0x10
[  688.112116][T14524]  do_syscall_64+0xcd/0x250
[  688.112142][T14524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.112165][T14524] RIP: 0033:0x7fc2eed8d169
[  688.112179][T14524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  688.112196][T14524] RSP: 002b:00007fc2efb40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  688.112212][T14524] RAX: ffffffffffffffda RBX: 00007fc2eefa5fa0 RCX: 00007fc2eed8d169
[  688.112223][T14524] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004
[  688.112233][T14524] RBP: 00007fc2efb40090 R08: 0000000000000000 R09: 0000000000000000
[  688.112243][T14524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  688.112253][T14524] R13: 0000000000000000 R14: 00007fc2eefa5fa0 R15: 00007ffcbef32828
[  688.112274][T14524]  </TASK>
[  688.333959][    C1] vkms_vblank_simulate: vblank timer overrun
[  688.340009][T12192] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  688.504840][T12192] usb 6-1: Using ep0 maxpacket: 16
[  688.514611][T12192] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  688.541193][T12192] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  688.600893][   T30] audit: type=1400 audit(1742876919.500:923): avc:  denied  { watch } for  pid=14531 comm="syz.0.1847" path="/435/file0" dev="rpc_pipefs" ino=50282 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1
[  688.645240][ T5819] usb 7-1: new full-speed USB device number 26 using dummy_hcd
[  688.649464][T12192] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  689.031785][T12192] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.040029][   T30] audit: type=1400 audit(1742876919.500:924): avc:  denied  { unmount } for  pid=14531 comm="syz.0.1847" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  689.061891][T12192] usb 6-1: config 0 descriptor??
[  689.070756][ T5819] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  689.084278][ T5819] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  689.124606][ T5819] usb 7-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  689.169978][ T5819] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.301316][T12192] usbhid 6-1:0.0: can't add hid device: -71
[  689.308260][T12192] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  689.331647][ T5819] usb 7-1: config 0 descriptor??
[  689.354174][T12192] usb 6-1: USB disconnect, device number 38
[  689.425775][  T969] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.515672][  T969] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.601156][  T969] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.689770][  T969] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.778046][ T5819] isku 0003:1E7D:319C.001A: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.6-1/input0
[  689.791938][  T969] bridge_slave_1: left allmulticast mode
[  689.798039][  T969] bridge_slave_1: left promiscuous mode
[  689.803768][  T969] bridge0: port 2(bridge_slave_1) entered disabled state
[  689.815231][  T969] bridge_slave_0: left allmulticast mode
[  689.828231][  T969] bridge_slave_0: left promiscuous mode
[  689.833947][  T969] bridge0: port 1(bridge_slave_0) entered disabled state
[  689.985398][ T5819] isku 0003:1E7D:319C.001A: couldn't init struct isku_device
[  689.992814][ T5819] isku 0003:1E7D:319C.001A: couldn't install keyboard
[  690.034220][ T5819] isku 0003:1E7D:319C.001A: probe with driver isku failed with error -71
[  690.064294][ T5819] usb 7-1: USB disconnect, device number 26
[  690.315698][  T969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  690.325784][  T969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  690.338860][  T969] bond0 (unregistering): Released all slaves
[  690.714129][T14590] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1849'.
[  690.736818][T14594] xt_hashlimit: Unknown mode mask 2000, kernel too old?
[  691.423583][T14607] netlink: 'syz.5.1852': attribute type 16 has an invalid length.
[  691.423604][T14609] netlink: 'syz.5.1852': attribute type 16 has an invalid length.
[  691.431545][T14607] netlink: 'syz.5.1852': attribute type 3 has an invalid length.
[  691.451616][T14607] netlink: 'syz.5.1852': attribute type 1 has an invalid length.
[  691.459608][T14607] netlink: 'syz.5.1852': attribute type 2 has an invalid length.
[  691.467690][T14609] netlink: 'syz.5.1852': attribute type 3 has an invalid length.
[  691.477231][T14609] netlink: 'syz.5.1852': attribute type 1 has an invalid length.
