last executing test programs:

20.453919025s ago: executing program 3 (id=3263):
r0 = syz_open_dev$usbfs(&(0x7f0000000280), 0x77, 0x101a01)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000140)=ANY=[@ANYBLOB="0200230318000aff60a0000002000020d3"])

20.286974323s ago: executing program 4 (id=3264):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x14, 0x453, 0x4, 0x70bd2d, 0xa0000000, "af"}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x11, @loopback, 0x4e1f, 0x0, 'ovf\x00'}, 0x2c)
sendmsg$inet(r1, &(0x7f0000000400)={&(0x7f0000000080)={0x2, 0x4e1f, @private}, 0x10, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x28}, 0x0)
r3 = syz_usbip_server_init(0x3)
write$usbip_server(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="00000002"], 0x30)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
connect$caif(r4, &(0x7f0000000140)=@dbg={0x25, 0xbc, 0xb}, 0x18)

20.081789117s ago: executing program 3 (id=3265):
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x10000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x61}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x9, 0x6, 0x2, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000340)=@ethtool_regs={0x12, 0x0, 0xd, "fbdbf978590aa1b88c44306d20"}})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0x0, 0x4, 0x4, 0x800, 0x0, @void, @value, @void, @value}, 0x50)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

19.391137179s ago: executing program 2 (id=3269):
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)={0x412000, 0x40, 0x1}, 0x18)
fchmodat(r0, &(0x7f0000000240)='./file1\x00', 0x85)
syz_open_dev$sndctrl(&(0x7f0000000640), 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x5)
socket$alg(0x26, 0x5, 0x0)
stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000180)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0)
r7 = openat$cgroup_procs(r5, 0x0, 0x2, 0x0)
sendfile(r7, r6, 0x0, 0x4)
quotactl$Q_QUOTAOFF(0xffffffff80000300, &(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, r4, 0x0)
pipe2(&(0x7f0000000040), 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x73, 0x101201)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r8 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$update(0x2, r8, &(0x7f0000000080)="fd", 0x1)

18.180071093s ago: executing program 4 (id=3271):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9100, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x19033}], 0x1, 0x3, 0x5)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00'})
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x11)
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a9a81)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002"])
ioctl$USBDEVFS_CONTROL(r3, 0x4008550d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x1)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r2, 0x5501)
ioctl$UI_DEV_DESTROY(r2, 0x5502)
syz_genetlink_get_family_id$nl80211(0x0, r1)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x24000000}, 0x4010)
socket$kcm(0x10, 0x0, 0x4)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448ca, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000014d564b00000000af"])

17.231652895s ago: executing program 2 (id=3273):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00'})
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, 0x0, 0x0)

17.194483191s ago: executing program 3 (id=3274):
r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x8}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0xf4, 0x0, 0x0, 0x40f00, 0x1c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f00000005c0)='./file1\x00', 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
sendto$inet6(r2, &(0x7f0000000a40)="a86e9f434018b1d660cc4d4caae1409c81c8bde3b84c404981eefe8ba42c54982c5828bdcd7d9febd8d884af89f31e5986b462a071382d4892bd3586ce23e7bbb5cbd083b215a63f21e0c51c5880af8cacea34e20a8e398af8b944ecac979bc8fb6cf65448f540ebfbd3728fed172675decd26e36c776e50d4815f15067cdb7a9ad442fd78198596ef0e6b6b20b59d7afd2395e90fff92a8d2cdffb834ddf44a21c8e33962ae6c7fe3d5ce3ff314397b48d1fa00d0b72e0a7e35067c74d29464cae06b1dfe51b1965e8cb6d7f8b140d796a8aca6d1979e5e6b7f01dad3b8b67a6b12c3333ddb7368329ce57b676d613e26d7eaf27c09d684ccb9ee9300"/268, 0x10c, 0x4005, &(0x7f0000000140)={0xa, 0x4e23, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}, 0x1c)
mount$cgroup(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280))
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="05c9"], 0x11)
r3 = getpid()
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='afs_make_fs_call\x00', r4}, 0xfffffffffffffd94)
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x33, &(0x7f0000000040)=0x200007b, 0x4)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, &(0x7f0000002a80)='\x00XL\xc9\xe9+%\xf6\x83\x92D\xeb\xc4\xf6x\x86&q\f\x05\xf2N\x91\xf6\xa0\x8c\x06\xe3\xa7*\xcc\x1e\x96\x1e\x00\x00\x00 A\xe3\x0f<\x02\xe9>\xf2\xcb\xf1\x00\x00C4\x94\x01\x1a\xc9\"\xf6\x8aK\xc7]\xc9v#$*\x0f\xe2\x93\x84\xfa\x0f\x0e\x1c\xd4\x90\xc7\x1a_07\x85N\veX\xd7\r\xac\x1b\xeb&\x85\xef>\xe5\xd0Y\v\xd9\xcf\x19\x1c\xc2\x7f,\xb0\x98\xceR\xe7c^\xbd\xa7\xf8XjV\xe98\xd3[2\xfa?&:.\xd31\xf1\xdahg\x01\x01L\xb4\x84z\xf1\xfb\xaa8\x11\xc2\x00\x00\xcf<\xad*\x9f\xe8\r;\xf4Ak/Qn\xe7\xc5\x1dm\x8c\x1a\rV\xff\x1dy$\xc5\x1a\xe1\x9eP\x95\xcc@>a*$&<\x1d\xde\xde\xc3\xb5\x12\x88\x00JG{\x9aH\x96\xfd\x87\x9c)\xd7\x15_\v\xc3e\xc8r\b,A`\x1f~\xc5\x16S\x1a3|g\x8bCU\xd2!\x8c\xd6\x87\xc4\xa0\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xea\x8c\xab\x96\x9co\xf2\x04\xe1\xad\xfd\xb0\x14\xc4\xa1\xf6h \x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\xb2\xaf%\xe2+\xde\xe3\x8d<\x00\x00\x16\x8f\xe5\xf3\xca\n\xfc\x8cZ\x9e\x8e<~\xdf\x1c\xb5\xda\xb0\x034\xee.\xd3\x04\xd4\xe8\xa5b[\t\x91\xb9AV;h\v@\x902\xc1\xb8R\xfar)cBCn\xeb*\'\x7f2\x81\xeb\xd7\t\xbe\xb8;\xa7\xb1{\x8c)\x87\\i\xd6\x03\x9e\xfc\xd4I\xc4\x14\xe2\xa0\xe2\x1f\x12\x1bPH\xba$\xfa\x81\xc5\xfaE/\xd3\x8d\x89`\xe0\x1c\x19\xe4\xa4T\x9a\xa3o\x9b\xb0\x10l\xe2\xe3\xf2\x86/\xa6\xf8,\x1c\x16\x85\x84\xd8F[\xd2$w3\x0f\xdbqR\xa8\xdf(\xfb1\x86\xb2\xcd\xb2\xcd\xa6&Gr\xc0\x98\xcb\xb7\xdf\xcd\v\xb61\xcc\xd6Dou=\xadF\xb7\xbfR\xcd\xf3S\xba\xa3\xe7\x8f\xad\x02\xf9\xfd\x9b\xf7RE\xe3\x0e\xeb\xbf\x1cr\xb1\xfb\x9f)\x890\xb8c\b\xeb\xd2Q\xea\x00\xa7K\x03\x9f}\xb4\xe8\xb7J\xed\x8d\x03NwT\xab\xd6\xe7\xc3\xca\x96p\xa5\x14\xa7\xdb\xa7$\xe4\x1c^tk\xaaq\xb1\xfd\x14\xfe*u\\w \x0e\xf9\xee\x8eDd\x9d=\xfc\n\x8da\xa9\x15\xde\x8a\xe0.7g<R\x89y*\xb8E\xab\a\x96l\xe1\x99`\xc8#\xb8\x8d\xda\xd90?\x8b\xecF\xf4N\xda\x82\x03\xdf\xa2\xec>xvc\xcd\x97')
syz_emit_vhci(&(0x7f0000000600)=ANY=[@ANYBLOB="04ff9a1b8e23930d0fe8348ffcef75bce7d9b48f6d960923cbf7a8c346b56201706e851dbb837a90da63a1a184eeadf19bbfc7e957c4b853377c27165423ff120df0a404e9ab76c7e0231ec9cc70dcb0179d4b69ba5c9c4f9fd6800966419f3f4a5ce2a688f5071b561bfc99bddc971e072ecaaa12333291f2bdb49c35059d907ce91abc39c6003f6e98cf3252d2858165ae3b67a8f3dc9339a67068801c85cc7a9467ccc15c0184f9dd3c5e9a79557de090e6b802a8f6ef793559296443e9390c638572de513228d22ba7d5b75ea0f616a8260c35248b713832df84a92289b88cfa03fcde"], 0x9d)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYRES8=r4, @ANYRESOCT=r4, @ANYRESOCT=r5, @ANYRESHEX, @ANYRES32=r1, @ANYRES16, @ANYRES16], 0x22)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$packet_int(r6, 0x107, 0x9, &(0x7f0000000000)=0x8, 0x4)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
getegid()
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
read$FUSE(0xffffffffffffffff, &(0x7f0000002d00)={0x2020}, 0x2020)
write(r7, &(0x7f00000000c0)="2700000014000707030e0000120f0a0011004ad75147a2c01f52ea064d13620100f5fe0012ff00", 0x27)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

16.413056901s ago: executing program 2 (id=3276):
r0 = fanotify_init(0x200, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.sectors\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = semget$private(0x0, 0x6, 0x0)
semop(r3, &(0x7f00000000c0)=[{0x0, 0x0, 0x1800}, {0x0, 0x8}, {0x2, 0x8}, {0x3, 0xff}], 0x4)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000002c0)='net/ip6_tables_targets\x00')
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x0, 0x0, @buffer={0x201, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0})
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6(0xa, 0x0, 0x0)
r6 = io_uring_setup(0x29ea, &(0x7f0000000480)={0x0, 0x0, 0x2})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r6, 0x13, &(0x7f0000000080), 0x2)
fanotify_mark(r0, 0x101, 0x4000086e, r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r7 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
mknodat$loop(r7, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
linkat(r8, &(0x7f0000000140)='./file1\x00', r8, &(0x7f00000002c0)='./file0\x00', 0x0)

8.903136052s ago: executing program 3 (id=3277):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
userfaultfd(0x801)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)=<r2=>0x0)
ptrace$PTRACE_GETSIGMASK(0x420a, r2, 0x8, &(0x7f0000000140))
r3 = add_key$keyring(0x0, &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r5, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, 0x0, 0x20048000)
r7 = memfd_create(&(0x7f0000000880)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc5\x1d\xe7jDf\x87@\x8fg\x15RJw\x82\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7g\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x5)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x2000007, 0x2012, r7, 0xb933c000)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_CONTINUE(r8, 0xc020aa04, &(0x7f0000000180)={{&(0x7f0000232000/0x2000)=nil, 0x2000}})
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x8)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x5c, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x200c8015}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELSETELEM={0x5c, 0xe, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x1e8, 0x8, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFTA_RULE_COMPAT={0x44, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0xd8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x890d}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x2e}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x89}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFTA_RULE_POSITION_ID={0x8}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_EXPRESSIONS={0x150, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @fwd={{0x8}, @void}}, {0x34, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x21}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x11}]}}}, {0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}, {0x40, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz2\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}}}, {0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}, {0x18, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}}}, {0x3c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_CSUM_TYPE={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xe7}, @NFTA_PAYLOAD_SREG={0x8}]}}}, {0x58, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_OSF_TTL={0x5, 0x2, 0x60}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x2b0}, 0x1, 0x0, 0x0, 0x2004a0a4}, 0x0)

8.714239286s ago: executing program 0 (id=3278):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
open$dir(&(0x7f0000002340)='./file1\x00', 0x6d65c0, 0x100)
fchownat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x100)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x85c}, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_mreq(r5, 0x29, 0x14, &(0x7f0000000140)={@mcast1}, 0x14)
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8b0b, &(0x7f0000000000)={'virt_wifi0\x00', @random="8dffffff0600"})
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), r4)
sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000126bd7000fcdbdf254b0000000c00a60000010000000000000c00a6000500000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x8014)
setsockopt$inet6_mreq(r5, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14)
syz_usb_disconnect(0xffffffffffffffff)
r8 = socket(0x10, 0x803, 0x0)
sendto(r8, &(0x7f0000000740)="1200000012", 0x5, 0x0, 0x0, 0x0)
recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0, 0x0, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000005c0))
close_range(r0, r5, 0x0)

8.528822007s ago: executing program 4 (id=3279):
syz_emit_ethernet(0x6e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa008e0000000086dd60810000000000009d", @ANYRES32=0x41424344, @ANYBLOB="e0000000907800001312d082e275205e556149a021cc13c33d8913"], 0x0)

8.222255466s ago: executing program 4 (id=3281):
sched_setscheduler(0x0, 0x1, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001180)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
ptrace$ARCH_GET_FS(0x1e, r0, &(0x7f0000000000), 0x1003)
getpid()
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3f, 0x822f01)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000700)=ANY=[@ANYBLOB="4800000002000000000000002000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800168024000180100002000000000000000000000000000c000400000000000200010004"], 0x48}}, 0x0)
r2 = inotify_init1(0x0)
sendfile(r1, r2, &(0x7f0000000080)=0x200, 0x718)
openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x918)

8.14924119s ago: executing program 2 (id=3282):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
read$watch_queue(r2, &(0x7f00000001c0)=""/242, 0xf2)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, <r3=>0x0}, &(0x7f0000000040)=0xc)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000100)={0x5, 0x1000, 0x3})
setresuid(0x0, r3, 0x0)
keyctl$setperm(0x5, r0, 0x1100100)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000280)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5776}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r7 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, &(0x7f0000000040), 0x4)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x329080, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5)
socket$netlink(0x10, 0x3, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2400000c8368e3557a539df7b9c6ba9820f917af50ea0829bbcfcbb0c044265579520bcea7b72e3144f5caebd9328dafaa7c39d9a0b3998f0029daf34c772fd0af313a42ee3db7bbbd2f164a17d4455b570f023286678a2892b60cc80c813e7b782c5ab724c876d35131c1d15d2ac59d44e31bdbd3", @ANYRESDEC=r8, @ANYBLOB="2100000000100000030001000000c0979b1d54257f01ca", @ANYRES16=r4, @ANYRES16=r7], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x404c854)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c000080", @ANYRES16=r10, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r11, @ANYBLOB="04002a001c002d800a00000002020202020200000a0000000202020202020000"], 0x3c}}, 0x0)

6.573424425s ago: executing program 1 (id=3283):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f000001aa80)=""/102385, 0x18ff1}], 0x1, 0x0, 0x0)
setxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000001500)=ANY=[@ANYBLOB="850000002200000007000000000000089500000000000000e26c9bd1a6361b80cdd6ff0700000000000869045aac0000659f55df08f9b90788ff7f00000010000029c21ebbcde61d8ab5920aef6c3e007fe61241638962cf0b89ef506cfd3f1d4163d3cfca3733b30070a7cf53021a9554320000000000000014569d65e33d46f8d8ae24ba69c657afac04379cb536008c219991704f11c5a01ba62ed8f2c6a503dd1b1d076f03b0f917c766f3a7598bbc00feb3bc8e88f79df517b37b56bcbc290080000000000000e675458a43b8a8935bf9cf0be7d0aeaac41405e341cd0ba0d6fd562489dad595712a4051bb6cf826ab757193fe093b8b3353fbbb278d19000000000000007b61805ed430ef06000000000000001e93f640f159320c8b088f4d64977b2eb312d4967aff9e4c14c66c90000054ed82c7cba4c81f91d6dfed18767bf0df584b4b6c4204df411f921e3aa02a67dd324b8176020e9c024751df38c05727f82c92046bfe64babb6d7ba86526b7886a0c2481c5812812a6fa3fca3758cbd8c32b25c28be225bd1f16297baa065f5bf96330fad0aaa4388c06c0eb2ecdf829af9577fcd868cc269b740000b777d73a63246ce6f0467167626329ab91df7a13d9ec9a64e7f6b56aeab8c38f69a213c96e2d2ad7978c9d721c270f27e7025d576535198742d403ec43572d7d0baf00e882617b260627805ca44200335ea4363066944d0aa6feb9705b09ba40d4642519281151f875cbf13a582f90ad719f0eccf02a473dd508a16138904933689ea6ee02412064730700aeff2b69c2f2bf6f691c3560e068743ae8e8771280da61fd8fdc3f7a35ea352e35753c59ebc1bd27ab6603e6afb1b3f057fbb7ed3aabe702b3c6301d3f5c295d1d69d1541d0e64631c95d6c0999e27e8d1a58f6a00f19102d2bfaf53f25a45637b1c577ae50c4c56d9abc40c64a20c14ff0b1bf4d23fe07ae90f503ba9c64bf89b26e7d8d70710b04f9ece69023acadbb4582272e5b3a0429a5675e5a9554de54945d9a270180e0545b0c824ad36f7cc8be12b3874d5a19349b0ede845e9ece24d546d3af1bae069b89f6ecf2aabb17eb1840bc8e0ed1dd8b9b7eeaf32a185d80250a7f2eeb756eadafe20bbc616bc44b347abc8caf722b2c3b06884c1d1690f23b06fa4541bb2a81073b452764f04bd39008b65ee222cf697ac21b087548e9708dffaff2859e973b1e88668c8022cc6dac8548167e5798ec9c7d288a7fa7749f07513187cd8f060abbbc5e37dd1be3aab927be1b409be733b7408534e5b0951e9ecfd0a1c77e3a29be4c4093330124615056e3ce0ce6ac91b1242d3bb2e787a186dc2ec284d60e9d8a03884a22eeaa1efa497ee88c6cb565b164a260afb5157e392b1ebb1a4d4f992011ecbac4a0a6df5bdc6f7994a422bb2761edd2d8f20f5f879a88f89d48b8314f862585e4b7a9d6a6681f40e8b82cc6555dcdb951d164cc9a70e640ac8974faa2587a6e3af3b9458f7d4b4077b3002536b10ea24d73307a33090c4c270909a5322eac32cb175e68fa83457b21465c08c02dcefccc0c714c2862ddbe567755f05a1e671328d160d3752345ca1db6e74c720e42afca982ba6befd96c5575f1dd8f87ff6606301c0000000000000000000000000000000000000004d0d54b4caf78018766cdb971e8b168d4763c21181f00000003d4e1d842caf457797f93db93e4f38a9dbd79f6bf5dc40b55fdbf9b856665061b2e2924f27eb2d2b5a181ccfd9eeb11dec165b6f12433f00bb06124041ffdcdcdc91f3b3b76635a689c9249cf69bcae654bfa81e75b7c7002b883c56026d83520395b7d511f607cf2f899c7b1c75e2192f775d72247167285857588ace1115fbebfe63c16b84cf7036d41c493a63c09f2ce46c1f5995c2d7fe58c15e64bb4cb7e7f336cc22fa1ea1363bce375bd3d579be1dddb08ed5147b629e4b3f0e65783ee5e20d9270802f2a7500738bf356131ca53e9d7ba8d486fb26252d684b84fa24639089064ca7b93057c041f12d544dab4d24a4f952b4f265a69ba279929959991b7ac63786055b3c029a0e8b6e4c26497c029bb61462623a58556cd62844d4d23cc738ee5b36c71d2c010b089251d5806000b1ade92dd9f441468967c052aecd9de81b4b55d06670597991f37ddc4fa19a6369d5bf76c474633a337f676ad255869881da5cadcf49ce9188129cc978977f87b32bd49457536430ffbd3e01e67ff087644f52fcf0a3c732b0586cb87972c43d2616bf4e521dc3126bf1760243d51a197d3ecfd74bd625e9f496175cfeaaa020817d33d513f3e97854ea76e04e96a8639a297871485a8609f8ca842b3321932c4d9e224a0cec5946cec9e359fd3687415cad5fb8c678136f36d9f781fade9f2469477748f4dfa0f56c326c89bb5d07f35aaf95303b5a620fc84e1c735647895713cbcea57b2277831f8f633f0d29371e645e5544e57010a9b76457f6ad73231a9f31f6bbb1b95248aeda5a9df9dea64cc1fd1f06a980fcf3a792bb0910e45fce298ab0a0298fc33a423e860d5b308d7849381b294106af25f15fec047d5b844a99f36e342165df728e381b48c20e0900f8d265157467d3494f2b96acf060f74084760d226f50edb115c2e075f3c663a4b4169b900fa0a13cf796e0d7a9dad86953c13ed6241206d682e194c64c491de6a531e9bd45abe705f07000a82ccd41a2c1b9d5dd8bf6c28653eb84f117e476e052a9db790e0a71dac9d8b343efebdc026860000000000000000000000000000aad579302085dfdf75bea24798c680b3de341e3bd57543cd8dfd58bcebdbb883c743ed43ba7f540f2c4e0310c21e7deff9e45b8bd2cf65bb584091b8e80e34b3e59185fe32d1d73dd4f62712a39b13661516723b6b80a7e99e5aa6536982c02275fc53fa3ef14d9fccb05f9c4e69a3af0fde863af2d9a0f8a94fc571b0ab4ad714f41fa4ee0b8b44e3c41a3125be95e4b23d5f05395852761bfaebe0db979d5f3991d826cc74542b85cfd0dba66bc93cfd79178ab0b79fa3b29ff9c19e0424513c91980187c9d94b8354337a1fc782505db900c47d83bd49276cfe6e242ba8365b1ea4598a21f50f5415a70990b5bb4a1f6bd8acdf2c7da3d648754767089c9b5ceb556fafa3cc5afd2f3e9a62a90262a76ff89a2751b59a744f0d3f36ca503357daa3e29ce6f357dc1e4839277d003e93fdbb955e1a1302a76aea7e73835094fb15464e94e814c77c293121d0433e80d444c4ca17abaf32b521d8686666055da023aef9c8df3e80d2ed640ed10aa19a036dcef172dbd3b3600b69d7b90c6222e167d7c76059f2b5f3b3004e8a20d1f6612efeb629573be97aa949c6016e7e16283e84986aaa4fc8a098708ebe36f377ada63d9b464c39342e0682549862de3ec75e7b031bc49f341a21417fb6375e8701481b59d1722c836961804666801678eb25750b520bf1615a4bbf30aa74d60ec6b657f2dd298b0419da43fc708a60c94a7ff2fd6a2d08005ad73c9e2d6143d2857be8fb3f12bfa6628bccb153e39172d07563d6a1dc75c347c08060304f091230bd74b49ecdd13bf480db3984622a167c8603b8c501280059a7b6123c8f8cd217f64eccc2dffe4f3a1e8c9a96a13d8126f3ea26779fbd0069d729a7764d4ddd7d9d820b0de2530969362b94b974678527f5bac7eb8d6e321b2be0b2f7534634a5ecd1248d7ad7e8e03163e92e9f1d620e28597bd881eea0981e8adfd70b670b0763ce9226f7c3e156b353e22fdea6942b577bbc539aab23cbd46bdd0ea1e67140c759f208c12dc57f3100000000e4965fcb6c0749955eac9476687e63b41c6282bbcb0c3d8b0c9493a3a5f6d879d7257b4b68dc7cac3d9d5f5bbe937c501866ee4042b250e516ec074559e1e551167138766eeecb6941e8305d9cde1800c821536f9d25bd14163890842a08135bdb7a90db630b18f099855a7d9de65c80fa71ff90e873361d0e11a7dfebe56ffb2000b711a0b7914d6351ff60593e48af60e1ffecba7cd6f8ab662eb3c8f3164139e994d6a706afb92722595d649a04f1ff64e5634e7cb9106173a9d5d8cf3e5a959e6bfdc1b6507b851c4ba43312726cfec58dedece1355a087c1b60882713a6161914f09267e2ce8aa886b3c0add5cd92e185d345c9b2933a78a4215133e8e7247fa444aee30bfb6c0fcada974254bc5feda6cee9a0803b2a0b81f440202ed5f278e4cf06565370893e7481efdfbc49b118eb17ba0104000000000000b342fdef64b143b525daae4e27e7368f913e6111bb5329b8b133d03cc34d736d22ba139b03b7fc83ac49f2dfc915a2f27e2eac8dc2a6ba72e6bdd423b3555b6e1bd4896b4c946a4500e0a42340700b93bca902e02f744ceb51534f1fb9fa87f850a6c6eed76f7376e2a7e72d3a64a82720ded8f0ce31b1de3561362e975ed32a7167d9e0ad3f2a77f7a10c1614a9ba938a98da2976cb1a0d049446e67073c9a1a38ecc881c693a524c5291f89677de9fe904c752e450eba71d2f32805501d0df5b4a41123233554bdc35b562d9f5a2a026a3b40fc7c9a8546fc8d8310a9876114ffd7dfb909656d54c31bbb655af54bbeeb0174e451ceb7b35e5bd1ac15792ff474abcde8353fe0de700b110a00305ff77c133181688a62a49cff6db4cb4a5a90d40d35e927d216435df804b8bd6033a7ce49f11491f752fefa99e9c54428b725486291490d311b13eb02d14a0ae56733141a8dc6d51e351000000000000009f384a63b97d00"/3400], &(0x7f0000014ff5)='GPL\x00', 0x2, 0x103a, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2a3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x3a, 0xcc0, 0xcc0, &(0x7f0000000200)="e460cdfbef2408322900119386dd6a00000000072beb311ccd3ec8a755c1e1380081ffad008036e8d5003aff010000001400000500242909880bd320d98a61a90021e9bf", 0x0, 0x401, 0x0, 0xa8, 0x0, &(0x7f00000011c0)="59235bd7a9324ff307d87177332368fbdeefaa1544600ea1870645446c357de433206896637019b84d57c3de1ea07638e494dd701db1af6fc15db78cf79f5ab4bc7aee8553677ffe377a35b4afdb989fb7da1ff63956ffb796d51daf1c268b9f1a4a06583f8c03ec1671b151a8a495c1b006fa5f2f3a54a46aeee8005b178b9516d2b928984ccb942fa2278a2e33a0b619f2dd814fc91942e03c48fd9b7d19d9a6612b46805b267ef3132a724cbfcd1c715be67930e2ae2b9a2479c5a4b2fecd301a745a6fd67598a5e5ecc1e56e58159c47def7f9285acfedc980596377e6f9ee076fa094e5d8f838b718ed63ff8265a1dbc1549bed03e6b27b6fc2b8a07373506a1a41d5a71cbf0eaa24ec737b02a8a2d5114c3c4e5810a2c3eae3373fd341800cfb0fb35cefe04ca4da2b02a83c40126e23cdf3c817b530bbe7b431bc0b7d864e3e6dd1ab90259a8bd7ad7dd4c6366ea6da661fd016b394adcce5988fff85fbc832a927c97b89337e195f562cd284911eef1ee52e4ff033b33beedea7cf43c4d0cc0471fa91011e1e7e8733bf82c01346d6ecb49f1a84e92d063c81a7227d89be33f7273b87e29ae53a5f38dc94cf391fcb82c9432821ef1a0f6bbfe8f7d6574479a8f621e1d8f7d9bb20f3d8d469e6d232d7d7837ff12a224a65c604907e787baaf7c863ad48a5edecbe1470c20507a6ee5dee75e9ef84c71af5af800a9ce9787ebdee9e1c8189fbf66048d5c3757fb2b697ce68cfd316a7b25a385111e0cd2fddb81602e36e74c4f99b403cb304a4774e648054c0456c7869f9d97873ff80e2664c1265292941a9b767c7f40767cfccdbcaa156453d6a910fd5440f7a2bf8f4bb6d6d9fd443f2304617a684b6afa99c157dcf70e51fdb55fd0dbf5c6733841024599f8d1791a07c5dc3a4ccaf4d7c0ca3d101b2beba3a49d2378c9fe4fdb10babd95083a0c4db5a30c4490828d97efe807a13e587fbac1089843964facfd27d287262759384fe9b610f81048be430c1e8fe6327c0f2fd003021d20563ec0c7e39aec6718649c958da2e02cb3848c76924492678889c18bea02ed5ee080106e9838cbca9ad5f66c0434182225b13a236b342cf80562c10d4a3459aea17589b84904d3d2c2b", &(0x7f00000004c0)="b33620dad49cc786c86a5c5444e76c2a1ef9224fb91083d2ba4368e98a14467703e9ee585196fa95320bd53c6a76ad443b81dc833b22016aeaafb4597c06919ecf7e5ea4d0a8995feaaf9a9feb0c4b5277398049a2f5475f6ceb26bd128189f4b1b3c662d3d1630717791de0cdac3ce6e01c5719b670da5ded7dfa9dda53f04ad151cb952d708eaa69e983dcfab36b2dac3f3fe85e1d86b3d73d4879fb11cfac51f3cb669a50", 0x1, 0xfffffffd}, 0x22)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1a, 0x7, 0x80, 0xfffffffb, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x1, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
write$tun(r2, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x400, {[@window={0x9, 0x3}, @timestamp={0x5, 0xa}, @generic={0x0, 0x8, "d58838068b91"}]}}}}}}, 0x4e)

