last executing test programs:

1m6.426981253s ago: executing program 0 (id=715):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
lseek(0xffffffffffffffff, 0xf9ff100000000000, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2e, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r2, &(0x7f0000000340)=""/200, 0xc8, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000280)=0x3, 0x4)
sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000001100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001c0000000000000000000000070000004404730001000000e736f53aa500a029b4fff380b1208d2517faab10d57912ea57285a512c15273dd90873706db2ce3f1fd2709c8fca22cf77f29736f1e80045368c6d61cfefe19acae96300000000000000022fa79f00000000d114c4e16cb59c3b813222b23474ebab0566f62853"], 0x40}, 0x0)
read$char_usb(r5, &(0x7f0000000080)=""/139, 0xfdef)
listen(r3, 0x9)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

55.8615063s ago: executing program 0 (id=715):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
lseek(0xffffffffffffffff, 0xf9ff100000000000, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2e, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r2, &(0x7f0000000340)=""/200, 0xc8, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000280)=0x3, 0x4)
sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000001100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001c0000000000000000000000070000004404730001000000e736f53aa500a029b4fff380b1208d2517faab10d57912ea57285a512c15273dd90873706db2ce3f1fd2709c8fca22cf77f29736f1e80045368c6d61cfefe19acae96300000000000000022fa79f00000000d114c4e16cb59c3b813222b23474ebab0566f62853"], 0x40}, 0x0)
read$char_usb(r5, &(0x7f0000000080)=""/139, 0xfdef)
listen(r3, 0x9)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

44.91210321s ago: executing program 0 (id=715):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
lseek(0xffffffffffffffff, 0xf9ff100000000000, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2e, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r2, &(0x7f0000000340)=""/200, 0xc8, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000280)=0x3, 0x4)
sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000001100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001c0000000000000000000000070000004404730001000000e736f53aa500a029b4fff380b1208d2517faab10d57912ea57285a512c15273dd90873706db2ce3f1fd2709c8fca22cf77f29736f1e80045368c6d61cfefe19acae96300000000000000022fa79f00000000d114c4e16cb59c3b813222b23474ebab0566f62853"], 0x40}, 0x0)
read$char_usb(r5, &(0x7f0000000080)=""/139, 0xfdef)
listen(r3, 0x9)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

31.542960914s ago: executing program 0 (id=715):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
lseek(0xffffffffffffffff, 0xf9ff100000000000, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2e, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r2, &(0x7f0000000340)=""/200, 0xc8, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000280)=0x3, 0x4)
sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000001100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001c0000000000000000000000070000004404730001000000e736f53aa500a029b4fff380b1208d2517faab10d57912ea57285a512c15273dd90873706db2ce3f1fd2709c8fca22cf77f29736f1e80045368c6d61cfefe19acae96300000000000000022fa79f00000000d114c4e16cb59c3b813222b23474ebab0566f62853"], 0x40}, 0x0)
read$char_usb(r5, &(0x7f0000000080)=""/139, 0xfdef)
listen(r3, 0x9)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

17.28931933s ago: executing program 0 (id=715):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
lseek(0xffffffffffffffff, 0xf9ff100000000000, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2e, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r2, &(0x7f0000000340)=""/200, 0xc8, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000280)=0x3, 0x4)
sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000001100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001c0000000000000000000000070000004404730001000000e736f53aa500a029b4fff380b1208d2517faab10d57912ea57285a512c15273dd90873706db2ce3f1fd2709c8fca22cf77f29736f1e80045368c6d61cfefe19acae96300000000000000022fa79f00000000d114c4e16cb59c3b813222b23474ebab0566f62853"], 0x40}, 0x0)
read$char_usb(r5, &(0x7f0000000080)=""/139, 0xfdef)
listen(r3, 0x9)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

9.16138651s ago: executing program 4 (id=1113):
openat(0xffffffffffffff9c, 0x0, 0x20842, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
read$FUSE(r0, &(0x7f0000004dc0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r3, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(r1, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x3, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_clone(0x9a05d480, 0x0, 0x57, 0x0, 0x0, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.kill\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000400)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r6, 0x0, r8, 0x0, 0x88000cc, 0x0)
fcntl$setpipe(r7, 0x407, 0x100004)
write$eventfd(r7, &(0x7f0000000240), 0xffffff14)
sendmsg$nl_route_sched(r5, 0x0, 0x2400c800)
write$6lowpan_control(r4, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
r9 = inotify_init1(0x80800)
r10 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r10, 0x29, 0x1000000000021, 0x0, 0x0)
inotify_add_watch(r9, &(0x7f0000000180)='./control\x00', 0x64000ba6)

8.999855871s ago: executing program 2 (id=1115):
r0 = socket$packet(0x11, 0x3, 0x300) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000340))
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) (async)
ioctl$TUNSETOWNER(0xffffffffffffffff, 0x400454cc, 0xee00)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async, rerun: 32)
r1 = getpid() (rerun: 32)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}) (rerun: 64)
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async)
r5 = semget$private(0x0, 0x4, 0x29b)
semop(r5, &(0x7f0000000180)=[{0x4}], 0x1)
semctl$SETALL(r5, 0x0, 0x11, &(0x7f0000000000))
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, 0x0, 0x0) (async)
write$RDMA_USER_CM_CMD_LISTEN(r4, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r6}}, 0x10) (async)
write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000180)={0x1, 0x10, 0xfa00, {&(0x7f0000000140), r6}}, 0x18) (async)
prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000003000/0x1000)=nil)

8.95869811s ago: executing program 1 (id=1116):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2}, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000180)={0x20, r0, 0x1, 0x70bd26, 0x0, {{0x2}, {@void, @val={0xc, 0x99, {0x9, 0x74}}}}}, 0x20}}, 0x20000000)

8.621826605s ago: executing program 1 (id=1117):
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8918, &(0x7f0000000480)={'veth1_macvtap\x00', {0x2, 0x80, @multicast1}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000300)=0xc)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f)
syz_open_procfs$userns(0x0, &(0x7f0000000800))
socket$kcm(0x11, 0x3, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0))
read$dsp(r3, &(0x7f00000001c0)=""/95, 0x2)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x1000, &(0x7f0000000340)=""/239)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d000000140000"], 0xa8}}, 0x80)

8.441602206s ago: executing program 2 (id=1118):
r0 = socket(0x28, 0x5, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x1c, 0x15, 0xc3, 0x8, 0x2040, 0x9301, 0xe4fb, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9a, 0xf0, 0x3}}]}}]}}, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)=<r1=>0x0)
syz_open_procfs(r1, &(0x7f0000000080)='net/protocols\x00')
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)

8.232638485s ago: executing program 4 (id=1119):
r0 = socket(0xf, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
socket(0xb, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r4, 0x0, 0x0, 0x20004041, 0x0, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r5)
ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0xf34)
recvfrom(r4, &(0x7f0000000040)=""/77, 0x4d, 0x20000100, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0)
syz_clone3(0x0, 0x0)
unshare(0x22020600)

7.91432247s ago: executing program 3 (id=1120):
semop(0x0, &(0x7f0000000180), 0x0)
semctl$SEM_INFO(0x0, 0x3, 0x13, &(0x7f0000000240)=""/138)
preadv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f00000000c0)=""/125, 0x7d}, {&(0x7f0000000400)=""/150, 0x96}, {&(0x7f0000000180)=""/10, 0xa}, {&(0x7f0000000300)=""/85, 0x55}, {&(0x7f0000000200)=""/19, 0x13}, {&(0x7f0000000500)=""/227, 0xe3}, {&(0x7f0000000600)=""/33, 0x21}, {&(0x7f0000000640)=""/117, 0x75}], 0x8, 0x114e, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000001c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = inotify_init()
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000000)={0x80, 0x7fff, 0x8000000, 0x3d3, 0x0, 0x10000000})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x8)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000380), 0xce4}, 0x38)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01032757c38d085641a7260000000c000180080003"], 0x20}, 0x1, 0x0, 0x0, 0x24048055}, 0x0)
ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x9)
timerfd_gettime(0xffffffffffffffff, 0x0)
r6 = socket(0x2a, 0x2, 0x0)
ioctl$SIOCSIFMTU(r6, 0x541b, 0x0)