[  691.485151][T14609] netlink: 'syz.5.1852': attribute type 2 has an invalid length.
[  691.493058][T14609] netlink: 64022 bytes leftover after parsing attributes in process `syz.5.1852'.
[  691.625197][T14615] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  691.877460][T14607] netlink: 64022 bytes leftover after parsing attributes in process `syz.5.1852'.
[  691.896324][T14612] trusted_key: encrypted_key: master key parameter 'ew' is invalid
[  691.987429][  T969] hsr_slave_0: left promiscuous mode
[  692.144496][  T969] hsr_slave_1: left promiscuous mode
[  692.417687][  T969] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  692.445816][ T5830] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  692.475628][ T5830] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  692.483425][  T969] batman_adv: batadv0: Removing interface: batadv_slave_0
[  692.587313][ T5830] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  692.604343][ T5830] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  692.612330][ T5830] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  692.612756][  T969] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  692.629850][ T5830] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  693.865813][   T30] audit: type=1400 audit(1742876924.780:925): avc:  denied  { map } for  pid=14628 comm="syz.7.1857" path="socket:[51344]" dev="sockfs" ino=51344 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  693.895091][  T969] batman_adv: batadv0: Removing interface: batadv_slave_1
[  693.951300][T14618] netlink: 'syz.6.1855': attribute type 58 has an invalid length.
[  693.959705][T14618] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1855'.
[  694.017046][  T969] veth1_macvtap: left promiscuous mode
[  694.042872][  T969] veth0_macvtap: left promiscuous mode
[  694.109533][  T969] veth1_vlan: left promiscuous mode
[  694.128856][  T969] veth0_vlan: left promiscuous mode
[  694.364509][ T3166] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  694.459028][  T969] team0 (unregistering): Port device team_slave_1 removed
[  694.498766][  T969] team0 (unregistering): Port device team_slave_0 removed
[  694.524685][ T3166] usb 8-1: Using ep0 maxpacket: 8
[  694.535469][ T3166] usb 8-1: config 0 has an invalid interface number: 52 but max is 0
[  694.556817][ T3166] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  694.568079][ T3166] usb 8-1: config 0 has no interface number 0
[  694.574190][ T3166] usb 8-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  694.589041][ T3166] usb 8-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  694.602203][ T3166] usb 8-1: config 0 interface 52 has no altsetting 0
[  694.610670][ T3166] usb 8-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  694.624178][ T3166] usb 8-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  694.632313][ T3166] usb 8-1: Manufacturer: syz
[  694.644021][ T3166] usb 8-1: config 0 descriptor??
[  694.870193][ T3166] input: syz as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.52/input/input27
[  695.000552][ T5830] Bluetooth: hci5: command tx timeout
[  695.125075][ T3166] usb 8-1: USB disconnect, device number 17
[  695.131018][    C1] synaptics_usb 8-1:0.52: synusb_irq - usb_submit_urb failed with result: -19
[  695.182193][T14610] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  695.221656][T14610] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  695.230783][T14610] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  695.240081][T14610] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  695.249143][T14610] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  695.377322][T14623] lo speed is unknown, defaulting to 1000
[  695.559081][T14623] wg1 speed is unknown, defaulting to 1000
[  695.592797][T14623] lo speed is unknown, defaulting to 1000
[  695.688136][   T30] audit: type=1400 audit(1742876926.600:926): avc:  denied  { setattr } for  pid=14653 comm="syz.6.1861" name="/" dev="9p" ino=4412287765254868893 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  696.326379][ T5819] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  696.537599][ T5819] usb 1-1: Using ep0 maxpacket: 8
[  696.553679][ T5819] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  696.565703][ T5819] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  696.575913][ T5819] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  696.596805][ T5819] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  696.606788][ T5819] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.619958][ T5819] usb 1-1: Product: syz
[  696.624257][ T5819] usb 1-1: Manufacturer: syz
[  696.916875][ T5819] usb 1-1: SerialNumber: syz
[  697.064482][ T5830] Bluetooth: hci5: command tx timeout
[  697.875583][T14623] chnl_net:caif_netlink_parms(): no params data found