6.572844358s ago: executing program 4 (id=3284):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x10, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="680000001d00000f2bbd7009fbdbdf250700000001f2f0fa5eabfe904235a43bafa7aca70d818dfd520a58be0b8bc7a351a600b1b4bf5ab683712e6cff921818a1ca1672fdf44cd2e069171d6511a3e0d174616b8ee8ffffffffa0c15e8743b98adb40ca2436760b465b3a7a48b56c32c1c18e9b005cd2400000000000007bd522d476085275287ccaf6d63d66bb2b08b2f7386d01794bcbd4d7d733e92cae869f6024698e44563cad3ad530650737a6db63db013eab876689cce2dfc1b878ff1eae9e12f958b5842945da01f7f77eb5cd9b2f48658f5338bdbf71cc41dbbf63d05117fbeced94b872e1679419cdba14c54c0fe67f5c23c601b3a28b484c14bcc840c1431f47cc4d462af95598095055a124747d763b5bd711c6a24b3ad1942f61158a0c874aae23df3eccdb87bda3c8a420d05510d766c9771516cdac4581a8179823dd837642c5ee9007513d92c91b12deb56dce07c6fd0e5e3a76e8f1c8987d45a5", @ANYRES32=0x0, @ANYBLOB="00006002080007000180000008000a000100000008000f000000000014000300fdffffffae000000001000000e0c000208000800", @ANYRES32=0x0, @ANYBLOB="08000400f7ffffff060006004e20000008000a0004000000"], 0x68}}, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0)
ioctl$CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000300)={0x0, 0x0, 0x0, @lost_msgs})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000280), 0xfea7)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@mcast1, 0x0, 0x4, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x0, 0x40000000000000}, {}, 0x0, 0x4000, 0x0, 0x1, 0x0, 0x3}, {{@in6=@private2, 0x0, 0x6c}, 0x0, @in=@dev, 0x3502, 0x0, 0x0, 0x0, 0x0, 0x9}}, 0xe8)
listen(r3, 0x0)
syz_emit_ethernet(0x9a, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000000000640600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="94"], 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
setreuid(0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
io_setup(0x6, &(0x7f0000004200)=<r4=>0x0)
io_submit(r4, 0xb, 0x0)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000280)=0x14)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000100), 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

6.444576805s ago: executing program 2 (id=3285):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'vlan0\x00', 0x100})
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x1)
rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x829f, 0xffffffffffffffff, 0x4}, 0x4}, 0x20, 0x1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x181080, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="01000000000000fcffffff000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x324)
socket$nl_route(0x10, 0x3, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x3938700}}, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2010008, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@var, @fwd, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1, 0x0, 0x0, @void, @value}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f0000000180)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @map_val, @exit]}, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
chdir(&(0x7f0000000300)='./file0\x00')
creat(0x0, 0x0)

6.422142506s ago: executing program 3 (id=3286):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x40002005})
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640)={0x800000000000074, 0x0, [{0x1, 0xcd, &(0x7f0000000180)=""/205}, {0xf000, 0xbd, &(0x7f0000000300)=""/189}, {0xeeef0000, 0xf1, &(0x7f00000003c0)=""/241}, {0x1000, 0xaa, &(0x7f00000004c0)=""/170}, {0x8000000, 0x42, &(0x7f0000000580)=""/66}]})
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
r2 = dup2(r0, r0)
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
r3 = socket(0xa, 0x2, 0x0)
getsockopt$bt_BT_SECURITY(r3, 0x29, 0x10, 0x0, 0x20000000)
socket$key(0xf, 0x3, 0x2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f0000000140)=ANY=[@ANYBLOB="12011003020000080900a1c240000102030109023b00ea00000000090400000002060000052406000005240000000d240f0100000000000000000009050f0200000000000905030200000000001375df1c62b3c598b3695be43a505800"], &(0x7f0000000540)={0x0, 0x0, 0xf, 0x0, 0x1, [{0x0, 0x0}]})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
madvise(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x13)
r7 = dup(r6)
ioctl$KVM_SET_MSRS(r7, 0x4048aecb, &(0x7f0000000200)=ANY=[@ANYRES32=r4])
socket$inet6_udplite(0xa, 0x2, 0x88)
preadv(r0, &(0x7f0000000600)=[{&(0x7f0000000280)=""/117, 0x75}], 0x1, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000040)=0x1)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r7, &(0x7f0000000880)={&(0x7f0000000740), 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0xb8, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x50, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x23}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x591}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}]}, @TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA={0x30, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x48054}, 0x60009040)
ioctl$IOMMU_VFIO_IOAS$CLEAR(r7, 0x3b88, &(0x7f0000000100)={0xc})
r8 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000200)={'geneve1\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x20, 0x10, 0x4, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r9}}, 0x20}, 0x1, 0x2, 0x0, 0x40020}, 0x0)
openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)

5.885912696s ago: executing program 0 (id=3287):
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$TIOCGPTPEER(r0, 0x5441, 0x10000)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x61}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x9, 0x6, 0x2, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000340)=@ethtool_regs={0x12, 0x0, 0xd, "fbdbf978590aa1b88c44306d20"}})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0x0, 0x4, 0x4, 0x800, 0x0, @void, @value, @void, @value}, 0x50)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

5.460696078s ago: executing program 1 (id=3288):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
timer_gettime(0x0, &(0x7f0000000300))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-pclmul\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r4, &(0x7f00000005c0)=[{0x6, 0x0, 0x0, 0x0, @time, {0x6}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"272be5806cd46d7b9ff797a0"}}, {}], 0x70)
sendmmsg$sock(r3, &(0x7f0000003140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)}, {&(0x7f0000000440)="5573939838dce94c0f0e9ef552a5c8a4f53eddeb6ee8e58e7351a609c54a37d3", 0x20}], 0x2, &(0x7f0000000580)=[@timestamping={{0x14, 0x1, 0x25, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0xfffffffffffffff8}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x48}}, {{&(0x7f00000004c0)=@nfc={0x27, 0x0, 0x0, 0x2}, 0x80, &(0x7f0000003340)=[{&(0x7f0000000640)}, {&(0x7f0000000800)="5139a1e2a5afd6e37359e78bbe17e884b0", 0x11}, {&(0x7f0000000840)="f2f48cf1844a5e122d9ab98d3aa31ff61d4aa9213d501d011f5433530b0859e0cf6e58b807580751ebff0219b28931248e28cfcbe3f390ec8e7197486761dd343ed61b8450fc296cb57d55c0134bb2e6757282d40e835d", 0x57}, {&(0x7f0000000a40)="c99298532591fe7b0331758311d894c68c5ec5a4abf9e1ea551efdef95d62745655d33369714466a0ccb56b4f60508d9dfe5c9aca85e876e7493d8edc113b5e78f5df52b56d09539c381c8b80cfafdc74a0cc8c929c7871ec45e9434b7e29b6ff43d8a1d", 0x64}, {&(0x7f0000000b00)="6865b8fb2e720a8512ff01f6269848ed4cb0ce3e86c2ef7026ec7334de837b74a4a95041238bd4322a0f0a32684ccb84268aa9a66d0e0e7a97f12faf16b6ff19a7ee79385148ae603561b63c4b338a1b76865efa93965b3493153ae1a555537d69ee5df5e8b3a52a1803e7341919860cba24aa5df578b9bd00759c8a46ea072a2f424f255fc80fa18a4a4f2dda", 0x8d}, {&(0x7f0000000bc0)="de2d4f044b811cf783c33b59717f41a81b93fdd63beaea5042be843fb541f1e75396ebd82a0a5abdde1a8c42964b8b4e45571c6023de7740c266c441f0c5000d1b5bd99c93ab2d96b29a26cd992e587fa907ece9fa34f64cfa1a51c9c671dc3d6448b0316a12296e076821b94e76bfa5d12f5fd7783eb7391c9f5334ce5cf9e1ff80714c4e3e2dec65d08084df586b8763260bceda9ce0749cc8a28a4321c3c6058b5027b6d8f6c3185f163bc022cc3878e9f0cfef4943039e36759448f5271a9c9fa5aa1a0e0e6684bafa03df8300f0ab79fedc94", 0xd5}, {0x0}], 0x7, &(0x7f0000000d40)=[@timestamping={{0x14, 0x1, 0x25, 0xc5}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @timestamping={{0x14, 0x1, 0x25, 0x7e}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x7}}], 0xc0}}, {{&(0x7f0000000e00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4, 0x2, {0xa, 0x4e21, 0x10000, @private2, 0x80}}}, 0x80, &(0x7f0000001040)=[{&(0x7f0000000e80)="3d5949c9ff77fe98c0c80854c5d8fd5b7cd03e78b2cb2d262284078162e42771f82cf12d98e11ce0418cc84bbb27badecb07a63c77e0f7deb54fd13fef00fedd75c71012539fd24459445c01a75249b7a326dac767ebf375e1ee4b3a29367f62e1f8c466a15f8f15d10682424507366fa889d34113374d3106a3eb498275c3c985ccf0af46bf22e355b01d5b895600491554f5d21afd8d8e47459d6d984ee034db0d534f90d4057665c864fdcce1f2db52328d82", 0xb4}, {&(0x7f0000000f40)="d4150da2d1301603a585f3ca4beea2fd1e5e30efabfbec0dd08805b0857d34be0d44097059722fcc3caf51858dc98303a01ef3f6ce9f1ee862266a21520f1c0da0a173854bafb2304161799857022e419d60ea5029a21b85e66e511b94a6081e84cfcf2c510599c5c9e727261736f83a0c89727daf8c6e227be5e2f5540c24864f4464caf213ac9ccc5a41c9c44e5104745b03d03c5682b36369c80c972d63ccacf7c6c26cb4992768d97c6a4ebfdadac3e612abdd53fff3e713c68c15c8131036681e0527cde6188712240007eb4993f63a97e6d8bb4c7436bba092c16be18d6ebc0acd7dd88a483ba30de3292a0328efef367f", 0xf4}], 0x2}}, {{0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000001280)="c421ee69c94e7e4b512606b675efee368d5b3294356f49172fddf1d35a9c4468447803fb2b640a612112dd3813faa6fd7785bd5b86b08c1b8a172f98d27606d54645ce21c3cfbdfb40ece68c223aceea8bfc4ad86bea453cbf71e57eb88dafb03713905a52af2c88d43db5", 0x6b}, {&(0x7f0000000cc0)="4756bfa49719", 0x6}, {&(0x7f0000001340)}, {&(0x7f0000001440)}, {&(0x7f0000002440)}, {0x0}, {&(0x7f0000002680)="20311f170e7a73c2f2a0e06c106a6f75b23726b8e1f6a31f730536f985d1e3d23a029c52c241f281f9ce5bc12945adeca64422742c6db50f3b5a6419287d58fcf485e749b21e25a90d88cecc22ca9e7815668dfda6bce65851b9f8812ccd1abe58ee550589d25b145e6ec6821333cae4bb581d20ba0186674f0a8a8dd7ae4cc9210294a1996ac65d126ab650981aa752b9c039659aa82d9f01", 0x99}], 0x7, &(0x7f00000028c0)=[@timestamping={{0x14, 0x1, 0x25, 0x608d}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0xc8}}], 0x60}}, {{&(0x7f0000002dc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0xffff, 0x1, 0x0, 0x1, {0xa, 0x4e24, 0x2, @empty, 0x1}}}, 0x80, &(0x7f0000003100)=[{0x0}, {&(0x7f0000002fc0)="bf0bfd633777011137ff9668d58566136ad121716486b140fca0ecc6168a9e6f91f8312310b588dd7470eb897e", 0x2d}, {&(0x7f0000003040)}], 0x3}}], 0x5, 0x0)
sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3e8, 0x200, 0x70bd28, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x8080}, 0x40000)

5.231035077s ago: executing program 1 (id=3289):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={0x18, r1, 0x1, 0x0, 0x0, {0x2}, [@HEADER={0x4}]}, 0x18}}, 0x0) (fail_nth: 12)

4.512219138s ago: executing program 1 (id=3290):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000200)='\f\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x9a\xd5>oJ\x02u\x9b\x94a\xac\xfe6A\xc4\a\x9e\xbd\xa2\xfb\rD\xefq\x1f!\x01\xc3\xa5U\x98\xee\xcd;A\xe8\x00~V\xbf\xd4\x00\xd2,7\xa0\xfd7\xe8\xf9M\x02\xec\f3\xd4\xb8\xc3\x85\xda\xeb\xce7y%S\x1e\xa9\xe9\x92!\x95\xf1Ek\x95\x9bQ\x1d\xa4\xc2\xbb\xfa\x96\x14\x7f\xb9\x90\x9cn\xb5\x10\xd2\x84\xe9\x9e1\x9a\x9e\xa7\x9e\xcd\x1a\x86\x14%\xbaS\x90\xb1j\xf9\x00\xd7@D\x04\xaa\xb55\xd8x?z\xff\x85j3\xbe\axo\x05)\xcc\xcd\x9b\xb3\xe7w\x0e\x9f\xd3\aU\xf0M\xc1\xad\x17t\xeb\x1b\x11m\xec\x00\x00\x00\x00R\xb6v\x88\a\x82\x9e\x00\x00\x00\x10\x00\x00\x00\xa6!\xb3\xa8\xe7[&\x165\x84\xce\xa5\xc4wT\xf2E\tj\x92G\x14\x04\x93\xa4\xba\xcb\xce\"Y\xd68\xeb\x01\xc9/\x19\x85\xc6\x8do\xcb\x17\xb5\xffW\xe6\x8a\xfb\a\xf6', 0x2)
write$binfmt_misc(r0, &(0x7f0000000580)=ANY=[], 0xff9d)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0xfffffffffffffff1)
timer_create(0x0, &(0x7f0000000040), &(0x7f0000000200))
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8982, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002440)=ANY=[@ANYBLOB="3800000020000100000000000000000002000000000000"], 0x38}}, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
ioctl$USBDEVFS_FORBID_SUSPEND(r5, 0x5521)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x500, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
r7 = syz_open_pts(r6, 0x2000)
fcntl$setstatus(r7, 0x4, 0x2000)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})

4.508659028s ago: executing program 0 (id=3291):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000800000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="48003300d0000000ffffffffffff08021100000050505050505000000f"], 0x64}}, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000200), 0x4)
getsockopt$inet6_tcp_int(r3, 0x6, 0x1e, 0x0, &(0x7f0000000180))
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(r3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x2d)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x2, 0x0)
fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)