7.44499367s ago: executing program 1 (id=1121):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x31}}, 0x1c)
syz_emit_vhci(0x0, 0x7)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x7, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7d}, 0x94)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b05, &(0x7f00000004c0)={'wlan0\x00'})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x16d0, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x2, 0xfff3}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x169c, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}, @TCA_MATCHALL_ACT={0x1688, 0x2, [@m_bpf={0x17c, 0x4, 0x0, 0x0, {{0x8}, {0x64, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS={0x1c, 0x4, [{0x966, 0x2, 0x7, 0x7}, {0xb, 0x10, 0x3, 0x4}, {0x517d, 0x1, 0xff, 0xc474}]}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x8}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x2}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x3}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x4, 0x2, 0x7, 0x5}}]}, {0xf2, 0x6, "a134956b94240d8f36ebf478c747bb9a7306008af2def28f081f993598cc19eaee4b1a61a1602cc84c2c3dd64878a550a0544be9abf1e7c854fc79a291d7a4c21f59b43cde8b2093f84b7fe2dc71880ba8f38b07bcef9ee60140ad952dd34f2327cba3ca62994f2dffd827ff04b2c74cb25318b86773f0d3e69be174772ee10e7d3eabaafe73e5491d7695e63e293e89d51e114334a3451452675870578777624c6c893ff1005e8beb682d18b38bf5e9b6acfcd850e053452efbc3dcc925494d7ebddcf9193d9e5191b22e887e8004b876ec7daf92be4969bb344a414eb476e3d78b99535372476387470c2e9fc2"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_gact={0x11c, 0xb, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x8f, 0xfffffe01, 0x1, 0x8, 0x9}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x8e1, 0x3}}]}, {0xcb, 0x6, "e4a679b83abb4bea86e3ac04c5db595fafbc6f0acbb1c52244a30428234632a53c8ade0db13c1dcc90be1be9862915c4486ea7accdd6fdf484db7cc681f40c6b3302ad740abc3da5ac2c4ae28cdca9142b4776d6f4893a0127fdd1cb96a4aec139d36899d0af38e9a1701e40a3f3191b3be27a3a02e66bece547ef4bdb45bc82f0636a9dce7952d5145acecf8327e19b037454c0a16fdf84057760400caa5be62ec61ec67de44e352c51fff367acc6104a733cc99b01d1c328c23b9f39892dcd4f13af4be4fceb"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0x134, 0x9, 0x0, 0x0, {{0xf}, {0x90, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x9, 0x6, 0x5, 0x8, 0xe7}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x3ff}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e21}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @private1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}]}, {0x78, 0x6, "799b82f19d1d19caf21dce022e2d8e1a9ed260d61ad6e7bdb933b0d171e8dc7a245049faa4ec45190d20c542fd2adfb2b214274a8cb2a7651bb36da6296b3207243f368adceb5c94c4799c405df27697d921a37b086a9bfc66f7f299612d09c0f505ba5d0a633e733a048b856ef155aad986e54b"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_skbmod={0x12c, 0x14, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6}, @TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}, @TCA_SKBMOD_DMAC={0xa, 0x3, @random="2fc6767eef25"}]}, {0xdd, 0x6, "634c0802cabdda8954e7ee6696b79a4be345eaf569b27fc27a44bc90fe8819a87fffddd0851e866b6e42f5bf1fd18fa2d59af5ee07193fe975667396a7cc82400a5a9ddb23472e8e3a8c76affc048b0f23aedd9c9ccaf328ec365e457ba51a20d07c93dc30c8ef2d39683c18f2b319b4da12f916235756265486d63ff91a6bf0c5af54cb80de75b0005c177b5fd9e184bf6993c7e4af577e565a5d372fa65b960a5f882c8d8a200e3d78e0451060352edffe468c4b056a1601e9441d575ed54892b3a9baac1b1d9404a4eadcd307f3264799df675e22ec8e02"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0x1078, 0x7, 0x0, 0x0, {{0x8}, {0x50, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @remote}, @TCA_IFE_METALST={0x30, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x8, 0x3, @val=0x10000}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8}]}, @TCA_IFE_METALST={0x10, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}]}, {0x1004, 0x6, "9032bbdd7c66a46d940673b64d72e44bd0937f028b44097978b4e5958369aea1698b2f27cc4613aacbabdf05047472a79840d47f760a25c3134a552a8af933b0201d84a713af505f82147e1d90941741e097304502dd526be015c9c2a249025a88e3819b4f1cbb152aa122b323e62403bafd294d40b278ed6d0de9277892f461cac4c6ff06676ef8a52216c8c99796c2ba408a760d4d49e49043bc490fdb4e491d6cf7216360d165bd10968249eff73a2bc2a12496436b5aa71392c260d88df006a8f2fe45c789076db088d3d4448027e9ab5b3aada344d44dcd8d74caacc3cb719b73b98ee2754b60a879e085bb60e05adbd62953fab32ce31e352f6dc1f690a8f5b8a9adda2d72141aab9b8ffee6615106982f74243327ae9e61119170b913d90b1ff5b2874894899b62c2322033a2ca55c28d6d48eb2dcb9b2873e2343d61d4d1a9109868be3f78ed5c4e40ae5089d775a35ae60ccabc4f48c4d3e910728cf1e0f347c061b734f0a07e5d8a87f95ad9df3edfd27fc316ab3400abe0b1714412f8760a925112ae1c4d0b2fb3c3975e77cbae0b1d5ec6444038d6bf8375b2b356bee57553e1543d0ad7dc9cb06efe3bd8205ae6d3b8956dcd122a1967d970f0d8f3946147d9d7f35e834dc9a892cf2e92aed4dfe62a0749746e34b11212458f034c80a4602e15b0eeceb8d005521754822b8e9cda090a252f89a69a632d9f063bc65baf01d0c862269b32a7f02d006937bacd52817dc63ab9b8287a9ec6c37c6cadd2747064989d691a6642178358009fa5336cb2639b0dc97e2cb47093b894343719bdb881828a631d38644aec71c4d788c0646c7bda03501e8e531a6315e1bb935220c18b7a5fc3c3ff1146cd5b431f70e37f8bcadb2fe8d53602c7392963e508060a26e62a8ec28b3a052052580985e678ec15b81526f871779628e674b87bfb72c1ba6ebe4958bf5666549ab6924a8703e752a64c3553d49a7fe6b3c8871f5abba9038fcdbf0ef0c54d008cdc2bee0240d514c0c7450047aac55c9cf399f359aedb475523ad6c8b37fe48a8d4ffd08dc38ef1aa12a5f3ab18c8ac539c34c17a4cf1fdac6ec736c50bf08a5b67cbc8ddeaf1f26d2a7076b85e92807e1e071129b9131a0a8533eb428bfdbf1eeeac27c7e78017b539e56bf68f31efda4fc99c135ec24f27aefcb6425eb270d07312700a606db76bae66a9984da526407c19b98f316d3f9aedee1efcba1e5101c567e854c3c645f4b328fe24d49182ffe1354e3f659506d45f64cb4b986922fadcf4b8a79674521214f52aeafe1c3a5db42ddb2ef71155d4f88d1455c0b74479704b2d1f5659ce852a0d911d933f77c627a8733dcec34809da3dd6d2312506df0da2665d3a8e29c7a678f30f9ba5ff71d1ee23640dd326276ee4920c775d88f4fa6b65a164cb3a0d9964e5424bbb73fa5c2bbdb603166f46e71d7dd047c936ab8f75541b6120a9921a3bda60df73c9fb4c40be5c3f32cbca6088f3c38206254fadb0b5e509a03e2154faa220f39e0f04aef1f9a86b47af2c6527b424c79583062fd1f52ab038cb594ddd855dddc2df0fd7afd8cbb9613e80cdd401db403ed327aab4d487e2b2ea06d4a7a6477758e5147d3114bbc9332bdd921c436467eb14da0080da82ab18f9a2e228e3f7ff08fcda8f102bd2654ff5d59c7812624f4909ab228bb59b93638c2fd848aba3a8db1b5a5b2cdf804017e548e5edd0912ed90dd309461956bd5a8e2439c3130cd4f85e2f43f3aa6d676175535568042e15bcf8577b57d59c51228c3b4d675509a2a044fdac7666d8621f39f857f2243ba99f562a8da6b2c19d55bcbc7c3af1184f2e7cff32aed010c564b07752282ba0addfffa5263a42ff3153f3930f60d09e89dea318e9a00963c150f661cec085d91e3b47e4047e7fbd375df1c1d259d3ccec74e8203bf04c421cade53a2183a3914d681e47da9f8cc3bcacce69f1448d606ec0bcf12ebbde8d9bfcbd6f3ac0ea32443676d3c1a5f8fb3be1e964c2fe12d39656c563a49d933945fa40a89e986b42a970d96fedff1a8b401dbaa43b46106008768a86c5dc1be608d3fd7a1ef64566c1fadce0c24381a247850c9871e312a522b1d9ee0958857eecc32eed88040eab76f7f33b23fc9a41e1b9738a488053024b4f1aac855686ccada6f784c961bc16c1e71ab448da96bc3231a56406e80fb77b20667dd200e48085e65f97fa520c233d560e8aa1980b0a9fee2b56f04638c745ac51d1944a9f50d2587a6277a26d48fb12d39e834e416d2ffb5e8fc5b402d1959136a30fc23582d3a6a4d9df502a1a96231f7895900bad63c640ff76fbe3820416636a8799fccbf688762ef2e5070f66931069a1e4a1e72dd91e1169dce0ddd0543b25c5bb4d6443ea0e4e8b7622da68195df53599c8447210548d8524f54905897fb01ec6cad4ec7e9d88783d21519edb9d343a9964fd99f3dad221c53ebcbea70f5a11d6fe4ad672629eb4b5487990368bda6fe4da3197e56611156cfc0eb372d2824b4eceff90d78f10025be2a34c54fb3c373af2192f3ad6cfcd750565f1dc4175e0285ad6d417798a52d7793e9188f46fc4eb56a1da130a985a0d5fe11b9c85517d4c05736b154181bff4744d843e04cc2869e6f0725f94c7c9cdab10e8400f8014ea26a48c68f3b582e9f0ab71ebbbc349c183d2d890632014d06979481322522665a1d011133d9228a29b906104bc8aa5ca982e1ee91b868fc28390ee09acf90aab476238233aecd2efb6ff1917383fa4447985c235ace1a85e430e4f513a98e581dce4f1574b761129b543b123d15a50aa8a8780bbe78fcc069d8f125acdccef1827fffa566314930cf783f2357ad0ff0ad2392cbfd6259cc788ded0569a3078021d1f2cd88d05a980aea57e8de2bf8166da0e1d4b7bca5613bbeb19d6dac0195221faed2db4f5c512dbc65fcebd03b862caa15be0b0eb6d647c9cef6b76fdc84a6a43650900939d68b9d5d80ed7a94d188ee72ddf9f8a0112f7bf9d9eea8923ae3594976ae35e2985e36df702f4585aaaa759d531cdfa9e92a16bccd7688ec42d4109b938275d7220f3a7d0569dc4eb327040bf3d692dd86169e13db3d651d4451b6b87984b9228fd0b7fa3c1a82f474c18765d96b300a0d4c14b904fba4702d9c74c2c660f8b31d279d9316fc9cf28f12f3faa3256c171f4abba59158e59f44c76810ff7eada74d415032322c46fb0900055d81868cdf073e9c8d72e5a408c4d6f16243a0e619bbea2f1f82d4bd0ca40478f30806613299fc9b32ffe3d01864c3ac78dbad3f407786459c7b60b145a7d50baeec700d6ba04cf996d6e28cedab7ada113bd7e64a0b5de0cd37b46e5e1a27b0228cb1a15ff99766d48aa9123f81b181ebebcefa2e5e4b6431498db22c415c865ce6e39b0d32eead54a3977d580b4817b704fbc1fd118d033f3c0472d791acf1c1cc4d0826bd1020f4456a81b10f0a5dc5600bf29214daeee204280febabb368ecb1c601560d40df3bfb241bd1a6ef0a5df514c36ea908032374c13040886ab9fdd8f87235c9b4cc2ed54c1f035c9c24053e7c57f630d850dbf169f34238d7b946a2a7d7a9cf765030dcf1bcf1af7f3387912053abca77203df0f6dfe8405d2314bd01bb7c0dfcdf14332c53152a62438e67bf6773cdfe27bd700588dac10d3bb82754a9ffaa50777b49483fb2d827c4a1151db93e2b287c1cee83f28d8acf1d961e9e21b2b2994ae636dabbee8fec2a7dab6d0c496ae3ff5fa2b6a1289d32a3569398646b5a1cfcf1aee58f475e510b5938263ffc3aef54aa3073d30384b55dc5c203a29844db4c09e6abe0f77e35e34261c576eea24a7db1e1cfff5339ed8d2bbf58bc03c190c4b8c0acca3adf050cdf8ae7a899a434105f6b40a9b68c1c7c6d7ad4beac88bfc4d099fdbd7324a8f65d705edf9444f421c198a19ac22a50a817ebc159ee0cdefc3c0956774793ff8022db6bda677a77608c5b6ff631b336e50ce2d13a50f7df203539a5770d74c52fe985b5c4d8a3ab9ff600d01ee2281e6cf6b3d3d686ce8993c9165594cda2291e2b36d4fbe7310a92b997904338c2dd85463791ecc06cc7b5ef02929cc7548c315136f4b7edace1b8cdcae3e75fe2f8ef22841caf96360626ef3372cf15fc49ab8f03d2e8ebe1afb96862603b371c5a0fe7d93581e03924863b8cbd617e8e5ec699adb85dbdf6359873be5509fb1f2e586ff413257076191ef85af3ff8114cbd968eab9770a4f25d20e4672d90b975561e3c315f4db885188b3e6e8a8b50e93d381693cc1c0399bff00d51cd54f20167ab29a88758cb465f8672c1a6299dc78260823de637eb8fbb0f064094222fafcdc41e8ecb1d7a859b36ba077319d20cd94ea21b63fd3690b02a50669e5ff683eb2f8e1f7eb8e8d6fda65421fd37b8e5c239b731bca176f1f5595330997dd956b7fc0d31e7ecb6d813b6fab4481e2b7f65516769b4db7479cf5a6e5e27aed148790fe62f260c5ea7bf5ebea1e0901c2368746e1fb907d846db396e4bc5d80232801d2d3adc2833c691b02b09213036ee10b24f59263ad18a54174cf8f3aec4d9be4d537df6b1057311bdf5e7a3399e749ac03dd006c90646578b1bf0c2c9cb3c8127d015f14d1274c1770f3d5ca276c92ae9a1a03023fbadd0bc937b9fc2d6a6c5995951bd516ab7595e5acc60443850358ec88016727d72217da272b6dac8759a3d560dfe2250f8db481ad2e441137f7dc57298186661bb8a91eac5a2dbdb9ad2b0fbee052c8932ddbaca2b3ed0aa85e8c2347b19c3082af316316dce20ddc26640f6cccf9d6e66b4b6efbba512bcd258e5b3cbd75f942de1d96cf918645299d0347f7b0ec459667d22f5c5cefffa2446126a427cb14617a71f6cc090031202f2d4b2ac8825ef72826c9fc798a0fb9415338a7df95038dcf12a2a2f3cad5e0e43742c6d262d064ce9444075c469f687efd2bd9ffbd17f2000ee6c345da1692d67c30208c96a2968b44ac347e2218e65f47264fea4af670d0b489e12f0cd6717c7a87cfabf33b644108887699387a7c30f5f74de2c9db4c43f9543ab6c12371ed735d0fbd81dd30e62a72de26bc826860c29e8ee7ea314ad18bfaf47639db66a9eb9f6d2e6d0ec7a47c9007451f3c418d2e844c80b08c54823ea0b978031d21231116bbcd4e40967b166d8d7976be85f23e97edc03ba2c2a75bbf783ded5c2899677737fe951e430639be0e012ea702be87250e37845540991cd899425c483e553d532e8fb658743bdfb4169f848e8d43ba9056f4dfe17e5ccd69d384572f6b29122647269af294c93ebdf734e682dc460abdde0499aa6d6a757a2682395b17096d501e4ab59783e7fbe904cc479c5d2a1d6e3bb0fa2b005a123968920e4540f8322ac4127d876f9be3652bf4327bb78c91701a23590be0a5b5c807b185761661163dc6b8f3211c681357ce6e40a86d1df1505d6c4de642b9a7d98f0ab3604a8addc3fda3b9017d62528fc0be9da67e1533f5a27f5e27dbc36db449f3727998ab22c39011975c01fa67db66bdbb88108a0f992812e52572be553d98fb15fe1829d7af67cfe54b30772908ddbc5f1553f4e09108be64b0d6ec24e6183bbee8442dce461560f017831c35bf9c865d04a6ca888514bab03907b5aee68108ad50a4f143176d50cbb64cc9bbb91434b01444f9844ee3bd1fedc0a2600e5f7d7a002fdf9df26eca4a20024f99c1c71671db9f88301187e95f2701f5eeb7f204fd67cb7a654826be0ff15337140eb2e2a1b7869"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_csum={0x114, 0xa, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x80000000, 0x85, 0xffffffffffffffff, 0xfffffffd, 0xe82}, 0x25}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x5, 0x10000000, 0x8}, 0x7d}}]}, {0xb0, 0x6, "8668751f1302ccc622d8f1797c5bf3f845dcf65bd2c55437c2c3b2768006572b21ac6c5ed5499b1ccef279f937e27b7d13452630b56b41e132c6ff7c72342e38920e798f38e6da87933f6f180d8adbc70bc4d78db62e40a606e1f8e147ccea7049c29e31f8ab92f283304236eb030dcdb5ea13e41d362e1ba055776837aab861acc3cf6af7e5e2090f7930a120ce098ba7800955baad4853025bb4f69b6696aac9d5cec1761285fff203f5da"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x8577df398f95085d}}}}]}]}}]}, 0x16d0}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x3d, &(0x7f0000000600)=""/161, &(0x7f00000002c0)=0xa1)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f00000006c0)={0x180, 0x7, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x89}]}, @NFTA_RULE_USERDATA={0xffffffffffffffaf, 0x7, 0x1, 0x0, "7438ea2aaf6979ca088c4564510fbcc2930062284a429cef2fb06fb58030eb8be9e21df0322e65858e5ebc2af23488d9163bb8d8e55ae19ff0617c26f5d1950c3f32a7caf3aa96e30129a11ac9d3554f2c6495625a158750d2d4561ea16284a2cd5dd6221613617de9286524e77f7dff509e00b01c3ac686da3889fcb6864aca883ffb3b4adeb8d139b444b716184931f1e6d6bc73d223d7ab62b255186961fd463a5b1eb4dc964f9bb36887ce63eda171674740f363eb7b187a0897877d4139d285cf45e839f111a1fc8ebf4d4115a114779bf2354a0520e332e30edfcce0fd81bf08d1973de7148a3d45f2f7a75c0bbe8d145128c65c829a59293d9c486af4"}, @NFTA_RULE_COMPAT={0x54, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x21}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_FLAGS={0xfffffffffffffc60, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x19}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8100}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x2}]}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}]}, 0x180}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1e, 0xc, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x4, 0x5}, {0x6, 0x7f36}, {0x8, 0x70}, {0x3, 0xf}, {0xa, 0xff}, {0x6, 0x589}, {0x8, 0x7}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x5}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