[  698.524892][ T3166] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  698.593143][T14623] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.600404][T14623] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.624773][T14623] bridge_slave_0: entered allmulticast mode
[  698.634128][T14623] bridge_slave_0: entered promiscuous mode
[  698.662103][T14623] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.719095][ T5819] cdc_ncm 1-1:1.0: bind() failure
[  698.755216][T14623] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.766008][ T3166] usb 8-1: device descriptor read/64, error -71
[  698.776963][ T5819] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  698.783778][ T5819] cdc_ncm 1-1:1.1: bind() failure
[  698.794710][T14623] bridge_slave_1: entered allmulticast mode
[  698.804804][ T5819] usb 1-1: USB disconnect, device number 51
[  698.811834][T14623] bridge_slave_1: entered promiscuous mode
[  699.134554][ T3166] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  699.154485][ T5830] Bluetooth: hci5: command tx timeout
[  699.334866][ T3166] usb 8-1: device descriptor read/64, error -71
[  699.553608][ T3166] usb usb8-port1: attempt power cycle
[  699.563270][T14623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  699.892027][T14623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  700.005171][ T3166] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  700.040625][T14724] xt_hashlimit: Unknown mode mask 2000, kernel too old?
[  700.056693][ T3166] usb 8-1: device descriptor read/8, error -71
[  700.078882][T14623] team0: Port device team_slave_0 added
[  700.118241][T14623] team0: Port device team_slave_1 added
[  700.324669][ T3166] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  700.338214][T14623] batman_adv: batadv0: Adding interface: batadv_slave_0
[  700.348985][T14623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  700.393902][ T3166] usb 8-1: device descriptor read/8, error -71
[  700.442638][T14623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  700.525011][ T3166] usb usb8-port1: unable to enumerate USB device
[  700.558578][   T30] audit: type=1400 audit(1742876931.470:927): avc:  denied  { relabelfrom } for  pid=14732 comm="syz.6.1875" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  700.635227][T14623] batman_adv: batadv0: Adding interface: batadv_slave_1
[  700.642207][T14623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  700.643618][   T30] audit: type=1400 audit(1742876931.470:928): avc:  denied  { relabelto } for  pid=14732 comm="syz.6.1875" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  700.668519][T14623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  700.710172][T14746] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  700.734644][T14745] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  700.742263][T14745] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  700.778143][T14746] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  700.841937][T14623] hsr_slave_0: entered promiscuous mode
[  700.848509][T14623] hsr_slave_1: entered promiscuous mode
[  700.854821][T14623] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  700.862506][T14623] Cannot create hsr debugfs directory
[  701.246190][T14766] xt_hashlimit: size too large, truncated to 1048576
[  701.293247][ T5830] Bluetooth: hci5: command tx timeout
[  701.338688][T14767] xt_HMARK: proto mask must be zero with L3 mode
[  703.581284][T14623] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  703.620483][T14623] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  703.637811][T14623] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  703.651134][T14623] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  703.671706][T14802] xt_hashlimit: Unknown mode mask 2000, kernel too old?
[  703.704633][    T9] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  703.738078][T14623] 8021q: adding VLAN 0 to HW filter on device bond0
[  703.796643][T14623] 8021q: adding VLAN 0 to HW filter on device team0
[  703.818834][ T7200] bridge0: port 1(bridge_slave_0) entered blocking state
[  703.825952][ T7200] bridge0: port 1(bridge_slave_0) entered forwarding state
[  703.864562][    T9] usb 1-1: Using ep0 maxpacket: 32
[  703.874525][    T9] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  703.882872][    T9] usb 1-1: config 0 has no interface number 0
[  703.894473][    T9] usb 1-1: config 0 interface 184 has no altsetting 0
[  703.908306][ T3545] bridge0: port 2(bridge_slave_1) entered blocking state
[  703.915418][ T3545] bridge0: port 2(bridge_slave_1) entered forwarding state
[  703.936178][    T9] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  703.948335][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.956583][    T9] usb 1-1: Product: syz
[  703.960897][    T9] usb 1-1: Manufacturer: syz
[  703.973822][    T9] usb 1-1: SerialNumber: syz
[  703.993807][    T9] usb 1-1: config 0 descriptor??