2.893035611s ago: executing program 1 (id=3292):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x3, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000340)="acee2695b79a31d50b5a2c12cd5d2a16d6262a41397ac834b4233bae19489b4b8b7258b2b920442abc53f610649b4b21a7b5c38c41d1ee57047483bef3c6ced252c46b2932efd219f1483185a7892c2afd91a751d0da9680553c917bc0e300679082842d6eca894e1903c7e76c9b5077310748f1", 0x74}, {&(0x7f00000003c0)="6b636ef3fed530d6e6f7fe48922d4934a0ef59759e7355d4c3d594d6b33b4c0b98c78958a86926e937cc7291b0d09315e7eb4e75752a4878242f1e9edff498ced5ef5faa9c55bbef87f434e9fa427721ef3c0c27591c05", 0x57}, {&(0x7f0000000440)="e03b5f9631563a483c26325f189678c04a76f785cb1ea222209c8ffa4f01e9b8fcdbf6ef57d18703facf91d99d74e8820e60c692b4066c1ef62ca46f077efc87454e98366fa2e9e26f5f50613ae52c9a1db9c2e1633b5a59041e4ccae76a46c2b05758c73767de4653fa4d229c9973bcd629bf55fe6d3636a3328cb617c936da110d2498c3f3860591c456ee1172f1e7575e3f9242d39f4b5449f111bc5fd17d9f6262b015ddcd05544b25455c479a33bae3990a63dd4117220b043758936b9a2686eb029d9c79fc549f3b616f6043656b8195ef4ec405e1ec8a1b58840b0b1bbde2ea72fd7fbfc6f3cb97365a37297404bf6f15746d6770ce", 0xf9}], 0x3, &(0x7f0000000a00)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r4, r3, r1, 0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c}}], 0xb0, 0xc000}}, {{&(0x7f0000000ac0)=@file={0x1, './file0/file0\x00'}, 0x6e, &(0x7f0000000800)=[{&(0x7f0000000b40)="20424c78c4969e2014872dbc3d440b016da6a7de472763f4a6338175613f26992bef19b56034aa96ff50bede3cbbe052cf5b2d267d11b02aa27665d88a7b34db4d0adcb176d10a85729caf48ddc945354477a7eb72395cae3ab08d3f4d6d91a974bf8854a86a5ff431932334cba16906b9726480242a2771de90f84fa141bb21960af482cf195d54b8d87b855cfc210ad0cce9d13e73225126ac3d5c5358f67aa01d4c852925081f825f04556e879c9b5e8cf07d1719f9c2d4063c0356c85e90ca269445f61549e1ca21a4eeaf0734b623c47207a24b8d331961f73d4e77cfcb4d8a5a38615465dc8e6ecaa5f4d0e978294437926e86d6e8f17ce09bb8029997fc11d660b0023371343e8e2441b3d05a03fa6fe28ad96b13a5461308c1e31cb5e55ebb85529e0d19c99a66275c8d49e6c9d954a908116726ddec5919d108d0600ba7d975c239c16a362c170e51d2590604e693a822168bb3115377cb9ad8fc89a1dc7e5fad2014f381f5800ef6b117c2fd6895277c47d589150657b8b2e117872e302bbf6df95f74a21c5bf09b95c53755ba85340348766e88fba65166dd482e70a2c4578444823b994f2c8849c1b79057ddd0fb700a1634a5841ed0cf4a22e98d4542736b81cf3703048ff4cfbbdc7409eeb29557aca5c80201b9dfb05ef05f71c54e6522dc149a5f184e7dd49c403776db217801f40dc03b0c582be6440b35edb368974c529256ff9e081860f989ec5523456eb267a0f264c181832b3b1aa31c6b60c5f3c66268aa7310b4b51142c7ce728346f284db8eb831c6ebc38190b5c036ae17c5b643e0e2b0de56270d49a44c4821ba3eb3ea1dc56a8a6036f1737a49505e573ec036a03a3f10b510a6d9692f49bac6861015ba27026be24d1d4b43b1171df55c26ddd4dad3e494739233e7e25b56a9d11e2402ea08f4e56bd0711241326cfb050dcde80a3743831aac128ca6178d3790e1f2bdeb278e7af5db6b2c50df327966d0ff47c7c8b9ea723851db5cf2c5679e92f3adc8fb5331368adc727ffd7181aeb5005da07e8616dcd169c12c5b968cd8452d3b469c75a1d6ca16e054c2614b9d091390204061c7b382df69c1dd3180b04615665d3ba15fe0be8a5413ea693c83fc486a1408b0308b60f13d688e73031181f97bc9a1b15f2b84dd8f5129abe59a58616afd82d7bbbbadfabaf9f7c91d9e9c9e355dc24b9759c1a445b622a8d1bc71251f5b548fcc14074c7675b932e830a9d3dbe64e47d1982c5bbfc8ebce0c64932ade558d2ac86f9703141c05c02606c34dbbc133edb59c44f33f8ebcd118e392895a2e021746b8c5d775f8d4da8e1291c1df3c8102de5b1636b36825763b58a4d473b36b35842b0d9d6994e507afc03c5a144e1e816bcb8ac07f0b87b23261fe0695c924ecefc7fbc2322d043274ca2523895947d0edf32400da64f1b21bd15b80c78a7225be638e5b6dbe25bdd255b33db9153f103011d56c6daf04519c027f7e186bed30701abd339343c57fc0e829c44b6ccee7608f7bc06303b6f496df261b5993181f85fb6cbc536a73a1acdaa8199c7655adbdffc7e2e76d628e157031f29dd366dbab91e2adf969fc915a385d6489e1dcd8bb072eab68e2d57e26af93127d4ff702fde3daf32a324c31c1914022e2101b78ed49ff4cc34acb1d86dc4aa42f6b9f8a15c2e6e93f87af760fcccdaf4ec5b9634e382c3f20c5572c194e4831fb1f4d371284357f66fd23ecfd4c6d5ffc761e4d83a176504f80b2db64d59e1134e832b2f4feff71a3db623183518501f19ebe0958c0380d046599003882980e2ec09dcaea9a06b1a7f1f22843fdc4186cee19ec1b9acfbbac4df19e24a254fb0582ce29836862b1c85f756cf02ef52c4613bf1e66fbf72fb291b4472d76e98764caf3e5c432f93cecbf9943ccdb0d6161f608b9f650124d1115ccbe3fb6ee3939ddd81d6140df31a4c59fe23e5b85984fd974c5bc6a1b36c0e4d238155681c87991910d631cf96c13f756d98fa7a80edc1f01572e81c06a4554dd31cc19f2ab1f65e7d7349b44ba46ba14e8bb227a7f02f2b737e3d6672c9f622f813381f2ed0aa35485775585a3b5d9f83f5cc32124174a671ecf3fe0f44851cb305190774bb489a0e6bd1ba48a6d5541d8e2272259d268d6e84f39f23e005fac7b1416dadf2ff4b505c21d97ad06d83f2712c943774bb0c27b2601d0ba1acc682d81e8d237ccd8249d18283838509155a05f60fc684924033af40d29e2bd5011a8cdef358bf66affafe562bd2a5db7c32811539a72e1ab9ae1d8e933d3a1dd72b514275cd4ebd41bc71d85ab7f0b37d39e13f3f4a74e78ee082f37ac4ce0a8173be5bed99d033c0ae5e0799dae7a856393213e1bcd344779f19cdedc5c6fc9ebedb8b5c302a2f43f86529a3e14d5b8f58a0b75328f227513a5d7fb7e2c27a8492958ed15185268cd62c8c58361959bf38aba90e57bcee77b108da500ed858a581eeef0d59f740f4c6401aa320a2794838dc191b35a5cd0028e30bc6868d53872c7b52dcc52c572f2ebab352232c5b0d5bc47e2c528a5e957033dee5db7735d0559765afa3e9798e7d5005c8136b73db9657aee47ceaeea26a83f8f7987b9026db975fd7130517cd7f838f47fccbd1f8194f952f02629b474576f1e70c18ff6b7fbaaa961c8327e76857bdf9adac59306b5b2d840c8c205c03662ec4057cdfcd5f84067eef9291da2717191e875ab5514086adbea1fb1c35b70e0d8a950402ecd910a0ac68098282c3e24961bc91c090db7c9c51724f8abae35d665e7502aa1763540f9ae6c6cfa9274e5b62d22f2c68b8884dd8564f1c72e89cce3fc434568d408e13c585e0d5ff4de2c861214e5dc64e7c697feb2be75667be6c214785f04c550a6b33dd3bf43a7362a7476ae23ea202eea30acce447ca9d6c21261c294f531083d39cfd0ccf96fce58c39112916b9d611c977e1288feb6b714e051c988836e0af6f23afc584fd1e3c3e41ae6dcfadb50e198564499286526312b327f2b6a9a96aad332201adeba367506cb769acf1ec9c4ed21ad79f5fa9d864b9ab5a72ec1889e84100ca1e7a2d95f9a2590e9229c35583dd0381d2d57977f9a74a6c6bcfde1f79f66e18ab07241d29e0306070356dee4a47da72c33090527576abda78ebe21df259a03f91372cbba82e4f387fe408a2834a1fde55a03c1ab92020dcb090270465d7b88a1fbac0f036a9277c9a8fcf547fc0a8da6875191bd08e381ddd0c91d9d8a99a1a6fdfcb91625d6e930558ed1c6d9425f48d2e87e32a8a19e576c13791bff48ff3712df729c4573f75d887fec9922b59db84709fc7458b1179de98a8c52f237f221d563b86247eb785d0b10309ca94c96cd5add01a02b4cf01f4fc2917daeea1cb68c14105c545df82f0026e27870fcd70972e2f825d3be3ed49f289423bf2cb84561cbfaf9078151f360933b76e653bff6c78fe268d921de9357dc1232ca6d22b5f425908bfe6631c64851f734e7c59096fe08e15f426092fdbeff0188466db025a2b884e4c2322f50ae4471fa1fee5d08b94ad4b7fbdab2f05cf680f1172dcb1a87cb75539408ae63e0126c4b317d2c4cfc6c8de7acbad2a5963906000e7ca2b6d2c57527d9d2ff8aea8892e2b5ae924c5533d31efe75008ba78acfcb7445ae5adb47ce3560cb9365e2f59756a0643ac6669bac559989b85f32916029f281c3fcac263583866c96f301d1512450a4f5688851497a76bf4a7c235cb7e4d97c0cd97491077617da70da3f7dadc12a7d2f986062d622be16f2ed6109631c4741c8d179403abbb6e64faa7101452ca2d1b5b7fc18dfdb4bd009d5616a8a2db0e2ab0ec7ab53c782bffed96fa7beab890e074a1b1a57bbbe7d929c60defcca6607e06f50357ee82bb9fa621b87c4efa9f3e6a620403ed07e78d95d1136e2f60b2c8f44ab93aa6edc8bc3d58c924fbdc2504af8721e4b10c83ace6b61c1090bb21308ddbe3d3f2beab2c2d6fc751eaa7eb5a8d5bfd7edcd9296798d490c68b87db8a7a6bf20ee5503f1fcfecb31b3036d712b095d9df260376e979d67533cf5d229053673759f16e81052615b27d95c337f274a4e3ee43e66074a67bd1e6edbbef24bf36441676e5160f09f0bf423902738c5dfc2f3c4b017b531ddedb998ac0929b54177d2fe1c96b5747a6d4da386d2e5f90fdb76b5936cce833835fe53376395f38b1ab47a27c7c32d15e59106347a46b006ebc94b7e1472df4d9c00246c96a5c4935f2b77ab19b6ac93c243566dc63e115251485b51a6698d9a8bafab831c623948711a394651d06b3af14dacc849ca2357d48efb8390bb1f1ab19fc4192be4053f1e02a94a77fa0016bc58f6f1d143a907e6a09c828c7daf80d5fdfd65172edb4b8e44bcb0ffc1e727d1bb0788a6dac061f094d8e92fb5e159f54c23ca31388cb2d4d3f18768e6d177afd49f6e73fe7501a2005d4bd1bab5e99a6128e7d9d536fa0fc366be10659235ef5001238a503ea027375f65e351ec982adac097d6d692a1269028247cab1b13d2850f391044f01bdd242897a54f15a60ccd76950795e2a63611f93b0002c185098622a4dc58fd7bdd632ff1e7114050729d76dfb186202597f3406259844d1eca49c14fe9c53e25f5354e35c10ba40d9d265f9eae8e0f8a938c041137f614ff9bd0db4e55d219356051f685175ba5cca47b7a5dabf5d9eb0327557e438e948ec1704b4d27332f205a75be68c7099661f4b9235df9b2b3f93c6489c73b86e0cb089aeda758fed4fb8bcc143b28d91ff85db3b113b4361e6cf59b03b475f38a6eeb4409e51a7c31fed020e3b9c137513339b9e051817bdc343fe22c48fe9391b15fb90ca69c82abf5d1fd91f85589f3db4258087edc32f6fec1158d6357e050b7cadddd2d0901dff03f19f16092134883670f7be263157a63917c3a10a7f8b071cee52aaa152fdf30e51a4f60434b6a7fa47861e096274c62bd44d28052d7b14b45952d9d187665e3185ca457188a613ad763f6cb789e07b6f7f351e4eb3586115b40ac3283a89eeb00481f70e0bb2f49fdef083ee4495d33eadb78bd4844708b5eabaff5a45bfbc5b44ea669f122db318fe6dce1f3ecc68e4cd120d71f749c58a54b26e99c0a05054298b63031c9216b7ab41e090a92464616c513660c931411450a7cfbded78ef2faf11e9370950d3c0eaf5d35c91fbb50017a6a5ab3c24d0e8c2fabb2952b83c2d5db64b8c6ad1467af5d1e24d478cd393a8ead91ba3cb1c4974ae0af589c94e79299ffbc1839394503eda70f6696b4b4c330a05a46648bf857067defe1d8171d64eec70bcb5ce24ad3f6cc03804b29eff44bd860c5d58159cfa69cec30d5c8739a1daab6d23e70db25062d0473ab188c7441812102339e34c0e79d070f69bae4da1f8bf73301dc92dfd2d6b4c7654fd5fcfa842073a24138d02094e497e1c53b9719cc5fce8895e328d48b607bc58092b9f4b1ffee3e40a67a5135c6a73111bbc39a07e2e3c3823a7f04e9d578ab95999146aaed2646c8bc3b560373db23c7a7970c4a2ac1b160b98cc06827f0b7c2911a4f6f61220524cfac59fd8568f84015c5bfe332644a2442c8af8da4644824bf275ea39f3fa6781d019c047723a97459064fcad66ad9350f78485d94e677098982964e75b0a3a8248a0dd2c18b979485d4a6ea61919898c4b13858ff6bbd0d56ff9137c59f5c0e4104df9c69852b41fbec85432deab9b1c3b2d825781e27d489892780029622f53ab803333706529b57a566a113354bb705", 0x1000}, {&(0x7f0000001b40)="001d8acd4c61143032efe472aa77097cebe3a69534f04b5ac76bdd21e6b132002a0ce444827f6a991f3780d4db785671a3d7e1a899ef5d4cca894f79180a711cae65aee709af157ff21869d5de7a2b376c7e179695e1b1b78aa95590c6ac4495e7bd3957b28210ca936f323dbe643cb50c83eb7c77e0c0b96183fe36b3b5893bf0712f868ce7e69702a600a2c98dee9929ae6a4d6757dd8ed5686012f3d21fa50e096aef8a1e1ab5d6697eeb7a1af5443c6c756a037aa129be0abddfb6d4e7439ce147e795003e019e24", 0xca}], 0x2, 0x0, 0x0, 0x4080800}}, {{&(0x7f0000001c40)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000001d80)=[{&(0x7f0000001cc0)="7e15b20e662389e4993bcf68f9275f139acdba065e8845c0e878c0430e0bc12aabd934a8323a2820fb8fd22e45a1440dfc370c968a7fc9ab209dec37f18d4d1e3100d458de9f2a216c5da75bfae1a65be54eef6e1dda707f4ffe28843900a7782c181f93c1293a0db3f3f4fbb4b050dffed2cdec939065d22b2ceb8e60e740282cc98274efcb4f6f", 0x88}], 0x1, 0x0, 0x0, 0x20008000}}, {{&(0x7f0000001dc0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000002040)=[{&(0x7f0000001e40)="ce77c311d54303dfae01cbb51c311d4e4ad5938132d111879769447788c938783b82", 0x22}, {&(0x7f0000001e80)="2e078452ea024cc32e8c8c10d16cac94225cad55e37065e848216fd481014f354faea741d6038aa4ecd1c55aa39a271b55ac6bca547081d79faaf6916b276ff51e3b91fc71fe943ce3f4f207f9219e31623fdb0572a751801185f54764c19569e68ba7c472eec0589d1333253ead92287807820fc3f795d94eb0e9cab2c63c58d45ee105202cb78e53e113fe15dd6137ea4713837b84b49ab52dc775caa795b7e56bf4d5596dfc97669f73be2c3cc3a56802dcdeea2d3d094dd13f92e76b34110d05f459656fa619efe08ebd059375137a9c6e93b85c4af719ddae22219ab492098d9a60a7e1e1e49b07b54d05e342286cd9e4", 0xf3}, {&(0x7f0000001f80)="740aacf8ca92dfbc50bb8983949761fcb4a9c6889cb4f18ea02070a5e7450c4b864afae242154cc2dedb1baf4494ece517658b12af5d6daaafb983b70684d0ac6ceab6dfa3e5ffb2a4910be0cb85802adaffc21ac4ecd5a793e46021b532262f09511c9ac8da4a9603e619f83f190610cc31283679523151ec84e9c9bd0b0e7061741c5bb25629b08ee58df4", 0x8c}], 0x3, 0x0, 0x0, 0x10}}, {{&(0x7f0000002080)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002580)=[{&(0x7f0000002100)="f74c087311afab1b3e48cf584364fd75dec439899f7680ca5f18a61df654fccec6ab41b7cb2973cf3bf282a58a0bca2a403f5e8db1196b0869eca51e7ad1cc4e74eac23518eae264819777de12075a727b53de569b4db2d425cab6d56d5ad5d6e050b7062d03b60f14ff694a6291b85f990ddf0aba0c85d330784fe407fa18b9bf2c1b8c52235f", 0x87}, {0x0}, {&(0x7f0000002280)="d07f645e51ecd7bd01459c20e518db2a091154ee7140674bf1c54b3260202f88e8d7127a22cdac951af363c7a20f9f43c8a9fd310598401aa00f426af23b76540ee442f0a91e12f1de5477a09a0631d9a0c776ee1d93d825d2b453ae13089a4eea2120c736da400d39cad64faa05299ecf07c819c1edf061c67e143e4b464856fbe60963a8ebcca1f3cc94c4907596d2960935c93d6ef9372ad9317ea1782cd4ef47d5a92b0b67d32a80ebbcbdee1a21bef75b25d246d4875b3a07a2d1842701f578a503390bf33815dc407b83ca2ee9c7b50794e2d6c45d7e401067a65b1ba13bfdd237a6871ce02b5f2273d012e643c39e999896fa069a33", 0xf9}, {&(0x7f0000002380)}, {0x0}, {0x0}], 0x6, 0x0, 0x0, 0x11}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004c00)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [r1]}}, @rights={{0x1c, 0x1, 0x1, [r3, r1, 0xffffffffffffffff]}}], 0x98, 0x4040010}}], 0x6, 0xc040)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008"], 0x5c}}, 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r8 = dup(r7)
r9 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x40)
dup3(r9, r8, 0x0)
ioctl$EVIOCGABS0(r9, 0x40044591, 0x0)

2.176177994s ago: executing program 0 (id=3293):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
rt_sigaction(0xfffffffe, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid()
syz_emit_ethernet(0x5e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6000ff6000280600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a00000000000000000000402000000294200"/28], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000400), 0xa00, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000440)=0x80)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, 0x0)
rt_tgsigqueueinfo(r3, 0x0, 0x2d, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$FUSE_POLL(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x2, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r7=>0x0}, &(0x7f0000cab000)=0xc)
setreuid(0x0, r7)
ioctl$VT_OPENQRY(r5, 0x4b4c, 0x0)
ptrace(0x10, r4)
ptrace$pokeuser(0x6, r4, 0x358, 0xffff88806b13da00)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @rand_addr, 0x6}, 0x1c)
listen(r0, 0xfff)
syz_emit_ethernet(0x8e, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x58, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x16, 0x2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}, @timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "d082e275205e556149a021cc13c33d89"}, @window={0x3, 0x3}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @sack_perm={0x4, 0x2}, @fastopen={0x22, 0x6, "cf6af75d"}, @md5sig={0x13, 0x12, "27406263e43d5959a166a23bd1116edc"}]}}}}}}}}, 0x0)

1.986166667s ago: executing program 3 (id=3294):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003740)=[{{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000007000)="c367d19bdc46408b18bf5015473de305a358ef7ab35606865f0d0489f7e8b6d29f736f6f2b7a8226350fe8b041337f2bdea557ca97f32175fe220c15f88c33505ed7555c994e055865b78546cc96f2a047ed2dea2b5877132a08e8f3c66a7424af405148506971c4b65a70f5c612b51497fe7565759e4acac1", 0x79}], 0x1}}], 0x1, 0x10c4)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x6, 0x83a, &(0x7f0000000180)="92bb40e89d03ccbf25cd2b3ac6db0d67d3f4463e14a9cb69c893c5d0e1f4b3a5709e9a6e8b3fe56505da761415d293d748b46d0042001ca211d5371a6fb03f40a4e82f3201785e6ab4bc2243b03a2f029d6fcf65ee22ccda30de9c0f6702d2724d24338d1868899bac29b45057666e8be56d8a0c03970d86d38a8b490398596ffc948ad0d6875cdfd8235cd0dd7ae8c1db57fea1762c81f430d8795b91e4d4c32843ab9144cb2660d8154a9e8b258dcaf86b4237862402dfc1e1c3b7f7a648665b640498705e1af7408c432b", &(0x7f0000000280)="fd5fe420dfee863531770da6f3e561d0252f4ac3efe884ea6c64d85ec990ef25cce4947a0e15d2a46f170cc5eab62f28240cdfc4cc197677d17a9e1122cddec0ac2391b89a0d84699f049b8f76875190ff19419208506b1f27d81b2db5675b0c2b77137e8540ceb67f1d2885dd5bb7157789e9862bc8d660e5ffb319d1e0e9dddb950cb8f172b484169d5cae8dbbd93207e064806e3016466806c3a2b4d90f11023a0f27cdd785b86d956f0dd71f792b62296a448e798674d1631e48a01f8872b54f2f12f8e3435cf05add46c387ef6fba3684582b189554c4b2cdcdf5316c2c189a7aa9", 0xcc, 0xe4})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="f2cd047b9f598b200e5ae07127f655c6e7801893213cd8bb000ea697ad7bfe0c533ca6225fa805160f416fce51a1454ed6b88cc9bc9ee6fdd994862e14bc401ee9be5be77ee0f72b3f55c3215ef7ca935ed579c5613e41ee692330fbeac7279b2d95e3e4fde4eebde65be10b6e784d567404b633524b92fde4a6877d9e0b596cd73236436d6ae871178d2f3d38c26ae3802370d7ba5e775119fd033abf75e5bfa7e9179275120be25cc47f6c1f31179861060dfb57146a181a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r5, 0x40044160, 0x3)
r9 = dup(r4)
write$UHID_INPUT(r9, &(0x7f0000000000)={0xc, {"a2e3ad214fc752f91b231a0987f70e06d038e7ff7fc6e5539b3272078b089b3b08384b090890e0878f0e1ac6e7049b334c959b669a240d5b67f3988f7ef3195201c0ffe8d17870000000001b1b5d500f0d30090936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb199f6b76383709d8f5c55432a909fda039aec54a1238580f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82999ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad0f765cf60bd0ba2f3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b599d0efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x98)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r10=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x1, r10})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f00000010c0)={0x48, 0x2, r10})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000340)={0x28, 0x6, r10, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2b8000000000000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)

1.083630321s ago: executing program 0 (id=3295):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x4002, 0x0)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='erofs\x00', 0x8, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x9, 0x3, 0x2b0, 0xf0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1e0, 0xffffffff, 0xffffffff, 0x1e0, 0xffffffff, 0x3, &(0x7f00000000c0), {[{{@ipv6={@private2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, [0xffffff00, 0xff, 0xff000000], [0xffffffff, 0xffffff00, 0xffffff00, 0xffffff00], 'vlan1\x00', 'batadv_slave_1\x00', {}, {0xff}, 0x2, 0xc8, 0x7, 0x11}, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x1ff, 0x5, 0x1, 'snmp\x00', {0x4}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)