5.955622221s ago: executing program 2 (id=1122):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0100000007", @ANYRES32], 0x50)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = gettid()
timer_create(0x4, &(0x7f00000003c0)={0x0, 0xb, 0x800000000004, @thr={0x0, &(0x7f0000000400)="08ab2d45647f7b5848916576f58c8fb18604fde751903697fdc14b78ac72720ea5d2d56312e1"}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="6d61783d30303030573e2b67ee3030303030"])
splice(0xffffffffffffffff, 0x0, r4, 0x0, 0x3, 0x8)
mount$cgroup(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x10012, 0x0)
timer_gettime(0x0, &(0x7f00000001c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r6=>0x0, <r7=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="4000000010000104fcfffffffeffffff00000000", @ANYRES32=0x0, @ANYBLOB="900802003e71d8ea20000e00010069703665727370616e000000a3fd02800600020000100000470a0120e21a931a363ee77acdd922b54a695bcdead45c2e2376d4"], 0x40}, 0x1, 0x0, 0x0, 0x48001}, 0x40000c0)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{r6, r7+60000000}, {0x0, 0x989680}}, 0x0)
ioprio_set$pid(0x1, r5, 0x2004)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})

5.262965882s ago: executing program 4 (id=1123):
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x7a, 0xdd, 0x15, 0x20, 0x545, 0x8080, 0x301, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa1, 0xc3, 0x85}}]}}]}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x1, 0x0)
fchdir(r0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x4e23, @empty}, {0x20000010304, @broadcast}, 0xc, {0x2, 0x4e20, @rand_addr=0x64010101}})
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x42200, 0x0)

5.074277216s ago: executing program 3 (id=1124):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f0000003c40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="e03f00001000010026bd7000ffdbdf25706362632866"], 0xe0}, 0x1, 0x0, 0x0, 0x2000c010}, 0x24040080)

5.007535737s ago: executing program 2 (id=1125):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000000c0)={0x2, 'veth1_virt_wifi\x00'}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0xfffffffffffffffe, 0x0)
read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8)
r2 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r2, &(0x7f0000003100)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
eventfd(0x3c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$video(0x0, 0xa7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
close(0x3)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x4, 0x7f, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x13, &(0x7f0000000500)=@raw=[@map_val={0x18, 0x0, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x4b7d}, @exit, @call={0x85, 0x0, 0x0, 0xb5}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x7}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xcc5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}], &(0x7f0000000140)='GPL\x00', 0x3, 0x3b, &(0x7f00000005c0)=""/59, 0x41100, 0x62, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000800)={0x3, 0x7, 0x9, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7166c735de1815"])
openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd)
newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x0)
quotactl_fd$Q_GETQUOTA(r3, 0xffffffff80000700, r5, &(0x7f00000001c0))
sendmmsg$inet(r2, 0x0, 0x0, 0x0)

4.846038232s ago: executing program 3 (id=1126):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x68, 0xfffffe0000000001, 0xfa11, 0x315}, 0x0)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
r3 = syz_open_dev$ndb(&(0x7f0000000240), 0x0, 0x680)
ioctl$NBD_SET_BLKSIZE(r3, 0xab01, 0x5)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r2, 0x0, 0x0, 0x800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil)
syz_open_dev$video4linux(&(0x7f0000000c80), 0x200007, 0x8482)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000fffffbff00000000000080a0affd2f7bc2abc9addd6105fba3e29d42136987b6dc41dc5fa7dd57c621a47d0ee9c8d4c5"], 0x48)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CHANGE_FD(r5, 0xc040128b, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00002b2000/0x1000)=nil, &(0x7f00005ce000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000922000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f000014a000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, r1}, 0x68)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000002080)={0xc, {"a2e3ad204fc752f91b5d34f70b06d038e7ff7fc6e5539b325d098b089b3b08381a090890e0878f0e1ac6e7049b3344959b5d9a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0636cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08c4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e800ba9abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40d4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889632b3570243f989cce3803f465e41e610c2021d653a5520094ec79553299388b0000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c2d88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b19bb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0545359bafffa45237f104b98110403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae2d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e709000000000000004fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83000000000000010058b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff7544130700000000000000f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc6c71737b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f9354b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c558069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e0090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c73144f8e4a737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c10613d17ca51075f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb401000000608d6f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655bff4801784c416b22f73d32d678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d7000bdbfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f4820000000000000900a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2e0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15f2dbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af500ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x100f}}, 0x1006)

4.417050962s ago: executing program 0 (id=715):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
lseek(0xffffffffffffffff, 0xf9ff100000000000, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2e, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r2, &(0x7f0000000340)=""/200, 0xc8, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x3f, &(0x7f0000000280)=0x3, 0x4)
sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000001100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001c0000000000000000000000070000004404730001000000e736f53aa500a029b4fff380b1208d2517faab10d57912ea57285a512c15273dd90873706db2ce3f1fd2709c8fca22cf77f29736f1e80045368c6d61cfefe19acae96300000000000000022fa79f00000000d114c4e16cb59c3b813222b23474ebab0566f62853"], 0x40}, 0x0)
read$char_usb(r5, &(0x7f0000000080)=""/139, 0xfdef)
listen(r3, 0x9)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)

2.747945806s ago: executing program 1 (id=1127):
creat(&(0x7f0000000080)='./file0\x00', 0x140)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x5)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x101200)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xd7bdbc4726bc46a5)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0xff24)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x1)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x2}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x1})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, 0xffffffffffffffff, 0x1})