[  704.008323][    T9] smsc75xx v1.0.0
[  704.012295][    T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  704.023282][    T9] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[  704.259312][T14822] netlink: 'syz.6.1889': attribute type 4 has an invalid length.
[  704.302285][T14791] netlink: 'syz.0.1886': attribute type 1 has an invalid length.
[  704.327941][T14791] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1886'.
[  704.346312][T14623] 8021q: adding VLAN 0 to HW filter on device batadv0
[  704.394360][    T9] usb 1-1: USB disconnect, device number 52
[  704.431313][   T30] audit: type=1400 audit(1742876935.310:929): avc:  denied  { watch watch_reads } for  pid=14790 comm="syz.0.1886" path="/445/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  704.524893][ T5819] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  704.696102][ T5819] usb 8-1: Using ep0 maxpacket: 8
[  704.707033][ T5819] usb 8-1: config 6 has an invalid interface number: 2 but max is 0
[  704.795800][ T5819] usb 8-1: config 6 has no interface number 0
[  704.840664][ T5819] usb 8-1: config 6 interface 2 altsetting 255 endpoint 0xB has invalid wMaxPacketSize 0
[  704.926322][ T5819] usb 8-1: config 6 interface 2 altsetting 255 has an endpoint descriptor with address 0xE9, changing to 0x89
[  704.949991][ T5819] usb 8-1: config 6 interface 2 altsetting 255 endpoint 0x89 has invalid wMaxPacketSize 0
[  704.974730][ T5819] usb 8-1: config 6 interface 2 has no altsetting 0
[  705.116137][ T5819] usb 8-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  705.173078][ T5819] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.207821][   T30] audit: type=1400 audit(1742876936.100:930): avc:  denied  { unmount } for  pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  705.273792][ T5819] usb 8-1: Product: syz
[  705.293839][ T5819] usb 8-1: Manufacturer: syz
[  705.328939][ T5819] usb 8-1: SerialNumber: syz
[  705.360320][ T5819] hso 8-1:6.2: Failed to find INT IN ep
[  705.406632][T14623] veth0_vlan: entered promiscuous mode
[  705.858143][T14872] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  705.888878][T14623] veth1_vlan: entered promiscuous mode
[  706.012438][    T9] usb 8-1: USB disconnect, device number 22
[  706.175014][T14623] veth0_macvtap: entered promiscuous mode
[  706.209679][T14623] veth1_macvtap: entered promiscuous mode
[  706.253751][T14623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  706.266141][T14884] input: syz0 as /devices/virtual/input/input28
[  706.271478][T14623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  706.282733][T14885] xt_hashlimit: Unknown mode mask 2000, kernel too old?
[  706.290493][T14623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  706.320277][T14623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  706.347850][T14623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  706.365095][T14623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  706.374512][ T5906] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[  706.399115][T14623] batman_adv: batadv0: Interface activated: batadv_slave_0
[  706.450531][T14623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  706.482760][T14623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  706.497796][T14623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  706.514434][T14623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  706.526387][ T5906] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  706.550380][T14623] batman_adv: batadv0: Interface activated: batadv_slave_1
[  706.559881][ T5906] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  706.566218][T14623] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  706.598899][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.611102][T14623] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  706.612614][ T5906] usb 6-1: Product: syz
[  706.624441][T14623] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  706.624477][T14623] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  706.749386][ T5906] usb 6-1: Manufacturer: syz
[  706.766604][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  706.772126][ T5906] usb 6-1: SerialNumber: syz
[  706.775543][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  707.235282][   T31] INFO: task syz.2.1401:11946 blocked for more than 143 seconds.