673.595597ms ago: executing program 2 (id=3296):
prlimit64(0x0, 0xe, &(0x7f0000000400)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000d0bf779d415ee44d000000000000000000000000000000085fd1b3db8011c2ca94d19d9d7940cb645eb174a39c143d5fdac049090768328a7c24067429937a513589f1675e23e9c7e2563bcd68306222f0d49c1944288889a89cda3d0d7b197aff08d61efb3fa5370f1fcd1ef2c267e0c8a833573351ce21ea12a2f5724f8927df39289c42075b9fa92c13738bf12b12de576239c9024d2f220d64f7b03a99bfeed8ae6d06f8b749734b585395549ccd4feecab0a93fbb1ad29d9ee89ae0b2d545bb8fd8637ad5e978f3625f842a908a8b6f09a09686c86a1792d156b68f0c537f9cdfee995e75bd6cae22"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x14, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYBLOB="e5b2dbba", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002600000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e02742e8680d85ff9782762f0800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setaffinity(0x0, 0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb6f68000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
sendmsg$nl_route(r4, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000013000500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014000300766c616e30000000000000000000000005002100"], 0x44}}, 0x0)
splice(r2, 0x0, r3, 0x0, 0x10500, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x2b3, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r0, &(0x7f0000000000)={0xa0000004})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet(r8, &(0x7f0000000a00)={&(0x7f00000003c0)={0x2, 0x4e22, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000880)=ANY=[], 0x18}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)

608.065355ms ago: executing program 0 (id=3297):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
open$dir(&(0x7f0000002340)='./file1\x00', 0x6d65c0, 0x100)
fchownat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x100)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x85c}, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_mreq(r5, 0x29, 0x14, &(0x7f0000000140)={@mcast1}, 0x14)
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8b0b, &(0x7f0000000000)={'virt_wifi0\x00', @random="8dffffff0600"})
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), r4)
sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000126bd7000fcdbdf254b0000000c00a60000010000000000000c00a6000500000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x8014)
setsockopt$inet6_mreq(r5, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14)
syz_usb_disconnect(0xffffffffffffffff)
r8 = socket(0x10, 0x803, 0x0)
sendto(r8, &(0x7f0000000740)="1200000012", 0x5, 0x0, 0x0, 0x0)
recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0, 0x0, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000005c0))
close_range(r0, r5, 0x0)

500.789591ms ago: executing program 4 (id=3298):
r0 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$link(0x8, r0, r1) (fail_nth: 2)

0s ago: executing program 1 (id=3299):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
timer_gettime(0x0, &(0x7f0000000300))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-pclmul\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r4, &(0x7f00000005c0)=[{0x6, 0x0, 0x0, 0x0, @time, {0x6}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"272be5806cd46d7b9ff797a0"}}, {}], 0x70)
sendmmsg$sock(r3, &(0x7f0000003140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)}, {&(0x7f0000000440)="5573939838dce94c0f0e9ef552a5c8a4f53eddeb6ee8e58e7351a609c54a37d3", 0x20}], 0x2, &(0x7f0000000580)=[@timestamping={{0x14, 0x1, 0x25, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0xfffffffffffffff8}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x48}}, {{&(0x7f00000004c0)=@nfc={0x27, 0x0, 0x0, 0x2}, 0x80, &(0x7f0000003340)=[{&(0x7f0000000640)}, {&(0x7f0000000800)="5139a1e2a5afd6e37359e78bbe17e884b0", 0x11}, {&(0x7f0000000840)="f2f48cf1844a5e122d9ab98d3aa31ff61d4aa9213d501d011f5433530b0859e0cf6e58b807580751ebff0219b28931248e28cfcbe3f390ec8e7197486761dd343ed61b8450fc296cb57d55c0134bb2e6757282d40e835d", 0x57}, {&(0x7f0000000a40)="c99298532591fe7b0331758311d894c68c5ec5a4abf9e1ea551efdef95d62745655d33369714466a0ccb56b4f60508d9dfe5c9aca85e876e7493d8edc113b5e78f5df52b56d09539c381c8b80cfafdc74a0cc8c929c7871ec45e9434b7e29b6ff43d8a1d", 0x64}, {&(0x7f0000000b00)="6865b8fb2e720a8512ff01f6269848ed4cb0ce3e86c2ef7026ec7334de837b74a4a95041238bd4322a0f0a32684ccb84268aa9a66d0e0e7a97f12faf16b6ff19a7ee79385148ae603561b63c4b338a1b76865efa93965b3493153ae1a555537d69ee5df5e8b3a52a1803e7341919860cba24aa5df578b9bd00759c8a46ea072a2f424f255fc80fa18a4a4f2dda", 0x8d}, {&(0x7f0000000bc0)="de2d4f044b811cf783c33b59717f41a81b93fdd63beaea5042be843fb541f1e75396ebd82a0a5abdde1a8c42964b8b4e45571c6023de7740c266c441f0c5000d1b5bd99c93ab2d96b29a26cd992e587fa907ece9fa34f64cfa1a51c9c671dc3d6448b0316a12296e076821b94e76bfa5d12f5fd7783eb7391c9f5334ce5cf9e1ff80714c4e3e2dec65d08084df586b8763260bceda9ce0749cc8a28a4321c3c6058b5027b6d8f6c3185f163bc022cc3878e9f0cfef4943039e36759448f5271a9c9fa5aa1a0e0e6684bafa03df8300f0ab79fedc94", 0xd5}, {0x0}], 0x7, &(0x7f0000000d40)=[@timestamping={{0x14, 0x1, 0x25, 0xc5}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x8}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @timestamping={{0x14, 0x1, 0x25, 0x7e}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x7}}], 0xc0}}, {{&(0x7f0000000e00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x1, 0x4, 0x2, {0xa, 0x4e21, 0x10000, @private2, 0x80}}}, 0x80, &(0x7f0000001040)=[{&(0x7f0000000e80)="3d5949c9ff77fe98c0c80854c5d8fd5b7cd03e78b2cb2d262284078162e42771f82cf12d98e11ce0418cc84bbb27badecb07a63c77e0f7deb54fd13fef00fedd75c71012539fd24459445c01a75249b7a326dac767ebf375e1ee4b3a29367f62e1f8c466a15f8f15d10682424507366fa889d34113374d3106a3eb498275c3c985ccf0af46bf22e355b01d5b895600491554f5d21afd8d8e47459d6d984ee034db0d534f90d4057665c864fdcce1f2db52328d82", 0xb4}, {&(0x7f0000000f40)="d4150da2d1301603a585f3ca4beea2fd1e5e30efabfbec0dd08805b0857d34be0d44097059722fcc3caf51858dc98303a01ef3f6ce9f1ee862266a21520f1c0da0a173854bafb2304161799857022e419d60ea5029a21b85e66e511b94a6081e84cfcf2c510599c5c9e727261736f83a0c89727daf8c6e227be5e2f5540c24864f4464caf213ac9ccc5a41c9c44e5104745b03d03c5682b36369c80c972d63ccacf7c6c26cb4992768d97c6a4ebfdadac3e612abdd53fff3e713c68c15c8131036681e0527cde6188712240007eb4993f63a97e6d8bb4c7436bba092c16be18d6ebc0acd7dd88a483ba30de3292a0328efef367f", 0xf4}], 0x2}}, {{0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000001280)="c421ee69c94e7e4b512606b675efee368d5b3294356f49172fddf1d35a9c4468447803fb2b640a612112dd3813faa6fd7785bd5b86b08c1b8a172f98d27606d54645ce21c3cfbdfb40ece68c223aceea8bfc4ad86bea453cbf71e57eb88dafb03713905a52af2c88d43db5", 0x6b}, {&(0x7f0000000cc0)="4756bfa49719", 0x6}, {&(0x7f0000001340)}, {&(0x7f0000001440)}, {&(0x7f0000002440)}, {0x0}, {&(0x7f0000002680)="20311f170e7a73c2f2a0e06c106a6f75b23726b8e1f6a31f730536f985d1e3d23a029c52c241f281f9ce5bc12945adeca64422742c6db50f3b5a6419287d58fcf485e749b21e25a90d88cecc22ca9e7815668dfda6bce65851b9f8812ccd1abe58ee550589d25b145e6ec6821333cae4bb581d20ba0186674f0a8a8dd7ae4cc9210294a1996ac65d126ab650981aa752b9c039659aa82d9f01", 0x99}], 0x7, &(0x7f00000028c0)=[@timestamping={{0x14, 0x1, 0x25, 0x608d}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0xc8}}], 0x60}}, {{&(0x7f0000002dc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0xffff, 0x1, 0x0, 0x1, {0xa, 0x4e24, 0x2, @empty, 0x1}}}, 0x80, &(0x7f0000003100)=[{0x0}, {&(0x7f0000002fc0)="bf0bfd633777011137ff9668d58566136ad121716486b140fca0ecc6168a9e6f91f8312310b588dd7470eb897e", 0x2d}, {&(0x7f0000003040)}], 0x3}}], 0x5, 0x0)
sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3e8, 0x200, 0x70bd28, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x8080}, 0x40000)

kernel console output (not intermixed with test programs):