2.746340905s ago: executing program 2 (id=1128):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r2, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f0000001180)=""/109, 0xfffffffffffffffb, 0x0, 0x0, 0x2}}, 0x48)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="070000000400000000070000000700002c"], 0x50)

2.744954654s ago: executing program 3 (id=1129):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r2=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={r2, 0x4}, 0x8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400001023000103281cc98b45dbdf2506"], 0x14}, 0x1, 0x8000000000000, 0x0, 0x1000c094}, 0x8004)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000200)={r2, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}}}, 0x84)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
pivot_root(0x0, 0x0)
request_key(&(0x7f0000000040)='dns_resolver\x00', 0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000004c00)=""/102392, 0x18ff8)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x5}]})
close_range(r5, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000480)='-\t:\xfd\xff\xff\xff\xff\xff\xff$\xdcG|\xbd1\xc2\xb1\x00\xadSP\xb3\xc9\x9c\x9d\xd2\x1f,\xc6\xea\x1fj\xac\xa35\x86\xe5\xechC\x0fz\'\xa9\xb3\x86\r&\"\xe6\xc8\x13\xc3e\xdf\x1bh\x031\xda\x1bNG\xac\xf3O\x02\x83\x96', 0x5)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff0000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x2000)=nil, 0x0}, 0x68)
syz_io_uring_setup(0x2, &(0x7f0000000040)={0x0, 0x800389b, 0xc000, 0x1, 0x323}, 0x0, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, 0x0, 0x106, 0x9}}, 0x20)

2.744166634s ago: executing program 4 (id=1130):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb709}, 0x94)
socket$packet(0x11, 0x2, 0x300)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8}, 0x0)
ptrace$ARCH_MAP_VDSO_X32(0x1e, 0x0, 0xba, 0x2001)
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newchain={0x2c, 0x64, 0x4, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xc, 0x7}, {0xfff1, 0x8}, {0x6, 0xc}}, [@TCA_RATE={0x6, 0x5, {0x3, 0xe1}}]}, 0x2c}}, 0x44011)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x50, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x24, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x101, 0x400}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x7fffffff}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x8d, r3, 0x4}, 0xc)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r8, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r8, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @private2}, 0x1c)
shutdown(r8, 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x1}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)

1.45908421s ago: executing program 1 (id=1131):
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75700700000046a678510d9fafe60854b1b2977acec722d4a8ad723dd3054e5bb184e940e834f17c4762f4978ce0f7a02ef97a2299441ad67065d49498a48ff43f12b2befe4e7209b01a8fb833cb4c8a2aecc06390440e0000", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x1, 0x0, 0x6}}, 0x28)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setrlimit(0x7, &(0x7f0000000200)={0x5, 0xb})
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x7, 0x1}}, 0x20)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

1.36199263s ago: executing program 3 (id=1132):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCFLSH(r0, 0x4b63, 0x3)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @empty}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4)

1.357909636s ago: executing program 4 (id=1133):
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x141842, 0x8)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x0, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000002c0)=0x1)
ioctl$FS_IOC_RESVSP(r4, 0x89f1, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="3b1c1b2098f0bc154c9778a9229a", 0xe)
sched_setaffinity(0x0, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x2d)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="ca02016eba2d52b5f2ac03cc9f38f9d9", 0x10)
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000018, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r9 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r9, 0x105, 0x5000003a, r0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

1.263117595s ago: executing program 1 (id=1134):
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x6, 0x200)
readv(r0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/243, 0xf3}], 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x20000, 0x6, 0x1000002, 0x0, 0x5, "d52c2000000102000300ecffffff0100"})
r2 = syz_open_pts(r1, 0x0)
dup(r2)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000040))
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000004c00)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSF2(r5, 0x402c542d, &(0x7f0000000140)={0xffff0000, 0x6, 0x9, 0x2, 0x7, "d171a6100600000009e49200", 0x802046, 0x200068e})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x212001, 0x0)
listen(r4, 0xf)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="12000000070000000400", @ANYBLOB="5a9ce97ca6bb6fb4caaa087df785f5233879ffb86468fe6a7be85a9594369e3e1e0b090556290186a14590d6405481b7ce4844d81a03230212bf86bb6d2348ed0da06ada63bfed6c551d9ebe5cdca44afbff5473eca0f2ab5754dc75044b9faefe2ca9d7975c", @ANYBLOB="00ffffffe900000005000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r4], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)}, 0xe}], 0x2, 0x0, 0x0)
unshare(0x20000400)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r6, 0xe)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1.0539545s ago: executing program 3 (id=1135):
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x4, 0x6}})
r0 = open_tree(0xffffffffffffff9c, 0x0, 0x89901)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000980)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_BMAP(r1, &(0x7f0000000300)={0x18, 0xfffffffffffffffe, r2, {0x4}}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f000001b700)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r4)
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x6a620c83e5d89f72)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="16000000", @ANYRES16=r5, @ANYRES64=r4], 0x58}}, 0x0)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000000)={0x8, 0x0, 0x2, 0x0, 0x1}, 0x8)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000240)={'\x00', 0x0, 0x1f, 0x9, 0x57, 0x2, <r7=>0xffffffffffffffff})
prlimit64(r7, 0x6, &(0x7f0000000080)={0x2, 0x2}, &(0x7f0000000100))
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000070000f9070000e12e93000000c407002200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
getuid()
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r8, &(0x7f0000000440), &(0x7f00000002c0)=@udp=r9}, 0x20)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f00000001c0)={0x20, 0xb, 0x9, 0x3ff, 0x8e, 0x7, &(0x7f00000003c0)="0627f72b78336c2f863116e57ba2b0e63401979c62f3898e921d5a3564238b5bd39d77325e6f88830228815c71020f7e3f187c7e662d5c10d95aec8d7306104b3a725bc90631d0962bd007394ae559cd52e5424be79f727a2dbcbdc2cf9106e8880d9a247e0dc1fb62bdfcfded4b765bed2862c458d4e6718fa7e9f0a07ba9c2369efbdb25cdefaea6fddd970484"})
r11 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r12 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
ioctl$AUTOFS_IOC_EXPIRE(r12, 0x810c9365, &(0x7f0000000580)={{0x7, 0xfffffff8}, 0x100, './file0\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r11, 0x800448d2, &(0x7f0000000040)={0x1, &(0x7f0000000440)=[{@fixed}]})
close_range(r10, 0xffffffffffffffff, 0x0)

619.096134ms ago: executing program 2 (id=1136):
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x6, 0x200)
readv(r0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/243, 0xf3}], 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x20000, 0x6, 0x1000002, 0x0, 0x5, "d52c2000000102000300ecffffff0100"})
r2 = syz_open_pts(r1, 0x0)
dup(r2)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000040))
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000004c00)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSF2(r5, 0x402c542d, &(0x7f0000000140)={0xffff0000, 0x6, 0x9, 0x2, 0x7, "d171a6100600000009e49200", 0x802046, 0x200068e})
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
listen(r4, 0xf)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="12000000070000000400", @ANYBLOB="5a9ce97ca6bb6fb4caaa087df785f5233879ffb86468fe6a7be85a9594369e3e1e0b090556290186a14590d6405481b7ce4844d81a03230212bf86bb6d2348ed0da06ada63bfed6c551d9ebe5cdca44afbff5473eca0f2ab5754dc75044b9faefe2ca9d7975c", @ANYBLOB="00ffffffe900000005000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r4], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)}, 0xe}], 0x2, 0x0, 0x0)
unshare(0x20000400)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r6, 0xe)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