[  707.586264][T14877] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  707.666909][  T969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  707.674988][   T31]       Not tainted 6.14.0-syzkaller #0
[  707.680541][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  707.704643][  T969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  707.719811][   T31] task:syz.2.1401      state:D stack:28368 pid:11946 tgid:11945 ppid:5826   task_flags:0x400740 flags:0x00004006
[  707.732084][   T31] Call Trace:
[  707.741111][   T31]  <TASK>
[  707.744200][   T31]  __schedule+0xf43/0x5890
[  707.748834][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  707.754306][   T31]  ? find_held_lock+0x2d/0x110
[  707.768842][   T31]  ? __pfx___schedule+0x10/0x10
[  707.773851][   T31]  ? schedule+0x298/0x350
[  707.781718][   T31]  ? __pfx_lock_release+0x10/0x10
[  707.789794][   T31]  ? finish_task_switch.isra.0+0x217/0xcc0
[  707.798084][   T31]  ? lock_acquire+0x2f/0xb0
[  707.808391][   T31]  ? schedule+0x1fd/0x350
[  707.812857][   T31]  schedule+0xe7/0x350
[  707.818144][   T31]  schedule_timeout+0x244/0x280
[  707.823114][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  707.833938][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  707.840330][   T31]  __wait_for_common+0x3e1/0x600
[  707.850332][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  707.856908][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  707.862496][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  707.873343][   T31]  wait_for_completion_state+0x1c/0x40
[  707.879808][   T31]  do_coredump+0x86f/0x4410
[  707.884628][   T31]  ? unwind_get_return_address+0x59/0xa0
[  707.890402][   T31]  ? __pfx_do_coredump+0x10/0x10
[  707.895817][   T31]  ? stack_trace_save+0x95/0xd0
[  707.900808][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  707.906366][   T31]  ? hlock_class+0x4e/0x130
[  707.911017][   T31]  ? stack_depot_save_flags+0x28/0x9c0
[  707.916696][   T31]  ? kasan_save_stack+0x42/0x60
[  707.921688][   T31]  ? kasan_save_stack+0x33/0x60
[  707.927806][   T31]  ? kasan_save_track+0x14/0x30
[  707.932787][   T31]  ? kasan_save_free_info+0x3b/0x60
[  707.943639][   T31]  ? __kasan_slab_free+0x51/0x70
[  707.954094][   T31]  ? kmem_cache_free+0x2e2/0x4d0
[  707.961071][   T31]  ? __sigqueue_free+0xba/0x2a0
[  707.970545][   T31]  ? get_signal+0xcbc/0x26c0
[  707.977340][   T31]  ? arch_do_signal_or_restart+0x90/0x7e0
[  707.983283][   T31]  ? syscall_exit_to_user_mode+0x150/0x2a0
[  707.992941][   T31]  ? find_held_lock+0x2d/0x110
[  707.999770][   T31]  ? proc_coredump_connector+0x2d2/0x4f0
[  708.010052][   T31]  ? __pfx_proc_coredump_connector+0x10/0x10
[  708.018298][   T31]  get_signal+0x230b/0x26c0
[  708.022938][   T31]  ? __pfx_get_signal+0x10/0x10
[  708.031952][   T31]  ? rcu_is_watching+0x12/0xc0
[  708.039345][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[  708.050611][   T31]  arch_do_signal_or_restart+0x90/0x7e0
[  708.059851][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  708.069922][   T31]  syscall_exit_to_user_mode+0x150/0x2a0
[  708.077434][   T31]  do_syscall_64+0xda/0x250
[  708.081999][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.093045][   T31] RIP: 0033:0x7fa1ef64e750
[  708.098694][   T31] RSP: 002b:00007fa1f06b53f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  708.112179][   T31] RAX: 0000000000000000 RBX: 00007fa1ef9a5fa8 RCX: 00007fa1ef78d169
[  708.121409][   T31] RDX: 00007fa1f06b5400 RSI: 00007fa1f06b5530 RDI: 000000000000000b
[  708.135838][   T31] RBP: 00007fa1ef9a5fa0 R08: 00007fa1f06b7000 R09: 0000000000000000
[  708.143951][   T31] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fa1ef9a5fac
[  708.160239][   T31] R13: 0000000000000000 R14: 00007ffe90a4a490 R15: 00007ffe90a4a578
[  708.170887][   T31]  </TASK>
[  708.201561][   T31] 
[  708.201561][   T31] Showing all locks held in the system:
[  708.222887][   T31] 1 lock held by ksoftirqd/1/25:
[  708.242377][T14877] netdevsim netdevsim5: Direct firmware load for .