16760] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2707'.
[ 1468.183214][T16760] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2707'.
[ 1469.529077][T16772] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2710'.
[ 1474.023840][T16356] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[ 1474.248092][T16356] usb 3-1: Using ep0 maxpacket: 8
[ 1474.284297][T16356] usb 3-1: New USB device found, idVendor=0545, idProduct=800c, bcdDevice= 3.0a
[ 1474.330658][T16356] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1474.349269][T16356] usb 3-1: Product: syz
[ 1474.354185][T16356] usb 3-1: Manufacturer: syz
[ 1474.375106][T16356] usb 3-1: SerialNumber: syz
[ 1474.415123][T16356] usb 3-1: config 0 descriptor??
[ 1474.474082][T16356] gspca_main: xirlink-cit-2.14.0 probing 0545:800c
[ 1474.518767][T16356] input: xirlink-cit as /devices/platform/dummy_hcd.2/usb3/3-1/input/input42
[ 1474.706396][T16356] usb 3-1: USB disconnect, device number 45
[ 1475.529040][T10184] Bluetooth: hci1: unexpected event 0x30 length: 31 > 3
[ 1476.317605][   T25] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 1476.596341][   T25] usb 5-1: Using ep0 maxpacket: 32
[ 1476.669092][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1476.741664][   T25] usb 5-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1476.831506][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1476.894020][   T25] usb 5-1: config 0 descriptor??
[ 1477.536094][T16816] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1478.186396][ T5279] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[ 1478.465850][   T25] usbhid 5-1:0.0: can't add hid device: -71
[ 1478.482775][   T25] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1478.529518][ T5279] usb 3-1: Using ep0 maxpacket: 32
[ 1478.554691][   T25] usb 5-1: USB disconnect, device number 53
[ 1478.568565][T16821] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2723'.
[ 1478.577420][ T5279] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1478.610859][ T5279] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1478.629886][ T5279] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1478.665322][ T5279] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1478.727689][ T5279] usb 3-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15
[ 1478.751670][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1478.797988][ T5279] usb 3-1: config 0 descriptor??
[ 1479.302015][ T5279] hid-generic 0003:1B96:9F0A.000C: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.2-1/input0
[ 1479.729007][T16828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1479.871112][T16828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1480.217847][T16839] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1481.158112][T16843] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2728'.
[ 1481.168729][T16843] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2728'.
[ 1481.184111][ T5313] usb 3-1: reset high-speed USB device number 46 using dummy_hcd
[ 1481.923646][T16838] Bluetooth: hci5: unexpected event 0x30 length: 31 > 3
[ 1482.180664][T16858] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2734'.
[ 1483.120188][T16857] input: syz0 as /devices/virtual/input/input43
[ 1483.128521][T10184] Bluetooth: hci5: command 0x0406 tx timeout
[ 1483.167959][ T5279] usb 3-1: USB disconnect, device number 46
[ 1484.156349][ T5279] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1484.366411][ T5279] usb 1-1: Using ep0 maxpacket: 32
[ 1484.379490][   T29] audit: type=1400 audit(1726819081.043:866): avc:  denied  { read } for  pid=16878 comm="syz.1.2741" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1484.391052][ T5279] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1484.475529][ T5279] usb 1-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1484.524984][ T5279] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1484.625655][ T5279] usb 1-1: config 0 descriptor??
[ 1485.120372][ T5279] usbhid 1-1:0.0: can't add hid device: -71
[ 1485.166596][ T5279] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1485.253915][ T5279] usb 1-1: USB disconnect, device number 66
[ 1487.195721][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1487.362633][T16903] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2746'.
[ 1488.113139][T16901] 9pnet: Could not find request transport: xen
[ 1488.872484][T10184] Bluetooth: hci4: unexpected event 0x30 length: 31 > 3
[ 1489.374070][T16921] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2752'.
[ 1489.390310][T16921] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2752'.
[ 1489.749413][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1490.442055][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[ 1490.457249][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[ 1491.482240][T16941] dlm: no locking on control device
[ 1492.320225][T16950] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2758'.
[ 1492.332403][T16950] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2758'.
[ 1493.146382][T16953] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2759'.
[ 1494.781213][T10184] Bluetooth: hci5: unexpected event 0x30 length: 31 > 3
[ 1495.384958][T16982] dlm: no locking on control device
[ 1496.419133][T16985] overlayfs: overlapping lowerdir path
[ 1496.984867][T16991] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1497.995237][T16995] FAULT_INJECTION: forcing a failure.
[ 1497.995237][T16995] name failslab, interval 1, probability 0, space 0, times 0
[ 1498.065285][T16995] CPU: 0 UID: 0 PID: 16995 Comm: syz.2.2772 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1498.075991][T16995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1498.086154][T16995] Call Trace:
[ 1498.089548][T16995]  <TASK>
[ 1498.092490][T16995]  dump_stack_lvl+0x16c/0x1f0
[ 1498.097223][T16995]  should_fail_ex+0x497/0x5b0
[ 1498.101946][T16995]  ? fs_reclaim_acquire+0xae/0x160
[ 1498.107101][T16995]  should_failslab+0xc2/0x120
[ 1498.111828][T16995]  kmem_cache_alloc_noprof+0x6e/0x2f0
[ 1498.117276][T16995]  ? fcntl_setlk+0xad/0xe20
[ 1498.121859][T16995]  fcntl_setlk+0xad/0xe20
[ 1498.126262][T16995]  ? __pfx_fcntl_setlk+0x10/0x10
[ 1498.131355][T16995]  ? __pfx_lock_release+0x10/0x10
[ 1498.136461][T16995]  ? __pfx___might_resched+0x10/0x10
[ 1498.141901][T16995]  ? __might_fault+0xe3/0x190
[ 1498.146661][T16995]  do_fcntl+0xb60/0x1510
[ 1498.151061][T16995]  ? __pfx_do_fcntl+0x10/0x10
[ 1498.155844][T16995]  ? selinux_file_fcntl+0x93/0x170
[ 1498.161032][T16995]  __x64_sys_fcntl+0x174/0x200
[ 1498.165943][T16995]  do_syscall_64+0xcd/0x250
[ 1498.170521][T16995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1498.176501][T16995] RIP: 0033:0x7fcb1437def9
[ 1498.181067][T16995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1498.200740][T16995] RSP: 002b:00007fcb150d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[ 1498.209217][T16995] RAX: ffffffffffffffda RBX: 00007fcb14535f80 RCX: 00007fcb1437def9
[ 1498.217428][T16995] RDX: 00000000200031c0 RSI: 0000000000000026 RDI: 0000000000000005
[ 1498.225464][T16995] RBP: 00007fcb150d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1498.233509][T16995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1498.241535][T16995] R13: 0000000000000000 R14: 00007fcb14535f80 R15: 00007ffef84a7d28
[ 1498.249590][T16995]  </TASK>
[ 1498.629304][T17003] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2774'.
[ 1499.169998][   T29] audit: type=1400 audit(1726819095.833:867): avc:  denied  { connect } for  pid=17006 comm="syz.2.2776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1499.476296][T17017] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2778'.
[ 1499.485487][T17017] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2778'.
[ 1500.270143][T17016] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2777'.
[ 1500.279590][T17016] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2777'.
[ 1500.922992][T17031] dlm: no locking on control device
[ 1500.976644][T17027] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2781'.
[ 1500.985792][T17027] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2781'.
[ 1502.894637][T10184] Bluetooth: hci2: unexpected event 0x30 length: 31 > 3
[ 1504.223368][T17065] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2788'.
[ 1505.266845][   T25] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[ 1505.470860][T17074] dlm: no locking on control device
[ 1505.506302][   T25] usb 3-1: Using ep0 maxpacket: 32
[ 1506.426912][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1506.467355][   T25] usb 3-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1506.508925][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1506.579036][   T25] usb 3-1: config 0 descriptor??
[ 1506.736822][T17080] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2794'.
[ 1506.745851][T17080] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2794'.
[ 1508.153223][   T25] usbhid 3-1:0.0: can't add hid device: -71
[ 1508.171533][   T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1508.232285][   T25] usb 3-1: USB disconnect, device number 47
[ 1510.371272][T17106] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2800'.
[ 1511.891528][T17118] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2803'.
[ 1512.917495][T17122] dlm: no locking on control device
[ 1514.195246][T17133] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2807'.
[ 1514.204470][T17133] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2807'.
[ 1515.436472][ T5313] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1515.836439][ T5313] usb 2-1: Using ep0 maxpacket: 32
[ 1515.845305][ T5313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1515.859746][ T5313] usb 2-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1516.036881][ T5313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1516.053289][ T5313] usb 2-1: config 0 descriptor??
[ 1516.404057][T17152] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2813'.
[ 1517.254644][ T5313] usbhid 2-1:0.0: can't add hid device: -71
[ 1517.315921][ T5313] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1517.404374][ T5313] usb 2-1: USB disconnect, device number 63
[ 1517.918678][T17164] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2817'.
[ 1518.432433][T17173] dlm: no locking on control device
[ 1519.416482][   T29] audit: type=1400 audit(1726819116.063:868): avc:  denied  { write } for  pid=17161 comm="syz.4.2817" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[ 1520.620973][T17185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2820'.
[ 1521.452626][T17186] input: syz0 as /devices/virtual/input/input44
[ 1521.545195][T17189] fuse: Bad value for 'fd'
[ 1522.353469][T17199] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1523.370373][ T5232] Bluetooth: hci4: command 0x0406 tx timeout
[ 1523.651960][T17208] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2826'.
[ 1525.418538][T17228] dlm: no locking on control device
[ 1527.565540][    T9] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1527.826345][    T9] usb 1-1: Using ep0 maxpacket: 32
[ 1527.842162][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1527.884628][    T9] usb 1-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1527.921351][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1527.997778][    T9] usb 1-1: config 0 descriptor??
[ 1528.504030][    T9] usbhid 1-1:0.0: can't add hid device: -71
[ 1528.514222][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1528.534200][    T9] usb 1-1: USB disconnect, device number 67
[ 1529.238413][T17260] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2837'.
[ 1529.247675][T17260] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2837'.
[ 1530.134585][T17262] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2838'.
[ 1534.337280][ T5313] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1534.556493][ T5313] usb 1-1: Using ep0 maxpacket: 32
[ 1534.628124][ T5313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1534.668368][ T5313] usb 1-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1534.716344][ T5313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1534.779354][ T5313] usb 1-1: config 0 descriptor??
[ 1535.521616][ T5313] usbhid 1-1:0.0: can't add hid device: -71
[ 1535.570118][ T5313] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1535.632220][ T5313] usb 1-1: USB disconnect, device number 68
[ 1540.019337][T17363] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2863'.
[ 1541.455810][   T29] audit: type=1400 audit(1726819138.113:869): avc:  denied  { checkpoint_restore } for  pid=17367 comm="syz.0.2865" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1541.757123][T17374] 9pnet_fd: Insufficient options for proto=fd
[ 1543.496364][   T25] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1543.726395][   T25] usb 4-1: Using ep0 maxpacket: 32
[ 1543.754508][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1543.846442][   T25] usb 4-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1543.876280][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1543.969804][   T25] usb 4-1: config 0 descriptor??
[ 1544.634673][   T25] usbhid 4-1:0.0: can't add hid device: -71
[ 1544.658051][   T25] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1544.702995][   T25] usb 4-1: USB disconnect, device number 42
[ 1544.943362][T17390] serio: Serial port pts0
[ 1545.762784][T17404] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2873'.
[ 1546.554673][ T5232] block nbd1: Receive control failed (result -32)
[ 1546.564878][T16838] block nbd1: Receive control failed (result -32)
[ 1546.606421][T17408] block nbd1: shutting down sockets
[ 1548.124357][T17425] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1549.306386][T17436] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2882'.
[ 1549.917607][T17445] serio: Serial port pts1
[ 1549.923988][T17444] serio: Serial port pts0
[ 1550.843318][T17450] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2884'.
[ 1550.878300][T17450] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes.
[ 1551.780169][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[ 1551.786684][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[ 1552.141455][T17457] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2886'.
[ 1553.806626][T16838] Bluetooth: hci5: unexpected event 0x30 length: 31 > 3
[ 1553.957055][T17480] input: syz0 as /devices/virtual/input/input45
[ 1556.821657][T17514] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2901'.
[ 1557.980215][T17524] dlm: no locking on control device
[ 1559.038361][   T29] audit: type=1326 audit(1726819155.703:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17526 comm="syz.3.2906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3375f7def9 code=0x7ffc0000
[ 1559.137074][   T29] audit: type=1326 audit(1726819155.723:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17526 comm="syz.3.2906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3375f7def9 code=0x7ffc0000
[ 1559.219602][   T29] audit: type=1326 audit(1726819155.723:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17526 comm="syz.3.2906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3375f7def9 code=0x7ffc0000
[ 1559.356336][   T29] audit: type=1326 audit(1726819155.723:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17526 comm="syz.3.2906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3375f7def9 code=0x7ffc0000
[ 1560.829329][  T939] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1561.198162][  T939] usb 5-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=c2.c6
[ 1561.207700][  T939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1561.239797][  T939] usb 5-1: config 0 descriptor??
[ 1561.820121][T17533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1561.890021][T17533] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1561.981216][  T939] mxuport 5-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[ 1562.019443][  T939] mxuport 5-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[ 1562.070158][  T939] mxuport 5-1:0.0: probe with driver mxuport failed with error -71
[ 1562.157073][  T939] usb 5-1: USB disconnect, device number 54
[ 1563.046669][T17559] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2915'.
[ 1563.055853][T17559] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2915'.
[ 1564.277338][T17566] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2917'.
[ 1564.286872][T17566] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2917'.
[ 1564.945341][T17570] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2919'.
[ 1565.047585][T17575] dlm: no locking on control device
[ 1566.297293][T17585] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2923'.
[ 1566.332405][T17585] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1566.390071][    T9] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1566.438939][T16838] Bluetooth: hci1: unexpected event 0x30 length: 31 > 3
[ 1566.631000][    T9] usb 4-1: config 0 has no interfaces?
[ 1566.749314][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[ 1566.832994][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.852561][T16838] Bluetooth: hci2: unexpected event 0x30 length: 31 > 3
[ 1566.890536][    T9] usb 4-1: config 0 descriptor??
[ 1567.990091][   T29] audit: type=1400 audit(1726819164.623:874): avc:  denied  { set_context_mgr } for  pid=17579 comm="syz.3.2922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1568.559803][T17600] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2922'.
[ 1568.715973][   T29] audit: type=1400 audit(1726819165.373:875): avc:  denied  { map } for  pid=17579 comm="syz.3.2922" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1568.782265][T17600] binder: 17579:17600 ioctl c0306201 20000340 returned -22
[ 1568.978629][T17611] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2928'.
[ 1568.987899][T17611] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2928'.
[ 1570.002199][T17615] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2929'.
[ 1571.149145][T17629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2933'.
[ 1571.159540][T17629] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1571.715415][T17625] serio: Serial port pts0
[ 1572.280522][ T5279] usb 4-1: USB disconnect, device number 43
[ 1573.848544][T17647] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2937'.
[ 1573.861573][T17647] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1576.960082][T17670] serio: Serial port pts0
[ 1576.969428][T17681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2945'.
[ 1576.980319][T17681] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1578.496402][ T5289] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1579.536344][ T5289] usb 1-1: Using ep0 maxpacket: 32
[ 1579.567953][ T5289] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1579.592796][ T5289] usb 1-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1579.644674][ T5289] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1579.759758][ T5289] usb 1-1: config 0 descriptor??
[ 1579.964754][T17699] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2950'.
[ 1579.974168][T17699] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2950'.
[ 1581.479590][ T5289] usbhid 1-1:0.0: can't add hid device: -71
[ 1581.544248][ T5289] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1581.604515][ T5289] usb 1-1: USB disconnect, device number 69
[ 1581.717071][T17708] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2952'.
[ 1581.734272][T17706] serio: Serial port pts0
[ 1582.070559][T17709] serio: Serial port pts1
[ 1583.342622][T17724] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2955'.
[ 1586.465335][   T29] audit: type=1400 audit(1726819183.123:876): avc:  denied  { read write } for  pid=17743 comm="syz.0.2962" name="nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1586.489003][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1586.829064][   T29] audit: type=1400 audit(1726819183.153:877): avc:  denied  { open } for  pid=17743 comm="syz.0.2962" path="/dev/nvram" dev="devtmpfs" ino=625 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1586.852651][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1587.892996][T17753] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2960'.
[ 1588.228212][T17753] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1589.858022][T17769] input: syz0 as /devices/virtual/input/input46
[ 1589.872115][T17772] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2966'.
[ 1591.092299][T17778] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1592.726376][T17784] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2969'.
[ 1592.934259][ T5289] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1593.834384][ T5289] usb 2-1: Using ep0 maxpacket: 32
[ 1593.863504][ T5289] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1593.876534][T17806] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2974'.
[ 1593.923822][ T5289] usb 2-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[ 1593.958273][ T5289] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1594.019537][ T5289] usb 2-1: config 0 descriptor??
[ 1594.854784][T17817] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2977'.
[ 1595.697868][ T5289] usbhid 2-1:0.0: can't add hid device: -71
[ 1595.729309][ T5289] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1595.777687][T17822] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2978'.
[ 1595.804058][ T5289] usb 2-1: USB disconnect, device number 64
[ 1595.856033][T17822] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[ 1599.056453][T17837] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1599.067582][T17838] serio: Serial port pts0
[ 1601.256753][   T29] audit: type=1400 audit(1726819197.893:878): avc:  denied  { setopt } for  pid=17850 comm="syz.1.2985" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1603.783025][T17875] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2991'.
[ 1604.594147][T17879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2992'.
[ 1605.136896][T16838] Bluetooth: hci4: unexpected event 0x30 length: 31 > 3
[ 1606.099935][T17885] input: syz0 as /devices/virtual/input/input47
[ 1607.401176][T17910] syz.2.3000[17910] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1607.401439][T17910] syz.2.3000[17910] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1607.435457][T17910] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3000'.
[ 1607.677884][T17904] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2996'.
[ 1607.851716][T17913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32792 sclass=netlink_route_socket pid=17913 comm=syz.1.2997
[ 1608.232567][T17913] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1608.355357][T17913] batadv_slave_0: entered allmulticast mode
[ 1608.560195][T17897] block nbd1: shutting down sockets
[ 1608.844393][T17924] FAULT_INJECTION: forcing a failure.
[ 1608.844393][T17924] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 1608.907154][T17924] CPU: 1 UID: 0 PID: 17924 Comm: syz.2.3002 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1608.917657][T17924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1608.927750][T17924] Call Trace:
[ 1608.931039][T17924]  <TASK>
[ 1608.933984][T17924]  dump_stack_lvl+0x16c/0x1f0
[ 1608.938690][T17924]  should_fail_ex+0x497/0x5b0
[ 1608.943415][T17924]  _copy_from_user+0x30/0xf0
[ 1608.948037][T17924]  video_usercopy+0xb54/0x1600
[ 1608.952932][T17924]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1608.958343][T17924]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1608.965236][T17924]  ? __pfx_video_usercopy+0x10/0x10
[ 1608.970482][T17924]  v4l2_ioctl+0x1ba/0x250
[ 1608.974831][T17924]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1608.979718][T17924]  __x64_sys_ioctl+0x18d/0x210
[ 1608.984500][T17924]  do_syscall_64+0xcd/0x250
[ 1608.989021][T17924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1608.994949][T17924] RIP: 0033:0x7fcb1437def9
[ 1608.999380][T17924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1609.019012][T17924] RSP: 002b:00007fcb150d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1609.027443][T17924] RAX: ffffffffffffffda RBX: 00007fcb14535f80 RCX: 00007fcb1437def9
[ 1609.035516][T17924] RDX: 0000000020000080 RSI: 00000000c0285629 RDI: 0000000000000003
[ 1609.043501][T17924] RBP: 00007fcb150d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1609.051486][T17924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1609.059472][T17924] R13: 0000000000000000 R14: 00007fcb14535f80 R15: 00007ffef84a7d28
[ 1609.067476][T17924]  </TASK>
[ 1609.070558][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1609.746867][T17930] dlm: no locking on control device
[ 1609.936553][    T9] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[ 1610.146340][    T9] usb 3-1: Using ep0 maxpacket: 8
[ 1610.310112][    T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1610.567464][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1610.626706][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1610.676723][    T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1611.026328][    T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1611.035499][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1611.198875][T17936] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3005'.
[ 1611.356753][    T9] usb 3-1: GET_CAPABILITIES returned 0
[ 1611.363683][    T9] usbtmc 3-1:16.0: can't read capabilities
[ 1611.503773][T17938] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3006'.
[ 1611.528450][T17938] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3006'.
[ 1611.624473][    T9] usb 3-1: USB disconnect, device number 48
[ 1612.365123][T17946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3008'.
[ 1612.655177][T17949] input: syz0 as /devices/virtual/input/input48
[ 1613.215401][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[ 1613.221998][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[ 1613.996319][ T5313] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[ 1614.246428][ T5313] usb 3-1: Using ep0 maxpacket: 32
[ 1614.257514][ T5313] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1614.301522][ T5313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1614.388605][ T5313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1614.426236][ T5313] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1614.486654][ T5313] usb 3-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15
[ 1614.534015][ T5313] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1614.570884][ T5313] usb 3-1: config 0 descriptor??
[ 1615.155311][ T5313] hid-generic 0003:1B96:9F0A.000D: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.2-1/input0
[ 1615.366411][T17962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1615.401886][T17962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1615.586319][T17985] dlm: no locking on control device
[ 1617.001836][ T5313] usb 3-1: reset high-speed USB device number 49 using dummy_hcd
[ 1617.667605][T17995] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3019'.
[ 1617.776523][T17995] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3019'.
[ 1618.472098][T18000] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3020'.
[ 1618.610717][ T5289] usb 3-1: USB disconnect, device number 49
[ 1619.865820][T18008] input: syz0 as /devices/virtual/input/input49
[ 1619.889584][T18012] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3023'.
[ 1620.297562][T18014] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3024'.
[ 1620.306704][T18014] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3024'.
[ 1621.045628][T18025] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3026'.
[ 1621.220082][T18032] dlm: no locking on control device
[ 1622.237178][ T5289] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1623.246257][ T5289] usb 5-1: device descriptor read/64, error -71
[ 1623.688543][T18044] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3031'.
[ 1623.698379][T18044] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3031'.
[ 1623.779752][ T5289] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1623.800570][T18049] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3032'.
[ 1623.824441][T16838] Bluetooth: hci1: unexpected event 0x30 length: 31 > 3
[ 1623.946553][ T5289] usb 5-1: device descriptor read/64, error -71
[ 1624.160454][ T5289] usb usb5-port1: attempt power cycle
[ 1624.171800][T10915] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1624.593736][T10915] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1624.927215][T10915] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1625.249050][T10915] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1625.367939][T18061] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3040'.
[ 1625.839670][T18068] dlm: no locking on control device
[ 1626.866608][T10915] bridge_slave_1: left allmulticast mode
[ 1626.892758][T10915] bridge_slave_1: left promiscuous mode
[ 1626.932036][T10915] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1627.906482][T10915] bridge_slave_0: left allmulticast mode
[ 1627.912181][T10915] bridge_slave_0: left promiscuous mode
[ 1627.966579][T10915] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1629.087665][ T5232] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1629.117016][ T5232] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1629.127291][ T5232] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1629.155788][ T5232] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1629.169565][ T5232] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1629.199118][ T5232] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1629.447643][T18094] Bluetooth: hci5: ISO packet for unknown connection handle 0
[ 1629.658969][T18094] Bluetooth: hci5: unexpected event 0x30 length: 31 > 3
[ 1631.021826][T10915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1631.071815][T10915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1631.091490][T10915] bond0 (unregistering): Released all slaves
[ 1631.416473][T18094] Bluetooth: hci3: command tx timeout
[ 1631.457922][T18082] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3046'.
[ 1631.468724][T18082] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3046'.
[ 1631.718570][T18101] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3048'.
[ 1631.748946][T18103] input: syz0 as /devices/virtual/input/input51
[ 1632.436525][   T25] usb 5-1: new low-speed USB device number 58 using dummy_hcd