0s ago: executing program 4 (id=1137):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x22, 0x2}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0x14, &(0x7f0000003480)={0x4, 0x0, 0x4, &(0x7f00000001c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x0}, 0x2)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, &(0x7f0000000000), 0x1)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[], 0x0, 0x34}, 0x28)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {<r2=>r1}}, './file0\x00'})
sendmsg$IPCTNL_MSG_EXP_DELETE(r2, 0x0, 0x4004815)
prlimit64(0x0, 0xf, &(0x7f0000000140)={0x8, 0x5}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2000003)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
unshare(0x40400)
pselect6(0x40, &(0x7f0000000180)={0x1f, 0x0, 0x3ff, 0x0, 0x9, 0x10000000000000}, 0x0, 0x0, 0x0, 0x0)
read$FUSE(r4, &(0x7f0000002480)={0x2020}, 0x2020)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0xffffffffffffff9c, &(0x7f0000002100)=[{&(0x7f0000000000)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a11800150006001400000000120800030043000040a8002b000a00034006000dc3036010fab94dcf5c046109d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88a2ddddbbb219c6c09136dd481c417898516277ce06bbace80177ccbec4c2ee5a7cef4260027836b0d17a58af5d6d93424841f468430dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f7a5025ccc89e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5", 0xd8}], 0x1}, 0x20000080)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000002140)='/proc/asound/card1/oss_mixer\x00', 0x600000, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r7, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'lo\x00', <r8=>0x0})
sendmsg$can_raw(r7, &(0x7f0000000000)={&(0x7f0000000580)={0x1d, r8}, 0x10, &(0x7f00000003c0)={&(0x7f0000000140)=@canfd={{0x1, 0x1, 0x0, 0x1}, 0x35, 0x0, 0x0, 0x0, "fa77068e9ba7f60291c0c2883b46271c1679c3c0cf5101a328bb3fbd261e7eba5594caf70eec1c694f644e13312db4bda5b524b6e151c1deaf3e9edb7a56adcb"}, 0x48}, 0x2, 0x0, 0x0, 0x20008004}, 0x1004c808)
mkdirat(0xffffffffffffffff, &(0x7f0000002180)='./file0\x00', 0x8)
bind$802154_dgram(r6, &(0x7f00000001c0)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0202}}}, 0x14)
setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f00000002c0)=0x10, 0x1)

kernel console output (not intermixed with test programs):