[  708.242377][T14877]  failed with error -2
[  708.253983][T14877] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[  708.253983][T14877] 
[  708.276258][T12192] libceph: connect (1)[c::]:6789 error -101
[  708.285732][   T31]  #0: ffff8880b863ec18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  708.304656][T12192] libceph: mon0 (1)[c::]:6789 connect error
[  708.316248][ T5830] Bluetooth: hci4: SCO packet for unknown connection handle 201
[  708.326928][   T31] 1 lock held by khungtaskd/31:
[  708.348244][   T31]  #0: ffffffff8e1bd140 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390
[  708.360459][   T31] 2 locks held by getty/5582:
[  708.367718][   T31]  #0: ffff8880325e90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  708.380109][   T31]  #1: ffffc90002fe62f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480
[  708.390511][   T31] 5 locks held by kworker/0:5/5906:
[  708.395921][   T31]  #0: ffff8881442e7948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  708.407033][   T31]  #1: ffffc90003817d18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  708.418548][   T31]  #2: ffff888145799190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c1/0x4e10
[  708.427667][   T31]  #3: ffff88805a29b190 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7f/0x4b0
[  708.438385][   T31]  #4: ffff8880411df160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7f/0x4b0
[  708.448007][   T31] 4 locks held by udevd/11401:
[  708.452949][   T31]  #0: ffff8880376b1418 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xd8/0x12b0
[  708.462102][   T31]  #1: ffff88805e49dc88 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x4d/0x240
[  708.471692][   T31]  #2: ffff8880511e94b8 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x71/0x240
[  708.481427][   T31]  #3: ffff88805a29b190 (&dev->mutex){....}-{4:4}, at: uevent_show+0x188/0x3b0
[  708.491002][   T31] 1 lock held by syz-executor/14623:
[  708.496562][   T31]  #0: ffffffff8e1c85b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x282/0x3b0
[  708.506855][   T31] 2 locks held by syz.5.1899/14877:
[  708.512146][   T31]  #0: ffff888079418250 (&devlink->lock_key#6){+.+.}-{4:4}, at: devlink_compat_flash_update+0xb0/0x360
[  708.523578][   T31]  #1: ffffffff8e0734d0 (umhelper_sem){++++}-{4:4}, at: usermodehelper_read_trylock+0xaa/0x250
[  708.534160][   T31] 3 locks held by syz.5.1899/14938:
[  708.539633][   T31]  #0: ffff88805d366470 (&fc->uapi_mutex){+.+.}-{4:4}, at: __do_sys_fsconfig+0x747/0xbe0
[  708.549656][   T31]  #1: ffff88806d1f20e0 (&type->s_umount_key#68/1){+.+.}-{4:4}, at: alloc_super+0x23d/0xbd0
[  708.569759][   T31]  #2: ffff888061ac4090 (&client->mount_mutex){+.+.}-{4:4}, at: ceph_get_tree+0x801/0x1e10
[  708.582593][   T31] 
[  708.587064][T12192] libceph: connect (1)[c::]:6789 error -101
[  708.593033][T12192] libceph: mon0 (1)[c::]:6789 connect error
[  708.606708][   T31] =============================================
[  708.606708][   T31] 
[  708.643880][   T31] NMI backtrace for cpu 1
[  708.643896][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller #0
[  708.643916][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  708.643926][   T31] Call Trace:
[  708.643932][   T31]  <TASK>
[  708.643938][   T31]  dump_stack_lvl+0x116/0x1f0