[ 1632.691112][   T25] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1632.703708][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1632.745245][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1632.764881][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1632.798850][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1632.829874][   T25] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1632.879437][T18123] dlm: no locking on control device
[ 1632.891282][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1633.181249][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1633.219231][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1633.468293][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1633.489783][   T25] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1633.498680][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1633.512381][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1633.524405][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1633.539524][   T25] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1633.717214][T18094] Bluetooth: hci3: command tx timeout
[ 1633.753424][   T25] usb 5-1: string descriptor 0 read error: -22
[ 1633.770165][   T25] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1633.786268][T10692] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1633.794833][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1633.915076][   T25] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1634.005429][T10915] hsr_slave_0: left promiscuous mode
[ 1634.027786][T10692] usb 1-1: Using ep0 maxpacket: 8
[ 1634.052106][T10692] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1634.097878][T10692] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[ 1634.124008][T10915] hsr_slave_1: left promiscuous mode
[ 1634.137599][T10692] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[ 1634.156424][T10692] usb 1-1: SerialNumber: syz
[ 1634.172999][T10915] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1634.183153][T10692] usb 1-1: config 0 descriptor??
[ 1634.220473][T10692] usb 1-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[ 1634.232097][T10915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1634.246384][T10915] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1634.271970][T10692] uvcvideo 1-1:0.0: Entity type for entity Output 255 was not initialized!
[ 1634.347184][T10692] usb 1-1: Failed to create links for entity 255
[ 1634.378437][T10692] usb 1-1: Failed to register entities (-22).
[ 1634.427722][T18116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1634.459897][T10915] veth1_macvtap: left promiscuous mode
[ 1634.476391][T10915] veth0_macvtap: left promiscuous mode
[ 1634.487426][T18116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1634.507162][T10915] veth1_vlan: left promiscuous mode
[ 1634.541928][T10915] veth0_vlan: left promiscuous mode
[ 1635.630708][   T29] audit: type=1400 audit(1726819461.293:879): avc:  denied  { getopt } for  pid=18144 comm="syz.2.3056" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1635.691711][T10692] usb 1-1: USB disconnect, device number 70
[ 1635.776361][T18094] Bluetooth: hci3: command tx timeout
[ 1639.866250][T18094] Bluetooth: hci3: command tx timeout
[ 1640.361607][   T29] audit: type=1400 audit(1726819466.013:880): avc:  denied  { setopt } for  pid=18158 comm="syz.2.3060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1640.633624][T10915] team0 (unregistering): Port device team_slave_1 removed
[ 1640.813873][T10915] team0 (unregistering): Port device team_slave_0 removed
[ 1643.133461][T18173] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3061'.
[ 1644.349991][T18091] chnl_net:caif_netlink_parms(): no params data found
[ 1644.554040][T10184] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1644.572832][T10184] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1644.588683][T10184] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1644.614353][T10184] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1644.623764][T10184] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1644.631889][T10184] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1645.056462][   T25] usb 5-1: USB disconnect, device number 58
[ 1645.447097][T10184] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1645.463358][T10184] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1645.480198][T10184] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1645.508247][T10184] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1645.519910][T10184] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1645.537209][T10184] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1645.890333][T18091] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1645.913717][T18091] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1645.946865][T18091] bridge_slave_0: entered allmulticast mode
[ 1645.973500][T18091] bridge_slave_0: entered promiscuous mode
[ 1646.007983][T18091] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1646.023921][T18091] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1646.041498][T18091] bridge_slave_1: entered allmulticast mode
[ 1646.059539][T18091] bridge_slave_1: entered promiscuous mode
[ 1646.738452][T10184] Bluetooth: hci4: command tx timeout
[ 1647.341340][T18091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1652.295206][T10184] Bluetooth: hci0: command tx timeout
[ 1652.302018][T10184] Bluetooth: hci4: command tx timeout
[ 1652.533871][T18091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1652.858539][T10915] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1652.887242][T18231] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 1652.887242][T18231] The task syz.0.3069 (18231) triggered the difference, watch for misbehavior.
[ 1653.145796][T10915] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1653.206073][T18091] team0: Port device team_slave_0 added
[ 1653.375411][T18235] netlink: 'syz.2.3070': attribute type 29 has an invalid length.
[ 1653.414160][T10915] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1653.543595][T18091] team0: Port device team_slave_1 added
[ 1653.819752][T10915] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1654.046693][T18091] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1654.068227][T18091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1654.157377][T18091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1654.300780][T18091] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1654.322515][T18091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1654.352357][T10184] Bluetooth: hci4: command tx timeout
[ 1654.357350][T16838] Bluetooth: hci0: command tx timeout
[ 1654.403101][T18091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1654.774063][   T29] audit: type=1400 audit(1726819480.413:881): avc:  denied  { unmount } for  pid=9130 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 1655.084573][T18091] hsr_slave_0: entered promiscuous mode
[ 1655.116746][T18091] hsr_slave_1: entered promiscuous mode
[ 1655.137713][T18091] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1655.158193][T18091] Cannot create hsr debugfs directory
[ 1655.704979][T18191] chnl_net:caif_netlink_parms(): no params data found
[ 1656.013586][T10915] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1656.127616][T18212] chnl_net:caif_netlink_parms(): no params data found
[ 1656.407057][T16838] Bluetooth: hci4: command tx timeout
[ 1656.416860][T16838] Bluetooth: hci0: command tx timeout
[ 1656.546944][T10915] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1656.983247][T10915] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1657.467119][T18279] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3073'.
[ 1657.675266][T10915] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1658.243453][T18191] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1658.264458][T18191] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1658.292058][T18191] bridge_slave_0: entered allmulticast mode
[ 1658.333980][T18191] bridge_slave_0: entered promiscuous mode
[ 1658.383266][T18191] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1658.398397][T18191] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1658.405828][T18191] bridge_slave_1: entered allmulticast mode
[ 1658.436355][T18191] bridge_slave_1: entered promiscuous mode
[ 1658.464724][T18212] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1658.486437][T16838] Bluetooth: hci0: command tx timeout
[ 1658.507386][T18212] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1658.514734][T18212] bridge_slave_0: entered allmulticast mode
[ 1658.577620][T18212] bridge_slave_0: entered promiscuous mode
[ 1658.924826][T18212] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1658.958208][T18212] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1658.965575][T18212] bridge_slave_1: entered allmulticast mode
[ 1659.022765][T18212] bridge_slave_1: entered promiscuous mode
[ 1660.266040][T18191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1660.419029][T18212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1660.536540][T10915] bridge_slave_1: left allmulticast mode
[ 1660.542342][T10915] bridge_slave_1: left promiscuous mode
[ 1660.607814][T10915] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1660.641405][T10915] bridge_slave_0: left allmulticast mode
[ 1660.647934][T10915] bridge_slave_0: left promiscuous mode
[ 1660.653852][T10915] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1660.682932][T10915] bridge_slave_1: left allmulticast mode
[ 1660.704333][T10915] bridge_slave_1: left promiscuous mode
[ 1660.731446][T10915] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1660.764390][T10915] bridge_slave_0: left allmulticast mode
[ 1660.773610][T10915] bridge_slave_0: left promiscuous mode
[ 1660.781974][T10915] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1664.164180][T18333] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1664.958688][T10915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1664.993079][T10915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1665.043116][T10915] bond0 (unregistering): Released all slaves
[ 1665.390850][T10915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1665.440777][T10915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1665.471498][T10915] bond0 (unregistering): Released all slaves
[ 1665.510077][T10915] bond1 (unregistering): Released all slaves
[ 1666.046568][T18342] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3082'.
[ 1666.061007][T18191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1666.258367][T18212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1667.943832][T18191] team0: Port device team_slave_0 added
[ 1668.023126][T18352] ./file0: Can't lookup blockdev
[ 1668.315259][T18191] team0: Port device team_slave_1 added
[ 1668.601018][T18212] team0: Port device team_slave_0 added
[ 1668.855088][T18212] team0: Port device team_slave_1 added
[ 1668.948782][T18191] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1668.972835][T18191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1672.782796][T18191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1673.077013][T18212] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1673.084046][T18212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1673.129149][T18212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1673.150092][T18212] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1673.157473][T18212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1673.206379][T18212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1673.239162][T18191] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1673.265073][T18191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1673.354318][T18191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1674.593557][T18373] serio: Serial port pts0
[ 1674.659131][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[ 1674.665601][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[ 1674.959527][T18191] hsr_slave_0: entered promiscuous mode
[ 1674.992037][T18191] hsr_slave_1: entered promiscuous mode
[ 1675.014469][T18191] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1675.022745][T18191] Cannot create hsr debugfs directory
[ 1675.155045][T10915] hsr_slave_0: left promiscuous mode
[ 1675.183374][T10915] hsr_slave_1: left promiscuous mode
[ 1675.208125][T10915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1675.232638][T10915] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1675.264402][T10915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1675.295577][T10915] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1675.391346][T10915] hsr_slave_0: left promiscuous mode
[ 1675.438189][T10915] hsr_slave_1: left promiscuous mode
[ 1675.482368][T10915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1675.499778][T10915] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1675.516528][T10915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1675.525404][T10915] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1675.727604][T10915] veth1_macvtap: left promiscuous mode
[ 1675.742440][T10915] veth0_macvtap: left promiscuous mode
[ 1675.772873][T10915] veth1_vlan: left promiscuous mode
[ 1675.778588][T10915] veth0_vlan: left promiscuous mode
[ 1675.791220][T10915] veth1_macvtap: left promiscuous mode
[ 1675.806500][T10915] veth0_macvtap: left promiscuous mode
[ 1675.825880][T10915] veth1_vlan: left promiscuous mode
[ 1675.833195][T10915] veth0_vlan: left promiscuous mode
[ 1676.495575][T18398] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3091'.
[ 1677.863516][T10915] team0 (unregistering): Port device team_slave_1 removed
[ 1678.425158][T10915] team0 (unregistering): Port device team_slave_0 removed
[ 1679.848484][T18409] input: syz0 as /devices/virtual/input/input53
[ 1680.373011][T18416] input: syz0 as /devices/virtual/input/input54
[ 1680.695796][T10915] team0 (unregistering): Port device team_slave_1 removed
[ 1680.827873][T10915] team0 (unregistering): Port device team_slave_0 removed
[ 1682.202973][T18212] hsr_slave_0: entered promiscuous mode
[ 1682.212476][T18212] hsr_slave_1: entered promiscuous mode
[ 1682.505850][T18091] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1683.138830][   T29] audit: type=1400 audit(1726819508.803:882): avc:  denied  { create } for  pid=18430 comm="syz.2.3100" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1683.189743][T18435] ntfs3: loop2: try to read out of volume at offset 0x0
[ 1683.223026][T18091] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1683.226804][   T29] audit: type=1400 audit(1726819508.853:883): avc:  denied  { mounton } for  pid=18430 comm="syz.2.3100" path="/488/file0" dev="tmpfs" ino=2599 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1683.263799][T18091] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1683.337205][T18433] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3099'.
[ 1683.376340][   T29] audit: type=1326 audit(1726819509.033:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18430 comm="syz.2.3100" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb1437def9 code=0x0
[ 1683.410789][T18091] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1683.961918][T18436] netlink: 'syz.2.3100': attribute type 6 has an invalid length.
[ 1683.969899][T18436] netlink: 148 bytes leftover after parsing attributes in process `syz.2.3100'.
[ 1684.015421][T18436] CIFS: VFS: Malformed UNC in devname
[ 1685.604619][   T29] audit: type=1400 audit(1726819511.263:885): avc:  denied  { unlink } for  pid=9130 comm="syz-executor" name="file0" dev="tmpfs" ino=2599 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1685.762001][T18452] serio: Serial port pts0
[ 1686.618830][T10184] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1686.637278][T10184] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1686.656269][T10184] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1686.675773][T10184] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1686.696729][T10184] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1686.705385][T10184] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1686.980404][   T29] audit: type=1400 audit(1726819512.643:886): avc:  denied  { accept } for  pid=18468 comm="syz.0.3104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1687.231936][   T29] audit: type=1400 audit(1726819512.893:887): avc:  denied  { shutdown } for  pid=18468 comm="syz.0.3104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1687.639993][T18191] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1687.710163][T18191] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1688.022897][T18191] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1688.101247][T18479] dlm: no locking on control device
[ 1688.896715][T10184] Bluetooth: hci5: command tx timeout
[ 1689.239082][T18191] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1690.388730][T18493] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3108'.
[ 1690.966983][T10184] Bluetooth: hci5: command tx timeout
[ 1690.998671][   T36] bridge_slave_1: left allmulticast mode
[ 1691.004410][   T36] bridge_slave_1: left promiscuous mode
[ 1691.018106][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1692.215664][   T36] bridge_slave_0: left allmulticast mode
[ 1692.236486][   T36] bridge_slave_0: left promiscuous mode
[ 1692.242475][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1692.697066][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1692.739847][ T5313] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[ 1692.750523][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1692.786889][   T36] bond0 (unregistering): Released all slaves
[ 1692.882209][T18463] chnl_net:caif_netlink_parms(): no params data found
[ 1692.946501][ T5313] usb 3-1: Using ep0 maxpacket: 32
[ 1692.955931][ T5313] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1692.979889][ T5313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1692.991630][ T5313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1693.001955][ T5313] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1693.025831][ T5313] usb 3-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15
[ 1693.044477][ T5313] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1693.046296][T10184] Bluetooth: hci5: command tx timeout
[ 1693.073070][ T5313] usb 3-1: config 0 descriptor??
[ 1693.102267][   T36] hsr_slave_0: left promiscuous mode
[ 1693.126697][   T36] hsr_slave_1: left promiscuous mode
[ 1693.135127][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1693.156528][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1693.577069][ T5313] hid-generic 0003:1B96:9F0A.000E: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.2-1/input0
[ 1693.759976][   T36] team0 (unregistering): Port device team_slave_1 removed
[ 1693.844501][   T36] team0 (unregistering): Port device team_slave_0 removed
[ 1693.965815][T18507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1693.982595][T18507] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1694.075612][    T9] usb 3-1: USB disconnect, device number 50
[ 1694.495712][T18212] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1694.524280][T18212] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1694.581698][T18212] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1694.621021][T18191] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1694.736217][T18520] dlm: no locking on control device
[ 1695.138235][T10184] Bluetooth: hci5: command tx timeout
[ 1695.444429][T18212] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1695.571055][T18463] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1695.585997][T18463] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1695.595925][T18463] bridge_slave_0: entered allmulticast mode
[ 1695.634780][T18463] bridge_slave_0: entered promiscuous mode
[ 1695.671426][T18463] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1695.687036][T18463] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1695.701195][T18463] bridge_slave_1: entered allmulticast mode
[ 1695.721393][T18463] bridge_slave_1: entered promiscuous mode
[ 1695.902367][T18191] 8021q: adding VLAN 0 to HW filter on device team0
[ 1695.967255][T18463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1695.985753][T18463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1696.158389][T18529] serio: Serial port pts1
[ 1696.254432][ T2544] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1696.261701][ T2544] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1696.325176][T18463] team0: Port device team_slave_0 added
[ 1696.339942][T18463] team0: Port device team_slave_1 added
[ 1696.440026][ T2544] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1696.447275][ T2544] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1696.565150][T18463] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1696.598029][T18463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1696.653318][T18463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1696.730586][T18463] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1696.754052][T18463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1696.810609][T18463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1697.213722][T18463] hsr_slave_0: entered promiscuous mode
[ 1697.221945][T18463] hsr_slave_1: entered promiscuous mode
[ 1697.247648][T18463] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1697.283791][T18463] Cannot create hsr debugfs directory
[ 1697.949420][T18212] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1698.154794][T18212] 8021q: adding VLAN 0 to HW filter on device team0
[ 1698.515041][ T2544] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1698.522295][ T2544] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1698.538538][ T5313] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[ 1698.645145][ T2544] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1698.652481][ T2544] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1699.111661][T18191] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1699.122289][ T5313] usb 3-1: Using ep0 maxpacket: 32
[ 1699.138555][ T5313] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1699.155685][ T5313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1699.216183][ T5313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1699.258628][T18559] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3119'.
[ 1699.274240][ T5313] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1699.306996][ T5313] usb 3-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15
[ 1699.350522][ T5313] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1699.381622][ T5313] usb 3-1: config 0 descriptor??
[ 1699.878685][ T5313] hid-generic 0003:1B96:9F0A.000F: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.2-1/input0
[ 1700.135558][T18463] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1700.216945][T18463] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1700.283676][T18463] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1700.384096][T18463] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1700.700871][T18212] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1700.727033][ T5313] usb 3-1: USB disconnect, device number 51
[ 1700.814487][T18191] veth0_vlan: entered promiscuous mode
[ 1700.979182][T18191] veth1_vlan: entered promiscuous mode
[ 1701.276044][T18212] veth0_vlan: entered promiscuous mode
[ 1701.320771][T18191] veth0_macvtap: entered promiscuous mode
[ 1701.415308][T18191] veth1_macvtap: entered promiscuous mode
[ 1701.449295][T18212] veth1_vlan: entered promiscuous mode
[ 1701.505837][   T29] audit: type=1400 audit(1726819527.133:888): avc:  denied  { connect } for  pid=18587 comm="syz.2.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1701.575099][T18191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1701.590422][T18191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1701.600666][T18191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1701.613294][T18191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1701.630483][T18191] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1701.649692][T18191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1701.668828][   T29] audit: type=1400 audit(1726819527.193:889): avc:  denied  { read } for  pid=18587 comm="syz.2.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1701.670925][T18191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1701.754830][T18191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1701.841956][T18599] dlm: no locking on control device
[ 1701.936221][T18191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1702.006410][T18191] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1702.843518][T18463] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1703.088693][T18463] 8021q: adding VLAN 0 to HW filter on device team0
[ 1703.097767][T18212] veth0_macvtap: entered promiscuous mode
[ 1703.133406][T18212] veth1_macvtap: entered promiscuous mode
[ 1703.202420][T10915] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1703.209679][T10915] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1703.399950][ T2510] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1703.407380][ T2510] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1703.512073][T18212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1703.566141][T18212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1703.621031][T18212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1703.678885][T18610] FAULT_INJECTION: forcing a failure.
[ 1703.678885][T18610] name failslab, interval 1, probability 0, space 0, times 0
[ 1703.681010][T18212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1703.776336][T18610] CPU: 0 UID: 0 PID: 18610 Comm: syz.2.3124 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1703.776470][T18212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1703.786986][T18610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1703.787009][T18610] Call Trace:
[ 1703.787022][T18610]  <TASK>
[ 1703.787036][T18610]  dump_stack_lvl+0x16c/0x1f0
[ 1703.787082][T18610]  should_fail_ex+0x497/0x5b0
[ 1703.787127][T18610]  ? fs_reclaim_acquire+0xae/0x160
[ 1703.787181][T18610]  should_failslab+0xc2/0x120
[ 1703.787220][T18610]  kmem_cache_alloc_noprof+0x6e/0x2f0
[ 1703.787279][T18610]  ? alloc_empty_file+0x73/0x1e0
[ 1703.787336][T18610]  alloc_empty_file+0x73/0x1e0
[ 1703.787392][T18610]  path_openat+0xe1/0x2d60
[ 1703.787439][T18610]  ? __pfx_mark_lock+0x10/0x10
[ 1703.787502][T18610]  ? __pfx_path_openat+0x10/0x10
[ 1703.787543][T18610]  ? stack_trace_save+0x95/0xd0
[ 1703.787593][T18610]  ? hlock_class+0x4e/0x130
[ 1703.787664][T18610]  do_filp_open+0x1dc/0x430
[ 1703.787708][T18610]  ? __pfx_do_filp_open+0x10/0x10
[ 1703.787788][T18610]  ? __virt_addr_valid+0x2b4/0x590
[ 1703.787832][T18610]  ? __pfx_lock_release+0x10/0x10
[ 1703.866155][T18212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1703.868028][T18610]  do_open_execat+0xfa/0x330
[ 1703.879618][T18212] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1703.882106][T18610]  ? __pfx_do_open_execat+0x10/0x10
[ 1703.919190][T18610]  ? __virt_addr_valid+0x5e/0x590
[ 1703.924294][T18610]  ? __phys_addr_symbol+0x30/0x80
[ 1703.929387][T18610]  ? __check_object_size+0x497/0x720
[ 1703.934747][T18610]  alloc_bprm+0x2b/0xc50
[ 1703.939047][T18610]  ? strncpy_from_user+0x274/0x320
[ 1703.944228][T18610]  do_execveat_common.isra.0+0x1cd/0x630
[ 1703.949928][T18610]  __x64_sys_execveat+0xda/0x120
[ 1703.954912][T18610]  do_syscall_64+0xcd/0x250
[ 1703.959482][T18610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1703.965425][T18610] RIP: 0033:0x7fcb1437def9
[ 1703.969884][T18610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1703.989527][T18610] RSP: 002b:00007fcb150d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[ 1703.997974][T18610] RAX: ffffffffffffffda RBX: 00007fcb14535f80 RCX: 00007fcb1437def9
[ 1704.005971][T18610] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1704.013965][T18610] RBP: 00007fcb150d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1704.021958][T18610] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[ 1704.029950][T18610] R13: 0000000000000000 R14: 00007fcb14535f80 R15: 00007ffef84a7d28
[ 1704.037962][T18610]  </TASK>
[ 1704.443697][T16838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1704.456067][T16838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1704.484748][T16838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1704.501532][T16838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1704.532002][T16838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1704.546349][T16838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1705.477707][T18631] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3127'.
[ 1705.512637][T16838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1705.527312][T16838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1705.537195][T16838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1705.548573][T16838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1705.563486][T16838] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1705.571521][T16838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1705.936414][T10692] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[ 1706.146234][T10692] usb 3-1: Using ep0 maxpacket: 32
[ 1706.160382][T10692] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1706.172614][T10692] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1706.205253][T10692] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1706.240675][T10692] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1706.300448][T10692] usb 3-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15
[ 1706.367537][T10692] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1706.418333][T10692] usb 3-1: config 0 descriptor??
[ 1706.660819][T10184] Bluetooth: hci3: command tx timeout
[ 1706.894934][T10692] hid-generic 0003:1B96:9F0A.0010: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.2-1/input0
[ 1707.561411][T18463] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1707.702894][T10184] Bluetooth: hci4: command tx timeout
[ 1707.712466][T18670] dlm: no locking on control device
[ 1708.348243][T10692] usb 3-1: reset high-speed USB device number 52 using dummy_hcd
[ 1708.726801][T10184] Bluetooth: hci3: command tx timeout
[ 1709.035342][T16356] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 1709.322999][T16356] usb 1-1: Using ep0 maxpacket: 8
[ 1709.517872][T10692] usb 3-1: device descriptor read/64, error -71