0
[  286.664102][ T8662] team0: Port device vlan0 added
[  286.848095][ T5930] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  288.713096][ T8684] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[8684]
[  290.640753][   T30] audit: type=1400 audit(1759118893.227:468): avc:  denied  { read } for  pid=8696 comm="syz.4.635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  291.033827][ T8709] netlink: 56 bytes leftover after parsing attributes in process `syz.4.638'.
[  291.336078][   T30] audit: type=1400 audit(1759118893.927:469): avc:  denied  { execute } for  pid=8712 comm="syz.2.639" path="/dev/audio1" dev="devtmpfs" ino=1297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  291.421912][ T8713] mkiss: ax0: crc mode is auto.
[  293.353583][ T8725] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  293.540687][ T5953] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  293.769613][ T5953] usb 1-1: config 0 has an invalid interface number: 84 but max is 0
[  293.900061][ T5953] usb 1-1: config 0 has an invalid interface number: 66 but max is 0
[  293.949865][ T5953] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  294.025480][ T5953] usb 1-1: config 0 has no interface number 0
[  294.044100][ T5953] usb 1-1: config 0 has no interface number 1
[  294.150854][ T5953] usb 1-1: config 0 interface 84 altsetting 0 endpoint 0x4 has invalid maxpacket 1560, setting to 64
[  294.200170][ T5953] usb 1-1: config 0 interface 84 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  295.128615][ T5953] usb 1-1: too many endpoints for config 0 interface 66 altsetting 153: 216, using maximum allowed: 30
[  295.140316][ T5953] usb 1-1: config 0 interface 66 altsetting 153 bulk endpoint 0x5 has invalid maxpacket 32
[  295.219891][ T5953] usb 1-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0x12, changing to 0x2
[  295.309221][ T5953] usb 1-1: config 0 interface 66 altsetting 153 has an endpoint descriptor with address 0xE6, changing to 0x86
[  295.713557][ T5953] usb 1-1: config 0 interface 66 altsetting 153 endpoint 0x86 has invalid maxpacket 12592, setting to 1024
[  296.062871][ T5953] usb 1-1: config 0 interface 66 altsetting 153 bulk endpoint 0x86 has invalid maxpacket 1024
[  296.090692][ T5953] usb 1-1: config 0 interface 66 altsetting 153 has 3 endpoint descriptors, different from the interface descriptor's value: 216
[  296.216285][ T5953] usb 1-1: config 0 interface 66 has no altsetting 0
[  296.225871][ T5953] usb 1-1: string descriptor 0 read error: -71
[  296.232892][ T5953] usb 1-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  296.242226][ T5953] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.459528][ T5953] usb 1-1: config 0 descriptor??
[  296.476537][ T8787] netlink: 'syz.1.654': attribute type 3 has an invalid length.
[  296.484300][ T8787] netlink: 152 bytes leftover after parsing attributes in process `syz.1.654'.
[  296.544976][ T8787] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  296.585436][ T5953] usb 1-1: can't set config #0, error -71
[  296.684207][ T8797] netlink: 56 bytes leftover after parsing attributes in process `syz.0.655'.
[  296.695018][ T5953] usb 1-1: USB disconnect, device number 26
[  298.210805][   T24] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  298.362705][   T24] usb 3-1: Using ep0 maxpacket: 32
[  298.590698][   T57] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  298.949672][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  298.967597][   T24] usb 3-1: config 0 has no interfaces?
[  298.976965][   T24] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  298.987782][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.996940][   T24] usb 3-1: Product: syz
[  299.008676][   T24] usb 3-1: Manufacturer: syz
[  299.018592][   T24] usb 3-1: SerialNumber: syz
[  299.069904][   T24] usb 3-1: config 0 descriptor??
[  299.113942][   T57] usb 5-1: Using ep0 maxpacket: 16
[  299.128070][   T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  299.146867][   T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.159231][   T57] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  299.168819][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.622522][   T57] usb 5-1: config 0 descriptor??
[  299.995455][   T30] audit: type=1400 audit(1759118902.577:470): avc:  denied  { mounton } for  pid=8813 comm="syz.4.659" path="/proc/477/task" dev="proc" ino=20311 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  300.425117][   T57] usbhid 5-1:0.0: can't add hid device: -71
[  300.431113][   T57] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  300.579081][   T57] usb 5-1: USB disconnect, device number 26
[  301.050474][ T8836] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  301.065528][   T30] audit: type=1804 audit(1759118903.637:471): pid=8836 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.664" name="/newroot/135/file0" dev="tmpfs" ino=760 res=1 errno=0
[  301.174359][ T8836] ref_ctr increment failed for inode: 0x2f8 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88807682cb40
[  302.138174][ T8848] binder: Bad value for 'max'
[  302.678316][   T57] usb 3-1: USB disconnect, device number 21
[  302.845188][   T30] audit: type=1400 audit(1759118905.437:472): avc:  denied  { watch } for  pid=8861 comm="syz.3.672" path="/136/bus/file1" dev="overlay" ino=765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  302.951158][   T24] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  303.125078][   T24] usb 5-1: config 0 has an invalid interface number: 168 but max is 0
[  303.307855][   T30] audit: type=1400 audit(1759118905.437:473): avc:  denied  { watch_sb watch_reads } for  pid=8861 comm="syz.3.672" path="/136/bus/file1" dev="overlay" ino=765 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  303.338899][   T24] usb 5-1: config 0 has no interface number 0
[  303.357852][   T24] usb 5-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06
[  303.385100][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.438122][   T24] usb 5-1: config 0 descriptor??
[  303.642544][ T8869] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  303.655664][ T8870] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[8870]
[  304.341911][   T30] audit: type=1400 audit(1759118906.937:474): avc:  denied  { mounton } for  pid=8871 comm="syz.2.675" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  304.364688][    C1] vkms_vblank_simulate: vblank timer overrun
[  304.850704][ T5953] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  304.980713][ T5953] usb 4-1: device descriptor read/64, error -71
[  305.387738][ T5953] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  305.582292][ T5953] usb 4-1: device descriptor read/64, error -71
[  305.737094][   T24] usb 5-1: string descriptor 0 read error: -71
[  305.744213][ T5953] usb usb4-port1: attempt power cycle
[  305.818262][   T24] usb-storage 5-1:0.168: USB Mass Storage device detected
[  305.852622][   T24] usb-storage 5-1:0.168: Quirks match for vid 05ab pid 0060: 2
[  305.870672][  T976] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  306.130900][  T976] usb 2-1: Using ep0 maxpacket: 32
[  306.177633][   T24] usb 5-1: USB disconnect, device number 27
[  306.191226][  T976] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  306.220689][ T5953] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  306.224662][  T976] usb 2-1: config 0 has no interfaces?
[  306.678353][   T30] audit: type=1400 audit(1759118908.907:475): avc:  denied  { mount } for  pid=8903 comm="syz.4.684" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  306.723282][ T5953] usb 4-1: device descriptor read/8, error -71
[  306.776464][   T30] audit: type=1400 audit(1759118909.367:476): avc:  denied  { unmount } for  pid=5844 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  306.777036][  T976] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  306.796364][    C1] vkms_vblank_simulate: vblank timer overrun
[  306.860847][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.874778][  T976] usb 2-1: Product: syz
[  306.882596][  T976] usb 2-1: Manufacturer: syz
[  306.887179][  T976] usb 2-1: SerialNumber: syz
[  306.904623][  T976] usb 2-1: config 0 descriptor??
[  307.060741][ T5953] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  307.084908][ T5953] usb 4-1: device descriptor read/8, error -71
[  307.204651][ T5953] usb usb4-port1: unable to enumerate USB device
[  307.317219][ T8919] 9pnet_fd: Insufficient options for proto=fd
[  307.708401][ T8921] SELinux: failed to load policy
[  308.683308][ T5171] Bluetooth: hci3: connection err: -111
[  308.913996][ T8934] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  309.341394][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.2.693'.
[  309.374248][ T8944] netlink: 24 bytes leftover after parsing attributes in process `syz.2.693'.
[  309.438648][   T24] usb 2-1: USB disconnect, device number 24
[  309.461237][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.2.693'.
[  309.491559][ T8944] netlink: 'syz.2.693': attribute type 5 has an invalid length.
[  309.500528][   T30] audit: type=1400 audit(1759118912.087:477): avc:  denied  { wake_alarm } for  pid=8946 comm="syz.4.694" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  309.642043][ T8953] erspan0 speed is unknown, defaulting to 1000
[  309.740262][ T8953] erspan0 speed is unknown, defaulting to 1000
[  309.790834][ T8953] erspan0 speed is unknown, defaulting to 1000
[  309.903578][   T30] audit: type=1400 audit(1759118912.487:478): avc:  denied  { append } for  pid=8943 comm="syz.2.693" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  309.927042][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.933810][   T30] audit: type=1400 audit(1759118912.487:479): avc:  denied  { open } for  pid=8943 comm="syz.2.693" path="/dev/sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  309.957524][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.971730][ T8945] netlink: 248 bytes leftover after parsing attributes in process `syz.2.693'.
[  310.346879][ T8959] netlink: 'syz.0.696': attribute type 32 has an invalid length.
[  310.631913][   T30] audit: type=1400 audit(1759118912.497:480): avc:  denied  { ioctl } for  pid=8943 comm="syz.2.693" path="/dev/sg0" dev="devtmpfs" ino=761 ioctlcmd=0x2270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  310.937897][ T8963] openvswitch: netlink: Invalid VLAN frame
[  311.060751][   T30] audit: type=1400 audit(1759118912.837:481): avc:  denied  { create } for  pid=8955 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  311.096548][   T30] audit: type=1400 audit(1759118912.937:482): avc:  denied  { write } for  pid=8955 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  311.120945][   T30] audit: type=1400 audit(1759118912.937:483): avc:  denied  { nlmsg_write } for  pid=8955 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  311.365386][ T8971] netlink: 12 bytes leftover after parsing attributes in process `syz.2.701'.
[  312.114539][ T8953] infiniband syz1: set active
[  312.119220][ T8953] infiniband syz1: added erspan0
[  312.129145][  T976] erspan0 speed is unknown, defaulting to 1000
[  312.203302][ T8977] 9pnet_fd: Insufficient options for proto=fd
[  312.247959][ T8953] syz1: rxe_create_cq: returned err = -12
[  312.288535][ T8979] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  312.308562][ T8953] infiniband syz1: Couldn't create ib_mad CQ
[  312.319110][ T8953] infiniband syz1: Couldn't open port 1
[  312.388340][ T8953] RDS/IB: syz1: added
[  312.404565][ T8979] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  312.417187][ T8953] smc: adding ib device syz1 with port count 1
[  312.435268][ T8979] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  312.481000][  T976] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  312.495134][ T8953] smc:    ib device syz1 port 1 has pnetid 
[  312.515238][ T5930] erspan0 speed is unknown, defaulting to 1000
[  312.527761][ T8953] erspan0 speed is unknown, defaulting to 1000
[  312.716053][  T976] usb 3-1: config 62 has too many interfaces: 189, using maximum allowed: 32
[  313.151211][  T976] usb 3-1: config 62 has 1 interface, different from the descriptor's value: 189
[  313.185527][  T976] usb 3-1: config 62 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.201952][  T976] usb 3-1: config 62 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  313.212991][  T976] usb 3-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00
[  313.222137][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.612748][ T8992] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.071016][  T976] elecom 0003:056E:011C.0006: unknown main item tag 0x0
[  314.080381][ T8992] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  314.081095][  T976] elecom 0003:056E:011C.0006: unknown main item tag 0x0
[  314.204797][  T976] elecom 0003:056E:011C.0006: unknown main item tag 0x0
[  314.223516][ T5853] cgroup: fork rejected by pids controller in /syz0
[  314.240622][  T976] elecom 0003:056E:011C.0006: unknown main item tag 0x0
[  314.262492][  T976] elecom 0003:056E:011C.0006: unknown main item tag 0x0