[  708.643968][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  708.643989][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  708.644014][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  708.644048][   T31]  watchdog+0xf62/0x12b0
[  708.644078][   T31]  ? __pfx_watchdog+0x10/0x10
[  708.644102][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  708.644127][   T31]  ? __kthread_parkme+0x148/0x220
[  708.644146][   T31]  ? __pfx_watchdog+0x10/0x10
[  708.644172][   T31]  kthread+0x3af/0x750
[  708.644194][   T31]  ? __pfx_kthread+0x10/0x10
[  708.644218][   T31]  ? __pfx_kthread+0x10/0x10
[  708.644239][   T31]  ret_from_fork+0x45/0x80
[  708.644261][   T31]  ? __pfx_kthread+0x10/0x10
[  708.644280][   T31]  ret_from_fork_asm+0x1a/0x30
[  708.644310][   T31]  </TASK>
[  708.644317][   T31] Sending NMI from CPU 1 to CPUs 0:
[  708.755181][    C0] NMI backtrace for cpu 0
[  708.755195][    C0] CPU: 0 UID: 0 PID: 12192 Comm: kworker/0:2 Not tainted 6.14.0-syzkaller #0
[  708.755211][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  708.755220][    C0] Workqueue: mld mld_ifc_work
[  708.755239][    C0] RIP: 0010:hlock_class+0x56/0x130
[  708.755258][    C0] Code: 20 66 81 e3 ff 1f 0f b7 db be 08 00 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 c0 6c ec 96 e8 52 4a 87 00 48 0f a3 1d 6a a6 56 15 <73> 13 48 69 c3 c8 00 00 00 5b 48 05 e0 70 ec 96 c3 cc cc cc cc 48
[  708.755276][    C0] RSP: 0018:ffffc900036b7708 EFLAGS: 00000047
[  708.755287][    C0] RAX: 0000000000000001 RBX: 0000000000000021 RCX: ffffffff8195c64e
[  708.755296][    C0] RDX: fffffbfff2dd8d99 RSI: 0000000000000008 RDI: ffffffff96ec6cc0
[  708.755304][    C0] RBP: dffffc0000000000 R08: 0000000000000000 R09: fffffbfff2dd8d98
[  708.755313][    C0] R10: ffffffff96ec6cc7 R11: 0000000000000004 R12: ffffed100fa3e5e5
[  708.755322][    C0] R13: ffff88807d1f2440 R14: 0000000000000003 R15: 0000000000000004
[  708.755330][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  708.755344][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  708.755353][    C0] CR2: 0000557f45f86300 CR3: 000000000df80000 CR4: 00000000003526f0
[  708.755362][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  708.755370][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  708.755378][    C0] Call Trace:
[  708.755383][    C0]  <NMI>
[  708.755389][    C0]  ? nmi_cpu_backtrace+0x1d8/0x390
[  708.755405][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  708.755422][    C0]  ? nmi_handle+0x1ac/0x5d0
[  708.755440][    C0]  ? hlock_class+0x56/0x130
[  708.755454][    C0]  ? default_do_nmi+0x6a/0x160
[  708.755468][    C0]  ? exc_nmi+0x170/0x1e0
[  708.755485][    C0]  ? end_repeat_nmi+0xf/0x53
[  708.755505][    C0]  ? hlock_class+0x4e/0x130
[  708.755520][    C0]  ? hlock_class+0x56/0x130
[  708.755533][    C0]  ? hlock_class+0x56/0x130
[  708.755547][    C0]  ? hlock_class+0x56/0x130
[  708.755561][    C0]  </NMI>
[  708.755565][    C0]  <TASK>
[  708.755570][    C0]  __lock_acquire+0x623/0x3c40
[  708.755591][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  708.755608][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  708.755627][    C0]  lock_acquire.part.0+0x11b/0x380
[  708.755644][    C0]  ? ipv6_get_lladdr+0xd5/0x4f0
[  708.755661][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  708.755679][    C0]  ? rcu_is_watching+0x12/0xc0