[ 1709.836515][T10692] usb 3-1: reset high-speed USB device number 52 using dummy_hcd
[ 1709.850334][T10184] Bluetooth: hci4: command tx timeout
[ 1709.855970][T18682] tipc: Started in network mode
[ 1709.857194][T10692] usb 3-1: device reset changed ep0 maxpacket size!
[ 1709.868055][T18682] tipc: Node identity 4, cluster identity 4711
[ 1709.872645][  T939] usb 3-1: USB disconnect, device number 52
[ 1709.880975][T18682] tipc: Node number set to 4
[ 1710.099863][T16356] usb 1-1: New USB device found, idVendor=17cc, idProduct=0815, bcdDevice=47.b7
[ 1710.806360][T10184] Bluetooth: hci3: command tx timeout
[ 1710.907557][  T939] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[ 1711.166648][  T939] usb 3-1: Using ep0 maxpacket: 16
[ 1711.207515][  T939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1711.220259][  T939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1711.341852][  T939] usb 3-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00
[ 1711.355442][  T939] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1711.356036][T16356] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1711.370552][  T939] usb 3-1: config 0 descriptor??
[ 1711.927942][T10184] Bluetooth: hci4: command tx timeout
[ 1712.134797][  T939] apple 0003:05AC:0246.0011: unknown main item tag 0xd
[ 1712.143953][  T939] apple 0003:05AC:0246.0011: unexpected long global item
[ 1712.338433][  T939] apple 0003:05AC:0246.0011: parse failed
[ 1712.350611][  T939] apple 0003:05AC:0246.0011: probe with driver apple failed with error -22
[ 1712.888285][T10184] Bluetooth: hci3: command tx timeout
[ 1714.006569][T10184] Bluetooth: hci4: command tx timeout
[ 1714.865055][T16356] usb 1-1: config 0 descriptor??
[ 1714.932971][T18613] chnl_net:caif_netlink_parms(): no params data found
[ 1714.962398][T16356] usb 1-1: can't set config #0, error -71
[ 1714.992180][ T2510] bridge_slave_1: left allmulticast mode
[ 1715.012181][ T2510] bridge_slave_1: left promiscuous mode
[ 1715.023861][T16356] usb 1-1: USB disconnect, device number 71
[ 1715.060252][ T2510] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1715.121621][ T2510] bridge_slave_0: left allmulticast mode
[ 1715.142060][ T2510] bridge_slave_0: left promiscuous mode
[ 1715.168311][ T2510] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1715.475172][T16356] usb 3-1: USB disconnect, device number 53
[ 1716.851638][T18713] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3136'.
[ 1717.009787][ T2510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1717.055636][ T2510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1717.083264][ T2510] bond0 (unregistering): Released all slaves
[ 1717.418701][ T2510] hsr_slave_0: left promiscuous mode
[ 1717.425035][ T2510] hsr_slave_1: left promiscuous mode
[ 1717.479959][ T2510] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1717.496365][ T2510] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1717.533893][ T2510] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1717.550209][ T2510] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1717.609716][ T2510] veth1_macvtap: left promiscuous mode
[ 1717.615409][ T2510] veth0_macvtap: left promiscuous mode
[ 1717.621922][ T2510] veth1_vlan: left promiscuous mode
[ 1717.628550][ T2510] veth0_vlan: left promiscuous mode
[ 1719.557075][ T2510] team0 (unregistering): Port device team_slave_1 removed
[ 1719.640423][ T2510] team0 (unregistering): Port device team_slave_0 removed
[ 1721.087315][T18752] dlm: no locking on control device
[ 1721.726614][T18629] chnl_net:caif_netlink_parms(): no params data found
[ 1722.064707][T18613] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1722.110967][T18613] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1722.146543][T18613] bridge_slave_0: entered allmulticast mode
[ 1722.155619][T18613] bridge_slave_0: entered promiscuous mode
[ 1722.219101][T18760] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1722.230308][T18613] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1722.241537][T18613] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1722.249058][T18613] bridge_slave_1: entered allmulticast mode
[ 1722.266774][T18613] bridge_slave_1: entered promiscuous mode
[ 1722.336295][ T5279] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1722.399026][T18613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1722.471611][T18463] veth0_vlan: entered promiscuous mode
[ 1722.483645][T18613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1722.523817][T18629] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1722.531908][T18629] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1722.540164][T18629] bridge_slave_0: entered allmulticast mode
[ 1722.549683][T18629] bridge_slave_0: entered promiscuous mode
[ 1722.556394][ T5279] usb 3-1: Using ep0 maxpacket: 32
[ 1722.564769][ T5279] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1722.594790][ T5279] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1722.616821][ T5279] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1722.638332][ T5279] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1722.665020][ T5279] usb 3-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15
[ 1722.683124][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1722.708216][ T5279] usb 3-1: config 0 descriptor??
[ 1722.805284][T18613] team0: Port device team_slave_0 added
[ 1722.820305][T18613] team0: Port device team_slave_1 added
[ 1722.859007][T18463] veth1_vlan: entered promiscuous mode
[ 1722.867580][T18629] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1722.875513][T18629] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1722.889456][T18629] bridge_slave_1: entered allmulticast mode
[ 1722.905886][T18629] bridge_slave_1: entered promiscuous mode
[ 1723.234830][T18613] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1723.257886][ T5279] hid-generic 0003:1B96:9F0A.0012: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.2-1/input0
[ 1723.269916][T18613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1723.331539][T18613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1723.369479][T18613] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1723.376791][T18613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1723.416925][T18613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1723.452759][T18629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1723.525158][T18629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1723.756064][T18783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1723.795946][T18783] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1723.872200][T18629] team0: Port device team_slave_0 added
[ 1723.904601][T18629] team0: Port device team_slave_1 added
[ 1724.114001][T18613] hsr_slave_0: entered promiscuous mode
[ 1724.137651][T18613] hsr_slave_1: entered promiscuous mode
[ 1724.148498][T18613] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1724.157834][T18613] Cannot create hsr debugfs directory
[ 1724.412393][T18629] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1724.422353][T18629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1724.455351][T18629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1724.499409][T16356] usb 3-1: USB disconnect, device number 54
[ 1724.641119][T18629] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1724.650966][T18629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1724.686224][T18629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1725.428548][T18629] hsr_slave_0: entered promiscuous mode
[ 1725.444785][T18629] hsr_slave_1: entered promiscuous mode
[ 1725.475751][T18629] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1725.499237][T18629] Cannot create hsr debugfs directory
[ 1725.505342][T18796] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3144'.
[ 1725.508695][T18463] veth0_macvtap: entered promiscuous mode
[ 1725.590651][T18463] veth1_macvtap: entered promiscuous mode
[ 1725.647078][T10692] usb 1-1: new low-speed USB device number 72 using dummy_hcd
[ 1725.838907][T10692] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1725.882799][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1725.894054][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1725.905791][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1725.918149][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1725.931358][T10692] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1725.941260][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1725.952011][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1725.962713][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1725.974664][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1725.996842][T10692] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1726.015673][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1726.052487][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1726.072916][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1726.094895][T10692] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1726.138217][T10692] usb 1-1: string descriptor 0 read error: -22
[ 1726.144601][T10692] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1726.193848][T10692] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1726.274184][T10692] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1726.290590][T18463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1726.322545][T18463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1726.366391][T18463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1726.386177][T18463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1726.406195][T18463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1726.427648][T18463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1726.457425][T18463] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1726.825757][ T2510] bridge_slave_1: left allmulticast mode
[ 1726.842194][ T2510] bridge_slave_1: left promiscuous mode
[ 1726.862973][ T2510] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1726.889422][ T2510] bridge_slave_0: left allmulticast mode
[ 1726.909590][ T2510] bridge_slave_0: left promiscuous mode
[ 1726.934009][ T2510] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1728.447109][ T2510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1728.475013][ T2510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1728.504654][ T2510] bond0 (unregistering): Released all slaves
[ 1728.828902][T16356] usb 1-1: USB disconnect, device number 72
[ 1729.068346][T18463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1729.106211][T18463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1729.130159][T18463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1729.141047][T18463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1729.194894][T18463] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1729.225353][T18823] dlm: no locking on control device
[ 1730.358280][ T2510] hsr_slave_0: left promiscuous mode
[ 1730.374080][ T2510] hsr_slave_1: left promiscuous mode
[ 1730.382039][ T2510] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1730.396312][ T2510] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1730.404571][T18826] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1730.405557][ T2510] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1730.483238][ T2510] veth1_macvtap: left promiscuous mode
[ 1730.490219][ T2510] veth0_macvtap: left promiscuous mode
[ 1730.498234][ T2510] veth1_vlan: left promiscuous mode
[ 1730.504937][ T2510] veth0_vlan: left promiscuous mode
[ 1732.925332][ T2510] team0 (unregistering): Port device team_slave_1 removed
[ 1733.001760][ T2510] team0 (unregistering): Port device team_slave_0 removed
[ 1733.822641][T18463] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1733.831661][T18463] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1733.840685][T18463] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1733.849584][T18463] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1736.043452][T18843] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3153'.
[ 1736.102648][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[ 1736.109234][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[ 1736.119224][ T1046] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1736.161247][ T1046] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1736.457631][T14558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1736.465526][T14558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1737.077451][T18862] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3037'.
[ 1737.086636][T18862] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3037'.
[ 1737.615874][T16356] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[ 1737.833380][T18865] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3155'.
[ 1737.927851][T16356] usb 1-1: device descriptor read/64, error -71
[ 1737.995333][T18613] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1738.077809][T18613] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1738.152732][T18613] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1738.194206][T18613] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1738.230668][T16356] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 1738.417183][T16356] usb 1-1: device descriptor read/64, error -71
[ 1738.552927][T16356] usb usb1-port1: attempt power cycle
[ 1738.659243][T18629] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1738.714716][T18629] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1738.781854][T18629] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1738.817578][T18629] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1738.848419][T18873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3156'.
[ 1738.996404][T16356] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[ 1739.043215][T18876] input: syz0 as /devices/virtual/input/input55
[ 1739.067970][T16356] usb 1-1: device descriptor read/8, error -71
[ 1739.376479][T16356] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 1739.462127][T16356] usb 1-1: device descriptor read/8, error -71
[ 1739.544380][T18613] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1739.618698][T16356] usb usb1-port1: unable to enumerate USB device
[ 1739.761579][T18613] 8021q: adding VLAN 0 to HW filter on device team0
[ 1739.904163][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1739.908872][T18881] serio: Serial port pts0
[ 1739.911486][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1739.985669][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1739.992937][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1740.110487][T18629] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1740.190456][T18888] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3160'.
[ 1740.227756][T18629] 8021q: adding VLAN 0 to HW filter on device team0
[ 1740.237491][T10692] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1740.359616][ T2510] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1740.366977][ T2510] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1740.468038][T10692] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1740.489636][T10692] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1740.509084][T14558] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1740.516462][T14558] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1740.545753][T10692] usb 3-1: Product: syz
[ 1740.554531][T10692] usb 3-1: Manufacturer: syz
[ 1740.567849][T10692] usb 3-1: SerialNumber: syz
[ 1740.603803][T10692] usb 3-1: config 0 descriptor??
[ 1740.669836][T10692] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 055
[ 1740.691906][T18895] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3161'.
[ 1741.614256][T18902] Bluetooth: MGMT ver 1.23
[ 1741.635012][   T29] audit: type=1326 audit(1726819567.293:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18882 comm="syz.2.3159" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb1437def9 code=0x0
[ 1742.539829][T10692] i2c i2c-1: connected i2c-tiny-usb device
[ 1743.198750][T18613] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1743.285564][T18629] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1743.771506][T18917] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3163'.
[ 1743.834445][ T5313] usb 3-1: USB disconnect, device number 55
[ 1744.117837][T18629] veth0_vlan: entered promiscuous mode
[ 1744.208176][T18629] veth1_vlan: entered promiscuous mode
[ 1744.444153][T18924] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3164'.
[ 1744.453826][T18924] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3164'.
[ 1744.938667][T18629] veth0_macvtap: entered promiscuous mode
[ 1744.991934][T18629] veth1_macvtap: entered promiscuous mode
[ 1745.172191][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1745.207525][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1745.246781][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1745.253908][T18931] serio: Serial port pts0
[ 1745.282414][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1745.317960][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1745.336290][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1745.384279][T18629] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1745.439774][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1745.458420][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1745.473979][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1745.507769][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1745.523314][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1745.547891][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1745.595427][T18629] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1745.606329][T10692] usb 2-1: new low-speed USB device number 65 using dummy_hcd
[ 1745.667352][T18629] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1745.681796][T18629] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1745.693565][T18629] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1745.702713][T18629] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1745.838875][T10692] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1745.847827][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1745.863289][T18937] input: syz0 as /devices/virtual/input/input56
[ 1745.864089][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1746.039621][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1746.065490][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1746.109752][T18613] veth0_vlan: entered promiscuous mode
[ 1746.138210][T10692] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1746.153427][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1746.213155][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1746.261492][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1746.287945][T18613] veth1_vlan: entered promiscuous mode
[ 1746.297186][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1746.321733][T10692] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1746.331558][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1746.354027][T18226] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1746.355084][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1746.393398][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1746.396502][T18226] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1746.425976][T10692] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1746.443624][T10692] usb 2-1: string descriptor 0 read error: -22
[ 1746.452748][T10692] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1746.497568][T10692] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1746.552842][T10692] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1746.651769][T18613] veth0_macvtap: entered promiscuous mode
[ 1746.808763][T18613] veth1_macvtap: entered promiscuous mode
[ 1746.825259][T10915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1746.850593][T10915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1746.977086][T18613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1747.026482][T18613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1747.065216][T18613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1747.087069][T18613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1747.108025][T18613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1747.160850][T18613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1747.176467][T18613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1747.206497][T18613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1747.259980][T18613] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1747.681755][T18953] dlm: no locking on control device
[ 1748.625306][T18613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1748.669235][T18613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1748.677779][T18955] serio: Serial port pts0
[ 1748.682878][T18613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1748.789256][T18613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1748.800120][T18613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1748.814941][T18613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1748.826324][T18613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1748.837473][T18613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1748.855139][T18613] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1748.879518][T18613] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1748.890637][T18613] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1748.900391][T18613] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1748.913616][T18613] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1749.005523][T10692] usb 2-1: USB disconnect, device number 65
[ 1749.081287][T18960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3171'.
[ 1749.494309][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1749.578954][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1749.740589][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1749.776027][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1749.877227][T18968] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3173'.
[ 1750.607766][T18965] serio: Serial port pts0
[ 1750.683898][T10184] Bluetooth: hci3: ISO packet for unknown connection handle 0
[ 1750.700056][T18977] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3174'.
[ 1750.853800][T10184] Bluetooth: hci3: unexpected event 0x30 length: 31 > 3
[ 1751.958486][T18983] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3175'.
[ 1752.048358][T18983] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3175'.
[ 1752.414046][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1752.690487][T18998] bridge0: port 3(syz_tun) entered blocking state
[ 1752.731836][T18998] bridge0: port 3(syz_tun) entered disabled state
[ 1752.755154][T18998] syz_tun: entered allmulticast mode
[ 1752.858350][T19004] dlm: no locking on control device
[ 1753.745278][T18998] syz_tun: entered promiscuous mode
[ 1753.782091][T18998] bridge0: port 3(syz_tun) entered blocking state
[ 1753.788866][T18998] bridge0: port 3(syz_tun) entered forwarding state
[ 1753.898146][T19009] FAULT_INJECTION: forcing a failure.
[ 1753.898146][T19009] name failslab, interval 1, probability 0, space 0, times 0
[ 1753.912539][   T29] audit: type=1400 audit(1726819579.553:891): avc:  denied  { map } for  pid=19008 comm="syz.1.3181" path="socket:[75594]" dev="sockfs" ino=75594 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1753.974488][T19009] CPU: 1 UID: 0 PID: 19009 Comm: syz.1.3181 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1753.984982][T19009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1753.995071][T19009] Call Trace:
[ 1753.998387][T19009]  <TASK>
[ 1754.001332][T19009]  dump_stack_lvl+0x16c/0x1f0
[ 1754.006134][T19009]  should_fail_ex+0x497/0x5b0
[ 1754.010866][T19009]  ? fs_reclaim_acquire+0xae/0x160
[ 1754.016014][T19009]  should_failslab+0xc2/0x120
[ 1754.020741][T19009]  kmem_cache_alloc_noprof+0x6e/0x2f0
[ 1754.026169][T19009]  ? __anon_vma_prepare+0x344/0x5e0
[ 1754.031422][T19009]  __anon_vma_prepare+0x344/0x5e0
[ 1754.036511][T19009]  expand_downwards+0xd7b/0x10d0
[ 1754.041475][T19009]  ? __pfx___might_resched+0x10/0x10
[ 1754.046807][T19009]  ? __pfx_expand_downwards+0x10/0x10
[ 1754.052427][T19009]  ? __pfx_find_vma+0x10/0x10
[ 1754.057168][T19009]  ? rep_movs_alternative+0x33/0x70
[ 1754.062423][T19009]  lock_mm_and_find_vma+0x26d/0x6a0
[ 1754.067677][T19009]  do_user_addr_fault+0x2b5/0x13f0
[ 1754.072871][T19009]  exc_page_fault+0x5c/0xc0
[ 1754.077424][T19009]  asm_exc_page_fault+0x26/0x30
[ 1754.082320][T19009] RIP: 0010:rep_movs_alternative+0x33/0x70
[ 1754.088275][T19009] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb
[ 1754.107914][T19009] RSP: 0018:ffffc900022dfe30 EFLAGS: 00050246
[ 1754.114009][T19009] RAX: 0000000600000005 RBX: 0000000000000008 RCX: 0000000000000008
[ 1754.122008][T19009] RDX: fffff5200045bfd2 RSI: ffffc900022dfe88 RDI: 0000000020002740
[ 1754.130006][T19009] RBP: 0000000020002740 R08: 0000000000000000 R09: fffff5200045bfd1
[ 1754.138005][T19009] R10: ffffc900022dfe8f R11: 0000000000000000 R12: ffffc900022dfe88
[ 1754.146001][T19009] R13: 0000000020002748 R14: 0000000000000000 R15: 0000000000000000
[ 1754.154055][T19009]  _copy_to_user+0xac/0xc0
[ 1754.158532][T19009]  do_pipe2+0x144/0x1d0
[ 1754.162733][T19009]  ? __pfx_do_pipe2+0x10/0x10
[ 1754.167454][T19009]  ? __pfx_ksys_write+0x10/0x10
[ 1754.172356][T19009]  __x64_sys_pipe+0x33/0x50
[ 1754.176912][T19009]  do_syscall_64+0xcd/0x250
[ 1754.181452][T19009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1754.187391][T19009] RIP: 0033:0x7f531c57def9
[ 1754.191830][T19009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1754.211558][T19009] RSP: 002b:00007f531d34d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016
[ 1754.220000][T19009] RAX: ffffffffffffffda RBX: 00007f531c735f80 RCX: 00007f531c57def9
[ 1754.227999][T19009] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020002740
[ 1754.236263][T19009] RBP: 00007f531d34d090 R08: 0000000000000000 R09: 0000000000000000
[ 1754.244269][T19009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1754.252291][T19009] R13: 0000000000000000 R14: 00007f531c735f80 R15: 00007fff9548ef88
[ 1754.260309][T19009]  </TASK>
[ 1756.528053][T19018] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3183'.
[ 1757.322595][T19034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3187'.
[ 1757.366643][T19030] serio: Serial port pts0
[ 1757.371870][T10184] Bluetooth: hci3: ISO packet for unknown connection handle 0
[ 1757.421755][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1757.625034][T10184] Bluetooth: hci3: unexpected event 0x30 length: 31 > 3
[ 1758.689771][   T29] audit: type=1400 audit(1726819584.353:892): avc:  denied  { execute } for  pid=19044 comm="syz.4.3190" path=2F6D656D66643A1033717D329ACEAF03DF795BD9FF5238F41C0869E45ED5FDA90DAC374194A0202864656C6574656429 dev="hugetlbfs" ino=75666 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1759.066161][T19050] dlm: no locking on control device
[ 1759.485541][T19053] overlayfs: failed to resolve './file0': -2
[ 1764.448278][T19086] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3198'.
[ 1764.503367][T19087] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3199'.
[ 1764.513722][T19087] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3199'.
[ 1764.537522][T19088] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3201'.
[ 1764.917767][T19096] dlm: no locking on control device
[ 1766.334437][T19102] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3203'.
[ 1766.343697][T19102] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1766.363459][T19102] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3203'.
[ 1766.372702][T19102] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3203'.
[ 1767.649921][T19111] bridge0: port 3(syz_tun) entered blocking state
[ 1767.696515][T19111] bridge0: port 3(syz_tun) entered disabled state
[ 1767.703167][T19111] syz_tun: entered allmulticast mode
[ 1767.742370][T19111] syz_tun: entered promiscuous mode
[ 1767.791575][T19111] bridge0: port 3(syz_tun) entered blocking state
[ 1767.798274][T19111] bridge0: port 3(syz_tun) entered forwarding state
[ 1767.873094][ T5313] hid (null): unknown global tag 0xd
[ 1767.886204][   T29] audit: type=1400 audit(1726819593.543:893): avc:  denied  { map } for  pid=19114 comm="syz.2.3209" path="socket:[76879]" dev="sockfs" ino=76879 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1767.930828][ T5313] hid (null): unknown global tag 0xc
[ 1767.933501][T19107] serio: Serial port pts0
[ 1767.962286][ T5313] hid-generic 0040:0005:0004.0013: unknown global tag 0xd
[ 1768.023656][ T5313] hid-generic 0040:0005:0004.0013: item 0 4 1 13 parsing failed
[ 1768.068401][ T5313] hid-generic 0040:0005:0004.0013: probe with driver hid-generic failed with error -22
[ 1770.166898][T10692] usb 3-1: new low-speed USB device number 56 using dummy_hcd
[ 1770.409033][T10692] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1770.429946][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1770.502278][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1770.532621][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1770.550875][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1770.582653][T10692] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1770.594970][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1770.609407][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1770.615328][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1770.654924][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1770.737696][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1770.763570][T10692] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1770.801418][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 1770.846673][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1770.903018][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[ 1770.964534][T10692] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1771.021077][T10692] usb 3-1: string descriptor 0 read error: -22
[ 1771.031218][T10692] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1771.111084][T10692] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1771.234840][T10692] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1772.011871][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1772.101878][T19147] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3217'.
[ 1772.451774][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1774.100169][T10692] usb 3-1: USB disconnect, device number 56
[ 1774.300722][T19168] FAULT_INJECTION: forcing a failure.
[ 1774.300722][T19168] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1774.362778][T19168] CPU: 1 UID: 0 PID: 19168 Comm: syz.4.3221 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1774.373460][T19168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1774.383561][T19168] Call Trace:
[ 1774.386883][T19168]  <TASK>
[ 1774.389934][T19168]  dump_stack_lvl+0x16c/0x1f0
[ 1774.394761][T19168]  should_fail_ex+0x497/0x5b0
[ 1774.399508][T19168]  _copy_from_user+0x30/0xf0
[ 1774.404176][T19168]  copy_msghdr_from_user+0x99/0x160
[ 1774.409451][T19168]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1774.415334][T19168]  ? __lock_acquire+0x1620/0x3cb0
[ 1774.420439][T19168]  ___sys_sendmsg+0xff/0x1e0
[ 1774.425099][T19168]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1774.430364][T19168]  ? find_held_lock+0x2d/0x110
[ 1774.435310][T19168]  ? __pfx___might_resched+0x10/0x10
[ 1774.440736][T19168]  ? __might_fault+0xe3/0x190
[ 1774.445486][T19168]  __sys_sendmmsg+0x1a1/0x450
[ 1774.450242][T19168]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1774.455599][T19168]  ? vfs_write+0x14d/0x1140
[ 1774.460166][T19168]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1774.466201][T19168]  ? fput+0x30/0x390
[ 1774.470144][T19168]  ? ksys_write+0x1ab/0x260
[ 1774.474675][T19168]  ? __pfx_ksys_write+0x10/0x10
[ 1774.479589][T19168]  __x64_sys_sendmmsg+0x9c/0x100
[ 1774.484575][T19168]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1774.489915][T19168]  do_syscall_64+0xcd/0x250
[ 1774.494498][T19168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1774.500464][T19168] RIP: 0033:0x7f7cfd77def9
[ 1774.505197][T19168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1774.524842][T19168] RSP: 002b:00007f7cfe5ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1774.533308][T19168] RAX: ffffffffffffffda RBX: 00007f7cfd935f80 RCX: 00007f7cfd77def9
[ 1774.541314][T19168] RDX: 00000000000002e9 RSI: 0000000020000480 RDI: 0000000000000003
[ 1774.549347][T19168] RBP: 00007f7cfe5ed090 R08: 0000000000000000 R09: 0000000000000000
[ 1774.557344][T19168] R10: 000000000000ffd8 R11: 0000000000000246 R12: 0000000000000002
[ 1774.565339][T19168] R13: 0000000000000000 R14: 00007f7cfd935f80 R15: 00007ffd4ed0bd08
[ 1774.573351][T19168]  </TASK>
[ 1776.646618][T18905] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 1776.846909][T19185] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3225'.
[ 1776.856397][T19185] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3225'.
[ 1776.869650][T18905] usb 1-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[ 1776.899805][T18905] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[ 1777.007341][T18905] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1777.026162][T18905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1777.034891][T18905] usb 1-1: SerialNumber: syz
[ 1777.241460][T18905] usb 1-1: can't set config #1, error -71
[ 1777.270131][T18905] usb 1-1: USB disconnect, device number 77
[ 1777.541290][T19193] binder: 19192:19193 ioctl c018620c 20000000 returned -22
[ 1778.721532][   T29] audit: type=1400 audit(1726819604.253:894): avc:  denied  { read } for  pid=19198 comm="syz.2.3231" name="btrfs-control" dev="devtmpfs" ino=1119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 1781.656234][   T29] audit: type=1400 audit(1726819604.283:895): avc:  denied  { open } for  pid=19198 comm="syz.2.3231" path="/dev/btrfs-control" dev="devtmpfs" ino=1119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 1782.474467][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1782.554703][T19209] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3232'.
[ 1782.800357][T19212] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19212 comm=syz.0.3234
[ 1785.490140][T19233] FAULT_INJECTION: forcing a failure.
[ 1785.490140][T19233] name failslab, interval 1, probability 0, space 0, times 0
[ 1785.543153][T19233] CPU: 0 UID: 0 PID: 19233 Comm: syz.2.3240 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1785.553646][T19233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1785.563808][T19233] Call Trace:
[ 1785.567172][T19233]  <TASK>
[ 1785.570189][T19233]  dump_stack_lvl+0x16c/0x1f0
[ 1785.574924][T19233]  should_fail_ex+0x497/0x5b0
[ 1785.579676][T19233]  ? fs_reclaim_acquire+0xae/0x160
[ 1785.584863][T19233]  should_failslab+0xc2/0x120
[ 1785.589601][T19233]  __kmalloc_cache_noprof+0x6b/0x300
[ 1785.594973][T19233]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 1785.602396][T19233]  ? genl_start+0x1e7/0x950
[ 1785.606986][T19233]  genl_start+0x1e7/0x950
[ 1785.611369][T19233]  __netlink_dump_start+0x607/0x970
[ 1785.616600][T19233]  genl_family_rcv_msg_dumpit+0x1e1/0x2e0
[ 1785.622352][T19233]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 1785.628631][T19233]  ? __pfx_genl_get_cmd+0x10/0x10
[ 1785.633678][T19233]  ? __pfx_genl_start+0x10/0x10
[ 1785.638553][T19233]  ? __pfx_genl_dumpit+0x10/0x10
[ 1785.643513][T19233]  ? __pfx_genl_done+0x10/0x10
[ 1785.648307][T19233]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1785.653638][T19233]  genl_rcv_msg+0x470/0x800
[ 1785.658286][T19233]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1785.663339][T19233]  ? __pfx___lock_acquire+0x10/0x10
[ 1785.668587][T19233]  ? __pfx_smcr_nl_get_device+0x10/0x10
[ 1785.674199][T19233]  netlink_rcv_skb+0x16b/0x440
[ 1785.678990][T19233]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1785.684042][T19233]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1785.689387][T19233]  ? down_read+0xc9/0x330
[ 1785.693739][T19233]  ? __pfx_down_read+0x10/0x10
[ 1785.698523][T19233]  ? netlink_deliver_tap+0x1ae/0xd90
[ 1785.703837][T19233]  genl_rcv+0x28/0x40
[ 1785.707853][T19233]  netlink_unicast+0x53c/0x7f0
[ 1785.712645][T19233]  ? __pfx_netlink_unicast+0x10/0x10
[ 1785.717963][T19233]  netlink_sendmsg+0x8b8/0xd70
[ 1785.722762][T19233]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1785.728068][T19233]  ? __import_iovec+0x1fd/0x6e0
[ 1785.733067][T19233]  ____sys_sendmsg+0xaaf/0xc90
[ 1785.737864][T19233]  ? copy_msghdr_from_user+0x10b/0x160
[ 1785.743372][T19233]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1785.748713][T19233]  ? __pfx___lock_acquire+0x10/0x10
[ 1785.753965][T19233]  ___sys_sendmsg+0x135/0x1e0
[ 1785.758675][T19233]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1785.763898][T19233]  ? find_held_lock+0x2d/0x110
[ 1785.768797][T19233]  ? ksys_write+0x21c/0x260
[ 1785.773341][T19233]  ? __fget_light+0x173/0x210
[ 1785.778163][T19233]  __sys_sendmsg+0x117/0x1f0
[ 1785.782801][T19233]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1785.787981][T19233]  do_syscall_64+0xcd/0x250
[ 1785.792518][T19233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1785.798447][T19233] RIP: 0033:0x7fcb1437def9
[ 1785.802880][T19233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1785.822614][T19233] RSP: 002b:00007fcb150d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1785.831140][T19233] RAX: ffffffffffffffda RBX: 00007fcb14535f80 RCX: 00007fcb1437def9
[ 1785.839142][T19233] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[ 1785.847133][T19233] RBP: 00007fcb150d2090 R08: 0000000000000000 R09: 0000000000000000
[ 1785.855129][T19233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1785.863115][T19233] R13: 0000000000000000 R14: 00007fcb14535f80 R15: 00007ffef84a7d28
[ 1785.871230][T19233]  </TASK>
[ 1786.186546][ T5313] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1786.407264][ T5313] usb 2-1: Using ep0 maxpacket: 32
[ 1786.428343][ T5313] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1786.482712][ T5313] usb 2-1: config 0 has no interfaces?
[ 1786.524292][ T5313] usb 2-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb
[ 1786.578066][ T5313] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1786.608560][ T5313] usb 2-1: Product: syz
[ 1786.612795][ T5313] usb 2-1: Manufacturer: syz
[ 1786.656369][ T5313] usb 2-1: SerialNumber: syz
[ 1786.692113][ T5313] usb 2-1: config 0 descriptor??
[ 1786.924838][T19248] input: syz0 as /devices/virtual/input/input58
[ 1787.386248][ T5313] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1787.616320][ T5313] usb 4-1: Using ep0 maxpacket: 32
[ 1787.658481][ T5313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1787.684908][ T5313] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=a4.a8
[ 1787.698674][ T5313] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1787.707745][ T5313] usb 4-1: Product: syz
[ 1787.732343][ T5313] usb 4-1: Manufacturer: syz
[ 1787.740148][ T5313] usb 4-1: SerialNumber: syz
[ 1787.780811][ T5313] usb 4-1: config 0 descriptor??
[ 1788.226446][ T5313] ath6kl: Failed to submit usb control message: -71
[ 1788.248003][ T5313] ath6kl: unable to send the bmi data to the device: -71
[ 1788.263031][ T5313] ath6kl: Unable to send get target info: -71
[ 1788.298611][ T5313] ath6kl: Failed to init ath6kl core: -71
[ 1788.307606][ T5313] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1788.398724][ T5313] usb 4-1: USB disconnect, device number 44
[ 1788.590514][ T5279] usb 2-1: USB disconnect, device number 66
[ 1789.682649][T19275] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1789.690498][T19272] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3251'.
[ 1790.001544][   T29] audit: type=1400 audit(1726819615.643:896): avc:  denied  { read write } for  pid=19264 comm="syz.0.3250" name="loop-control" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1792.706297][   T29] audit: type=1400 audit(1726819615.643:897): avc:  denied  { open } for  pid=19264 comm="syz.0.3250" path="/dev/loop-control" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1793.314575][   T29] audit: type=1400 audit(1726819618.673:898): avc:  denied  { ioctl } for  pid=19264 comm="syz.0.3250" path="/dev/loop-control" dev="devtmpfs" ino=648 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1794.635328][T19301] dlm: no locking on control device
[ 1795.864009][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1796.346304][   T29] audit: type=1400 audit(1726819622.003:899): avc:  denied  { audit_write } for  pid=19312 comm="syz.4.3264" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 1796.377286][T19313] IPVS: ovf: UDP 127.0.0.1:19999 - no destination available
[ 1796.439001][T10692] IPVS: starting estimator thread 0...
[ 1796.467963][   T29] audit: type=1107 audit(1726819622.003:900): pid=19312 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¯'
[ 1796.517340][T19318] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[ 1796.524754][T19318] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1796.580240][T19317] IPVS: using max 15 ests per chain, 36000 per kthread
[ 1796.600833][T19318] vhci_hcd vhci_hcd.0: Device attached
[ 1796.639063][T19319] vhci_hcd: connection closed
[ 1796.649257][T10915] vhci_hcd: stop threads
[ 1796.668451][T10915] vhci_hcd: release socket
[ 1796.673950][T10915] vhci_hcd: disconnect device
[ 1797.534592][ T1272] ieee802154 phy0 wpan0: encryption failed: -22
[ 1797.541303][ T1272] ieee802154 phy1 wpan1: encryption failed: -22
[ 1798.345001][T19335] trusted_key: encrypted_key: insufficient parameters specified
[ 1799.642665][T19339] input: syz0 as /devices/virtual/input/input59
[ 1799.738378][T19348] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3272'.
[ 1800.172977][ T5279] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 1800.366332][   T29] audit: type=1400 audit(1726819626.023:901): avc:  denied  { watch } for  pid=19355 comm="syz.2.3276" path="/541/blkio.bfq.sectors" dev="tmpfs" ino=2870 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1800.590154][   T29] audit: type=1400 audit(1726819626.023:902): avc:  denied  { watch_sb } for  pid=19355 comm="syz.2.3276" path="/541/blkio.bfq.sectors" dev="tmpfs" ino=2870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1804.141983][ T5279] usb 1-1: Using ep0 maxpacket: 32
[ 1807.511743][ T5279] usb 1-1: device descriptor read/all, error -71
[ 1808.255939][   T29] audit: type=1400 audit(1726819633.913:903): avc:  denied  { append } for  pid=19379 comm="syz.4.3281" name="event3" dev="devtmpfs" ino=841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1808.311143][   T29] audit: type=1400 audit(1726819633.953:904): avc:  denied  { read } for  pid=19379 comm="syz.4.3281" name="mice" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 1808.621257][   T29] audit: type=1400 audit(1726819633.953:905): avc:  denied  { open } for  pid=19379 comm="syz.4.3281" path="/dev/input/mice" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 1809.850502][T18094] Bluetooth: hci5: command 0x0406 tx timeout
[ 1810.224574][T19399] vlan0: entered promiscuous mode
[ 1810.238654][T19394] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1810.507036][T18905] usb 4-1: new low-speed USB device number 45 using dummy_hcd
[ 1810.819475][T18905] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1810.881319][T18905] usb 4-1: config 0 has too many interfaces: 234, using maximum allowed: 32
[ 1810.905624][T18905] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 234
[ 1810.927486][T18905] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 1811.042532][T18905] usb 4-1: string descriptor 0 read error: -22
[ 1811.059404][T18905] usb 4-1: New USB device found, idVendor=0009, idProduct=c2a1, bcdDevice= 0.40
[ 1811.085000][T19410] dlm: no locking on control device
[ 1811.136221][T18905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1811.180513][T18905] usb 4-1: config 0 descriptor??
[ 1811.207115][T18905] cdc_ether 4-1:0.0: probe with driver cdc_ether failed with error -22
[ 1811.489770][T19413] FAULT_INJECTION: forcing a failure.
[ 1811.489770][T19413] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1811.551173][T19413] CPU: 1 UID: 0 PID: 19413 Comm: syz.1.3289 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1811.561668][T19413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1811.571770][T19413] Call Trace:
[ 1811.575182][T19413]  <TASK>
[ 1811.578179][T19413]  dump_stack_lvl+0x16c/0x1f0
[ 1811.582885][T19413]  should_fail_ex+0x497/0x5b0
[ 1811.587596][T19413]  _copy_to_user+0x30/0xc0
[ 1811.592060][T19413]  simple_read_from_buffer+0xd0/0x160
[ 1811.597472][T19413]  proc_fail_nth_read+0x198/0x270
[ 1811.602528][T19413]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1811.608112][T19413]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1811.613689][T19413]  vfs_read+0x1ce/0xbd0
[ 1811.617887][T19413]  ? __fdget_pos+0xe8/0x170
[ 1811.622440][T19413]  ? __pfx_vfs_read+0x10/0x10
[ 1811.627145][T19413]  ? __pfx___mutex_lock+0x10/0x10
[ 1811.632198][T19413]  ? __fget_files+0x244/0x3f0
[ 1811.636933][T19413]  ksys_read+0x12f/0x260
[ 1811.641227][T19413]  ? __pfx_ksys_read+0x10/0x10
[ 1811.646467][T19413]  do_syscall_64+0xcd/0x250
[ 1811.651001][T19413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1811.656931][T19413] RIP: 0033:0x7f531c57c93c
[ 1811.661454][T19413] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 1811.681227][T19413] RSP: 002b:00007f531d34d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1811.689713][T19413] RAX: ffffffffffffffda RBX: 00007f531c735f80 RCX: 00007f531c57c93c
[ 1811.697733][T19413] RDX: 000000000000000f RSI: 00007f531d34d0a0 RDI: 0000000000000004
[ 1811.705720][T19413] RBP: 00007f531d34d090 R08: 0000000000000000 R09: 0000000000000000
[ 1811.713727][T19413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1811.721711][T19413] R13: 0000000000000000 R14: 00007f531c735f80 R15: 00007fff9548ef88
[ 1811.729709][T19413]  </TASK>
[ 1812.173922][T19420] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3290'.
[ 1813.311510][  T939] usb 4-1: USB disconnect, device number 45
[ 1815.122119][T19427] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3292'.
[ 1815.455279][T19437] erofs: (device nbd0): erofs_read_superblock: cannot find valid erofs superblock
[ 1815.566919][T19437] x_tables: duplicate underflow at hook 3
[ 1816.174901][   T29] audit: type=1400 audit(1726819641.833:906): avc:  denied  { ioctl } for  pid=19439 comm="syz.2.3296" path="socket:[77501]" dev="sockfs" ino=77501 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1816.199649][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1816.209029][T19440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3296'.
[ 1816.382194][T19446] FAULT_INJECTION: forcing a failure.
[ 1816.382194][T19446] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1816.382337][T19446] 
[ 1816.382343][T19446] ======================================================
[ 1816.382351][T19446] WARNING: possible circular locking dependency detected
[ 1816.382361][T19446] 6.11.0-syzkaller-02574-ga430d95c5efa #0 Not tainted
[ 1816.382378][T19446] ------------------------------------------------------
[ 1816.382386][T19446] syz.4.3298/19446 is trying to acquire lock:
[ 1816.382399][T19446] ffffffff8dda86f8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x12/0x70
[ 1816.382454][T19446] 
[ 1816.382454][T19446] but task is already holding lock:
[ 1816.382461][T19446] ffff8880b883eb98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1816.382525][T19446] 
[ 1816.382525][T19446] which lock already depends on the new lock.
[ 1816.382525][T19446] 
[ 1816.382532][T19446] 
[ 1816.382532][T19446] the existing dependency chain (in reverse order) is:
[ 1816.382540][T19446] 
[ 1816.382540][T19446] -> #2 (&rq->__lock){-.-.}-{2:2}:
[ 1816.382568][T19446]        _raw_spin_lock_nested+0x31/0x40
[ 1816.382604][T19446]        raw_spin_rq_lock_nested+0x29/0x130
[ 1816.382641][T19446]        task_fork_fair+0x73/0x250
[ 1816.382673][T19446]        sched_cgroup_fork+0x3cf/0x510
[ 1816.382700][T19446]        copy_process+0x439b/0x8dd0
[ 1816.382729][T19446]        kernel_clone+0xfd/0x960
[ 1816.382756][T19446]        user_mode_thread+0xb4/0xf0
[ 1816.382785][T19446]        rest_init+0x23/0x2b0
[ 1816.382811][T19446]        start_kernel+0x3e4/0x4d0
[ 1816.382847][T19446]        x86_64_start_reservations+0x18/0x30
[ 1816.382886][T19446]        x86_64_start_kernel+0xb2/0xc0
[ 1816.382923][T19446]        common_startup_64+0x13e/0x148
[ 1816.382948][T19446] 
[ 1816.382948][T19446] -> #1 (&p->pi_lock){-.-.}-{2:2}:
[ 1816.382976][T19446]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1816.383010][T19446]        try_to_wake_up+0x9a/0x13e0
[ 1816.383052][T19446]        up+0x79/0xb0
[ 1816.383073][T19446]        console_unlock+0x23e/0x290
[ 1816.383097][T19446]        vprintk_emit+0x409/0x600
[ 1816.383122][T19446]        vprintk+0x7f/0xa0
[ 1816.383147][T19446]        _printk+0xc8/0x100
[ 1816.383180][T19446]        kauditd_hold_skb+0x205/0x250
[ 1816.383213][T19446]        kauditd_send_queue+0x236/0x290
[ 1816.383244][T19446]        kauditd_thread+0x611/0xa60
[ 1816.383276][T19446]        kthread+0x2c1/0x3a0
[ 1816.383304][T19446]        ret_from_fork+0x45/0x80
[ 1816.383339][T19446]        ret_from_fork_asm+0x1a/0x30
[ 1816.383374][T19446] 
[ 1816.383374][T19446] -> #0 ((console_sem).lock){-.-.}-{2:2}:
[ 1816.383402][T19446]        __lock_acquire+0x24ed/0x3cb0
[ 1816.383438][T19446]        lock_acquire+0x1b1/0x560
[ 1816.383473][T19446]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1816.383507][T19446]        down_trylock+0x12/0x70
[ 1816.383530][T19446]        __down_trylock_console_sem+0x40/0x140
[ 1816.383567][T19446]        vprintk_emit+0x3d3/0x600
[ 1816.383591][T19446]        vprintk+0x7f/0xa0
[ 1816.383617][T19446]        _printk+0xc8/0x100
[ 1816.383649][T19446]        should_fail_ex+0x46c/0x5b0
[ 1816.383681][T19446]        strncpy_from_user+0x38/0x320
[ 1816.383708][T19446]        strncpy_from_user_nofault+0x7f/0x180
[ 1816.383735][T19446]        bpf_probe_read_compat_str+0xf1/0x170
[ 1816.383767][T19446]        bpf_prog_e42f6260c1b72fb3+0x3d/0x3f
[ 1816.383785][T19446]        bpf_trace_run4+0x245/0x5a0
[ 1816.383816][T19446]        __bpf_trace_sched_switch+0x13e/0x190
[ 1816.383840][T19446]        __traceiter_sched_switch+0x6c/0xc0
[ 1816.383876][T19446]        __schedule+0x17cf/0x5490
[ 1816.383909][T19446]        preempt_schedule_common+0x44/0xc0
[ 1816.383945][T19446]        preempt_schedule_thunk+0x1a/0x30
[ 1816.383972][T19446]        __slab_alloc.constprop.0+0x89/0xb0
[ 1816.384009][T19446]        __kmalloc_cache_noprof+0x2b4/0x300
[ 1816.384049][T19446]        assoc_array_insert+0x10a/0x3140
[ 1816.384085][T19446]        __key_link_begin+0xf5/0x260
[ 1816.384110][T19446]        key_link+0x104/0x310
[ 1816.384133][T19446]        keyctl_keyring_link+0x86/0xe0
[ 1816.384160][T19446]        __do_sys_keyctl+0x2c5/0x590
[ 1816.384190][T19446]        do_syscall_64+0xcd/0x250
[ 1816.384211][T19446]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1816.384246][T19446] 
[ 1816.384246][T19446] other info that might help us debug this:
[ 1816.384246][T19446] 
[ 1816.384253][T19446] Chain exists of:
[ 1816.384253][T19446]   (console_sem).lock --> &p->pi_lock --> &rq->__lock
[ 1816.384253][T19446] 
[ 1816.384282][T19446]  Possible unsafe locking scenario:
[ 1816.384282][T19446] 
[ 1816.384288][T19446]        CPU0                    CPU1
[ 1816.384293][T19446]        ----                    ----
[ 1816.384299][T19446]   lock(&rq->__lock);
[ 1816.384311][T19446]                                lock(&p->pi_lock);
[ 1816.384324][T19446]                                lock(&rq->__lock);
[ 1816.384338][T19446]   lock((console_sem).lock);
[ 1816.384350][T19446] 
[ 1816.384350][T19446]  *** DEADLOCK ***
[ 1816.384350][T19446] 
[ 1816.384355][T19446] 4 locks held by syz.4.3298/19446:
[ 1816.384369][T19446]  #0: ffff88801deb5ad8 (&type->lock_class){+.+.}-{3:3}, at: key_link+0xb5/0x310
[ 1816.384421][T19446]  #1: ffffffff8e72ed88 (keyring_serialise_link_lock){+.+.}-{3:3}, at: key_link+0x28c/0x310
[ 1816.384473][T19446]  #2: ffff8880b883eb98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1816.384535][T19446]  #3: ffffffff8ddba6a0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x1d6/0x5a0
[ 1816.384611][T19446] 
[ 1816.384611][T19446] stack backtrace:
[ 1816.384618][T19446] CPU: 1 UID: 0 PID: 19446 Comm: syz.4.3298 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1816.384646][T19446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1816.384660][T19446] Call Trace:
[ 1816.384669][T19446]  <TASK>
[ 1816.384678][T19446]  dump_stack_lvl+0x116/0x1f0
[ 1816.384707][T19446]  check_noncircular+0x31a/0x400
[ 1816.384743][T19446]  ? __pfx_check_noncircular+0x10/0x10
[ 1816.384778][T19446]  ? __pfx__prb_read_valid+0x10/0x10
[ 1816.384810][T19446]  ? __pfx_format_decode+0x10/0x10
[ 1816.384847][T19446]  ? lockdep_lock+0xc6/0x200
[ 1816.384875][T19446]  ? __pfx_lockdep_lock+0x10/0x10
[ 1816.384913][T19446]  __lock_acquire+0x24ed/0x3cb0
[ 1816.384957][T19446]  ? __pfx___lock_acquire+0x10/0x10
[ 1816.384998][T19446]  ? vprintk_store+0x22a/0xb70
[ 1816.385025][T19446]  lock_acquire+0x1b1/0x560
[ 1816.385065][T19446]  ? down_trylock+0x12/0x70
[ 1816.385092][T19446]  ? __pfx_lock_acquire+0x10/0x10
[ 1816.385131][T19446]  ? __pfx_mark_lock+0x10/0x10
[ 1816.385165][T19446]  ? __bfs+0x2fa/0x670
[ 1816.385194][T19446]  ? __pfx_usage_match+0x10/0x10
[ 1816.385228][T19446]  ? vprintk+0x7f/0xa0
[ 1816.385256][T19446]  _raw_spin_lock_irqsave+0x3a/0x60
[ 1816.385292][T19446]  ? down_trylock+0x12/0x70
[ 1816.385316][T19446]  down_trylock+0x12/0x70
[ 1816.385348][T19446]  __down_trylock_console_sem+0x40/0x140
[ 1816.385389][T19446]  vprintk_emit+0x3d3/0x600
[ 1816.385418][T19446]  vprintk+0x7f/0xa0
[ 1816.385449][T19446]  _printk+0xc8/0x100
[ 1816.385485][T19446]  ? __pfx__printk+0x10/0x10
[ 1816.385520][T19446]  ? ___ratelimit+0x24c/0x580
[ 1816.385551][T19446]  ? __pfx____ratelimit+0x10/0x10
[ 1816.385579][T19446]  should_fail_ex+0x46c/0x5b0
[ 1816.385614][T19446]  strncpy_from_user+0x38/0x320
[ 1816.385646][T19446]  strncpy_from_user_nofault+0x7f/0x180
[ 1816.385676][T19446]  bpf_probe_read_compat_str+0xf1/0x170
[ 1816.385710][T19446]  bpf_prog_e42f6260c1b72fb3+0x3d/0x3f
[ 1816.385730][T19446]  bpf_trace_run4+0x245/0x5a0
[ 1816.385767][T19446]  ? __pfx_bpf_trace_run4+0x10/0x10
[ 1816.385804][T19446]  ? __pfx_lock_release+0x10/0x10
[ 1816.385844][T19446]  __bpf_trace_sched_switch+0x13e/0x190
[ 1816.385870][T19446]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[ 1816.385899][T19446]  ? psi_group_change+0x631/0xde0
[ 1816.385942][T19446]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[ 1816.385990][T19446]  __traceiter_sched_switch+0x6c/0xc0
[ 1816.386031][T19446]  __schedule+0x17cf/0x5490
[ 1816.386070][T19446]  ? lock_acquire+0x1b1/0x560
[ 1816.386106][T19446]  ? find_held_lock+0x2d/0x110
[ 1816.386136][T19446]  ? ___slab_alloc+0x36d/0x1870
[ 1816.386176][T19446]  ? __pfx___schedule+0x10/0x10
[ 1816.386210][T19446]  ? mark_held_locks+0x9f/0xe0
[ 1816.386247][T19446]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1816.386287][T19446]  ? assoc_array_insert+0x10a/0x3140
[ 1816.386327][T19446]  ? preempt_schedule_thunk+0x1a/0x30
[ 1816.386351][T19446]  ? assoc_array_insert+0x10a/0x3140
[ 1816.386389][T19446]  preempt_schedule_common+0x44/0xc0
[ 1816.386429][T19446]  preempt_schedule_thunk+0x1a/0x30
[ 1816.386457][T19446]  __slab_alloc.constprop.0+0x89/0xb0
[ 1816.386498][T19446]  __kmalloc_cache_noprof+0x2b4/0x300
[ 1816.386537][T19446]  ? assoc_array_insert+0x10a/0x3140
[ 1816.386579][T19446]  assoc_array_insert+0x10a/0x3140
[ 1816.386619][T19446]  ? rcu_is_watching+0x12/0xc0
[ 1816.386657][T19446]  ? trace_contention_end+0xea/0x140
[ 1816.386697][T19446]  ? __mutex_lock+0x1a6/0x9c0
[ 1816.386724][T19446]  ? __pfx_assoc_array_insert+0x10/0x10
[ 1816.386763][T19446]  ? __pfx___mutex_lock+0x10/0x10
[ 1816.386790][T19446]  ? down_write+0x14e/0x200
[ 1816.386817][T19446]  ? __pfx_down_write+0x10/0x10
[ 1816.386847][T19446]  __key_link_begin+0xf5/0x260
[ 1816.386875][T19446]  key_link+0x104/0x310
[ 1816.386902][T19446]  ? __pfx_keyring_search_iterator+0x10/0x10
[ 1816.386929][T19446]  ? __pfx_key_link+0x10/0x10
[ 1816.386957][T19446]  ? ksys_write+0x1ab/0x260
[ 1816.386988][T19446]  keyctl_keyring_link+0x86/0xe0
[ 1816.387019][T19446]  __do_sys_keyctl+0x2c5/0x590
[ 1816.387058][T19446]  do_syscall_64+0xcd/0x250
[ 1816.387084][T19446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1816.387122][T19446] RIP: 0033:0x7f7cfd77def9
[ 1816.387140][T19446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1816.387164][T19446] RSP: 002b:00007f7cfe5ed038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1816.387186][T19446] RAX: ffffffffffffffda RBX: 00007f7cfd935f80 RCX: 00007f7cfd77def9
[ 1816.387203][T19446] RDX: 000000002816cdac RSI: 000000003a77da97 RDI: 0000000000000008
[ 1816.387220][T19446] RBP: 00007f7cfe5ed090 R08: 0000000000000000 R09: 0000000000000000
[ 1816.387235][T19446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1816.387250][T19446] R13: 0000000000000000 R14: 00007f7cfd935f80 R15: 00007ffd4ed0bd08
[ 1816.387275][T19446]  </TASK>
[ 1817.365739][T19446] CPU: 1 UID: 0 PID: 19446 Comm: syz.4.3298 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[ 1817.376248][T19446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1817.386391][T19446] Call Trace:
[ 1817.389676][T19446]  <TASK>
[ 1817.392608][T19446]  dump_stack_lvl+0x116/0x1f0
[ 1817.397313][T19446]  should_fail_ex+0x497/0x5b0
[ 1817.402023][T19446]  strncpy_from_user+0x38/0x320
[ 1817.406902][T19446]  strncpy_from_user_nofault+0x7f/0x180
[ 1817.412469][T19446]  bpf_probe_read_compat_str+0xf1/0x170
[ 1817.418041][T19446]  bpf_prog_e42f6260c1b72fb3+0x3d/0x3f
[ 1817.423509][T19446]  bpf_trace_run4+0x245/0x5a0
[ 1817.428205][T19446]  ? __pfx_bpf_trace_run4+0x10/0x10
[ 1817.433419][T19446]  ? __pfx_lock_release+0x10/0x10
[ 1817.438465][T19446]  __bpf_trace_sched_switch+0x13e/0x190
[ 1817.444037][T19446]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[ 1817.450153][T19446]  ? psi_group_change+0x631/0xde0
[ 1817.455289][T19446]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[ 1817.461989][T19446]  __traceiter_sched_switch+0x6c/0xc0
[ 1817.467398][T19446]  __schedule+0x17cf/0x5490
[ 1817.471917][T19446]  ? lock_acquire+0x1b1/0x560
[ 1817.476609][T19446]  ? find_held_lock+0x2d/0x110
[ 1817.481406][T19446]  ? ___slab_alloc+0x36d/0x1870
[ 1817.486366][T19446]  ? __pfx___schedule+0x10/0x10
[ 1817.491236][T19446]  ? mark_held_locks+0x9f/0xe0
[ 1817.496017][T19446]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1817.501241][T19446]  ? assoc_array_insert+0x10a/0x3140
[ 1817.506550][T19446]  ? preempt_schedule_thunk+0x1a/0x30
[ 1817.511930][T19446]  ? assoc_array_insert+0x10a/0x3140
[ 1817.517236][T19446]  preempt_schedule_common+0x44/0xc0
[ 1817.522544][T19446]  preempt_schedule_thunk+0x1a/0x30
[ 1817.527754][T19446]  __slab_alloc.constprop.0+0x89/0xb0
[ 1817.533146][T19446]  __kmalloc_cache_noprof+0x2b4/0x300
[ 1817.538539][T19446]  ? assoc_array_insert+0x10a/0x3140
[ 1817.543849][T19446]  assoc_array_insert+0x10a/0x3140
[ 1817.548984][T19446]  ? rcu_is_watching+0x12/0xc0
[ 1817.553772][T19446]  ? trace_contention_end+0xea/0x140
[ 1817.559077][T19446]  ? __mutex_lock+0x1a6/0x9c0
[ 1817.563767][T19446]  ? __pfx_assoc_array_insert+0x10/0x10
[ 1817.569334][T19446]  ? __pfx___mutex_lock+0x10/0x10
[ 1817.574384][T19446]  ? down_write+0x14e/0x200
[ 1817.578895][T19446]  ? __pfx_down_write+0x10/0x10
[ 1817.583780][T19446]  __key_link_begin+0xf5/0x260
[ 1817.588643][T19446]  key_link+0x104/0x310
[ 1817.592823][T19446]  ? __pfx_keyring_search_iterator+0x10/0x10
[ 1817.598810][T19446]  ? __pfx_key_link+0x10/0x10
[ 1817.603512][T19446]  ? ksys_write+0x1ab/0x260
[ 1817.608029][T19446]  keyctl_keyring_link+0x86/0xe0
[ 1817.613003][T19446]  __do_sys_keyctl+0x2c5/0x590
[ 1817.617788][T19446]  do_syscall_64+0xcd/0x250
[ 1817.622315][T19446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1817.628232][T19446] RIP: 0033:0x7f7cfd77def9
[ 1817.632651][T19446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1817.652267][T19446] RSP: 002b:00007f7cfe5ed038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1817.660687][T19446] RAX: ffffffffffffffda RBX: 00007f7cfd935f80 RCX: 00007f7cfd77def9
[ 1817.668660][T19446] RDX: 000000002816cdac RSI: 000000003a77da97 RDI: 0000000000000008
[ 1817.676632][T19446] RBP: 00007f7cfe5ed090 R08: 0000000000000000 R09: 0000000000000000
[ 1817.684608][T19446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1817.692599][T19446] R13: 0000000000000000 R14: 00007f7cfd935f80 R15: 00007ffd4ed0bd08
[ 1817.700580][T19446]  </TASK>
[ 1817.703837][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1818.032081][T19449] dlm: no locking on control device