[  708.755694][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  708.755708][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  708.755722][    C0]  ? ipv6_get_lladdr+0xd5/0x4f0
[  708.755738][    C0]  ? lock_acquire+0x2f/0xb0
[  708.755753][    C0]  ? ipv6_get_lladdr+0xd5/0x4f0
[  708.755770][    C0]  _raw_read_lock_bh+0x3f/0x70
[  708.755786][    C0]  ? ipv6_get_lladdr+0xd5/0x4f0
[  708.755802][    C0]  ipv6_get_lladdr+0xd5/0x4f0
[  708.755819][    C0]  mld_newpack.isra.0+0x41e/0xa20
[  708.755838][    C0]  ? __pfx_mld_newpack.isra.0+0x10/0x10
[  708.755857][    C0]  ? __pfx___mutex_trylock_common+0x10/0x10
[  708.755875][    C0]  ? mld_ifc_work+0x42/0xca0
[  708.755889][    C0]  ? add_grhead+0x299/0x340
[  708.755907][    C0]  add_grhead+0x299/0x340
[  708.755925][    C0]  add_grec+0x111e/0x1670
[  708.755936][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  708.755953][    C0]  ? debug_object_deactivate+0x13b/0x370
[  708.755972][    C0]  ? __pfx_add_grec+0x10/0x10
[  708.755984][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  708.756003][    C0]  mld_ifc_work+0x41f/0xca0
[  708.756015][    C0]  ? lock_acquire+0x2f/0xb0
[  708.756033][    C0]  process_one_work+0x9c5/0x1ba0
[  708.756053][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  708.756071][    C0]  ? __pfx_process_one_work+0x10/0x10
[  708.756089][    C0]  ? assign_work+0x1a0/0x250
[  708.756106][    C0]  worker_thread+0x6c8/0xf00
[  708.756124][    C0]  ? __kthread_parkme+0x148/0x220
[  708.756138][    C0]  ? __pfx_worker_thread+0x10/0x10
[  708.756155][    C0]  kthread+0x3af/0x750
[  708.756169][    C0]  ? __pfx_kthread+0x10/0x10
[  708.756184][    C0]  ? lock_acquire+0x2f/0xb0
[  708.756201][    C0]  ? __pfx_kthread+0x10/0x10
[  708.756216][    C0]  ret_from_fork+0x45/0x80
[  708.756233][    C0]  ? __pfx_kthread+0x10/0x10
[  708.756247][    C0]  ret_from_fork_asm+0x1a/0x30
[  708.756267][    C0]  </TASK>
[  708.761200][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  709.175226][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.14.0-syzkaller #0
[  709.183636][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  709.193686][   T31] Call Trace:
[  709.196948][   T31]  <TASK>
[  709.199863][   T31]  dump_stack_lvl+0x3d/0x1f0
[  709.204453][   T31]  panic+0x71d/0x800
[  709.208333][   T31]  ? __pfx_panic+0x10/0x10
[  709.212731][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  709.218093][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  709.224061][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  709.229420][   T31]  ? watchdog+0xdcc/0x12b0
[  709.233831][   T31]  ? watchdog+0xdbf/0x12b0
[  709.238252][   T31]  watchdog+0xddd/0x12b0
[  709.242486][   T31]  ? __pfx_watchdog+0x10/0x10
[  709.247151][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  709.252337][   T31]  ? __kthread_parkme+0x148/0x220
[  709.257346][   T31]  ? __pfx_watchdog+0x10/0x10
[  709.262014][   T31]  kthread+0x3af/0x750
[  709.266070][   T31]  ? __pfx_kthread+0x10/0x10
[  709.270649][   T31]  ? __pfx_kthread+0x10/0x10
[  709.275225][   T31]  ret_from_fork+0x45/0x80
[  709.279625][   T31]  ? __pfx_kthread+0x10/0x10
[  709.284203][   T31]  ret_from_fork_asm+0x1a/0x30
[  709.288959][   T31]  </TASK>
[  709.292165][   T31] Kernel Offset: disabled
[  709.296480][   T31] Rebooting in 86400 seconds..