[  314.278894][  T976] elecom 0003:056E:011C.0006: unknown main item tag 0x0
[  314.287525][  T976] elecom 0003:056E:011C.0006: unknown main item tag 0x0
[  314.316238][  T976] elecom 0003:056E:011C.0006: hidraw0: USB HID v0.00 Device [HID 056e:011c] on usb-dummy_hcd.2-1/input0
[  314.728705][ T8953] erspan0 speed is unknown, defaulting to 1000
[  314.772409][  T976] usb 3-1: USB disconnect, device number 22
[  315.131215][ T9004] netlink: 56 bytes leftover after parsing attributes in process `syz.4.712'.
[  315.415412][ T8953] erspan0 speed is unknown, defaulting to 1000
[  315.516644][ T9011] netlink: 12 bytes leftover after parsing attributes in process `syz.2.713'.
[  316.496114][ T9017] netlink: 8 bytes leftover after parsing attributes in process `syz.3.716'.
[  316.510135][   T12] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.672592][   T12] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.699739][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  316.765154][ T8953] erspan0 speed is unknown, defaulting to 1000
[  316.814117][   T12] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.592501][   T12] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.770801][ T9028] netlink: 8 bytes leftover after parsing attributes in process `syz.3.718'.
[  318.365389][ T8953] erspan0 speed is unknown, defaulting to 1000
[  319.135191][ T9037] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9037 comm=syz.3.721
[  319.347803][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  319.602812][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  319.697957][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  319.717942][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  319.778035][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  319.852582][   T30] audit: type=1400 audit(1759118922.447:484): avc:  denied  { mounton } for  pid=9039 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  319.901711][ T9039] Failed to initialize the IGMP autojoin socket (err -2)
[  320.058837][ T9047] netlink: 56 bytes leftover after parsing attributes in process `syz.3.724'.
[  320.284936][   T30] audit: type=1400 audit(1759118922.877:485): avc:  denied  { mounton } for  pid=9048 comm="syz.2.723" path="/proc/537/cgroup" dev="proc" ino=21931 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  320.370959][   T30] audit: type=1400 audit(1759118922.897:486): avc:  denied  { remount } for  pid=9048 comm="syz.2.723" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  320.535024][   T36] smc: removing ib device syz2
[  321.044511][ T9064] netlink: 12 bytes leftover after parsing attributes in process `syz.1.727'.
[  321.887886][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  321.972848][ T5861] Bluetooth: hci4: command tx timeout
[  322.081049][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  322.213939][   T12] bond0 (unregistering): Released all slaves
[  322.394985][   T12] bond1 (unregistering): Released all slaves
[  322.795864][   T12] bond2 (unregistering): Released all slaves
[  322.811937][   T57] ip6gretap0 speed is unknown, defaulting to 1000
[  322.921072][   T57] syz2: Port: 1 Link DOWN
[  322.929451][  T976] ip6gretap0 speed is unknown, defaulting to 1000
[  323.176550][ T9084] netlink: 12 bytes leftover after parsing attributes in process `syz.4.732'.
[  324.370867][ T5861] Bluetooth: hci4: command tx timeout
[  324.846693][ T9094] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  325.063951][ T9039] chnl_net:caif_netlink_parms(): no params data found
[  325.878417][   T30] audit: type=1326 audit(1759118928.467:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3af218eec9 code=0x7ffc0000
[  326.020669][  T976] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  326.083503][   T30] audit: type=1326 audit(1759118928.467:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3af218eec9 code=0x7ffc0000
[  326.141779][   T30] audit: type=1326 audit(1759118928.467:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f3af218eec9 code=0x7ffc0000
[  326.170869][   T30] audit: type=1326 audit(1759118928.467:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3af218eec9 code=0x7ffc0000
[  326.196111][   T30] audit: type=1326 audit(1759118928.467:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3af218eec9 code=0x7ffc0000
[  326.219916][   T30] audit: type=1326 audit(1759118928.467:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f3af218eec9 code=0x7ffc0000
[  326.256379][  T976] usb 2-1: Using ep0 maxpacket: 8
[  326.265224][  T976] usb 2-1: config 246 has an invalid interface number: 144 but max is 0
[  326.280322][  T976] usb 2-1: config 246 has no interface number 0
[  326.308807][  T976] usb 2-1: config 246 interface 144 has no altsetting 0
[  326.321709][   T30] audit: type=1326 audit(1759118928.467:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3af218eec9 code=0x7ffc0000
[  326.346544][   T30] audit: type=1326 audit(1759118928.467:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3af218eec9 code=0x7ffc0000
[  326.370392][  T976] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=c6.3d
[  326.380050][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.398167][   T30] audit: type=1326 audit(1759118928.467:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3af218d710 code=0x7ffc0000
[  326.433224][  T976] usb 2-1: Product: syz
[  326.452221][ T5861] Bluetooth: hci4: command tx timeout
[  326.462184][  T976] usb 2-1: Manufacturer: syz
[  326.493942][  T976] usb 2-1: SerialNumber: syz
[  326.502137][   T30] audit: type=1326 audit(1759118928.467:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9111 comm="syz.2.737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f3af21906f7 code=0x7ffc0000
[  326.527572][  T976] r8152-cfgselector 2-1: Unknown version 0x0000
[  326.723468][ T9039] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.738121][ T9110] overlayfs: workdir and upperdir must be separate subtrees
[  326.755257][ T9110] netlink: 284 bytes leftover after parsing attributes in process `syz.1.736'.
[  326.772790][ T9039] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.780480][ T9039] bridge_slave_0: entered allmulticast mode
[  326.794493][ T9039] bridge_slave_0: entered promiscuous mode
[  326.802519][  T976] r8152-cfgselector 2-1: USB disconnect, device number 25
[  326.828456][ T9039] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.844852][ T9039] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.854443][ T9039] bridge_slave_1: entered allmulticast mode
[  327.096853][ T9039] bridge_slave_1: entered promiscuous mode
[  327.991334][ T9134] rdma_rxe: rxe_newlink: failed to add vxcan1
[  328.212586][ T9039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  328.550545][ T5861] Bluetooth: hci4: command tx timeout
[  328.810817][   T57] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  328.911673][ T9039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  329.310631][   T57] usb 3-1: Using ep0 maxpacket: 8
[  329.332209][   T57] usb 3-1: unable to get BOS descriptor or descriptor too short
[  329.355834][   T57] usb 3-1: config 57 has an invalid interface number: 229 but max is 0
[  329.378325][   T57] usb 3-1: config 57 has no interface number 0
[  329.384916][   T57] usb 3-1: config 57 interface 229 has no altsetting 0
[  329.394249][   T57] usb 3-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=dd.eb
[  329.403435][   T57] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.411662][   T57] usb 3-1: Product: syz
[  329.416023][   T57] usb 3-1: Manufacturer: syz
[  329.420840][   T57] usb 3-1: SerialNumber: syz
[  329.521531][ T9150] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  329.528105][ T9150] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  329.562285][ T9150] netlink: 14 bytes leftover after parsing attributes in process `syz.1.744'.
[  330.105844][ T9039] team0: Port device team_slave_0 added
[  330.154794][ T9150] hsr_slave_0: left promiscuous mode
[  330.165359][ T9150] hsr_slave_1: left promiscuous mode
[  330.204910][ T9159] netlink: 36 bytes leftover after parsing attributes in process `syz.1.744'.
[  330.368471][ T9039] team0: Port device team_slave_1 added
[  332.058241][   T57] gspca_main: jeilinj-2.14.0 probing 0979:0270
[  332.076094][   T57] usb 3-1: USB disconnect, device number 23
[  332.207254][ T9180] netlink: 28 bytes leftover after parsing attributes in process `syz.4.750'.
[  332.765527][ T9039] batman_adv: batadv0: Adding interface: batadv_slave_0
[  332.813767][ T9039] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  332.978102][ T9039] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  333.021868][ T9188] netlink: 'syz.2.751': attribute type 3 has an invalid length.
[  333.031534][ T9188] netlink: 152 bytes leftover after parsing attributes in process `syz.2.751'.
[  333.165938][ T9188] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  333.217020][ T9192] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  333.722319][   T30] kauditd_printk_skb: 61 callbacks suppressed
[  333.722331][   T30] audit: type=1400 audit(1759118935.807:558): avc:  denied  { append } for  pid=9190 comm="syz.3.749" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  333.751315][   T30] audit: type=1326 audit(1759118935.917:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9190 comm="syz.3.749" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdf70d8eec9 code=0x0
[  333.775436][ T9039] batman_adv: batadv0: Adding interface: batadv_slave_1
[  333.782468][ T9039] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  333.872954][ T9039] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.167399][ T9199] binder: Bad value for 'max'
[  335.243396][ T9039] hsr_slave_0: entered promiscuous mode
[  335.295303][ T9039] hsr_slave_1: entered promiscuous mode
[  335.340160][ T9039] debugfs: 'hsr0' already exists in 'hsr'
[  335.385565][ T9039] Cannot create hsr debugfs directory
[  335.790778][   T30] audit: type=1400 audit(1759118938.377:560): avc:  denied  { connect } for  pid=9209 comm="syz.1.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  335.824996][   T30] audit: type=1400 audit(1759118938.417:561): avc:  denied  { read } for  pid=9209 comm="syz.1.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  336.047730][   T12] hsr_slave_0: left promiscuous mode
[  336.094165][   T12] hsr_slave_1: left promiscuous mode
[  336.094808][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  336.094839][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  336.104157][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  336.104181][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  336.172169][   T12] veth1_macvtap: left promiscuous mode
[  336.172245][   T12] veth0_macvtap: left promiscuous mode
[  336.172331][   T12] veth1_vlan: left promiscuous mode
[  336.588232][ T9229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.761'.
[  336.966318][   T12] team0 (unregistering): Port device team_slave_1 removed
[  337.026857][   T12] team0 (unregistering): Port device team_slave_0 removed
[  337.194652][   T30] audit: type=1400 audit(1759118939.787:562): avc:  denied  { read } for  pid=9232 comm="syz.3.762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  338.434292][   T30] audit: type=1400 audit(1759118941.027:563): avc:  denied  { read write } for  pid=9249 comm="syz.4.766" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  338.629235][   T30] audit: type=1400 audit(1759118941.027:564): avc:  denied  { open } for  pid=9249 comm="syz.4.766" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  338.774297][ T9254] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  338.785713][ T9254] overlayfs: failed to resolve './file1': -2
[  339.430715][   T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  339.619242][ T9039] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  339.692454][   T24] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  339.907443][ T9269] ptrace attach of "./syz-executor exec"[5849] was attempted by "./syz-executor exec"[9269]
[  339.919728][ T9039] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  339.970104][ T9039] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  339.977698][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.984707][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.768'.
[  339.998733][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.768'.
[  340.050758][   T24] usb 2-1: Product: syz
[  340.064390][   T24] usb 2-1: Manufacturer: syz
[  340.069328][   T24] usb 2-1: SerialNumber: syz
[  340.081317][   T24] usb 2-1: config 0 descriptor??
[  340.180737][  T976] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  340.361043][  T976] usb 4-1: Using ep0 maxpacket: 8
[  340.369842][  T976] usb 4-1: unable to get BOS descriptor or descriptor too short
[  340.413700][  T976] usb 4-1: config index 0 descriptor too short (expected 55058, got 18)
[  340.430989][  T976] usb 4-1: config 55 has too many interfaces: 90, using maximum allowed: 32
[  340.459374][  T976] usb 4-1: config 55 has 1 interface, different from the descriptor's value: 90
[  340.539589][ T5953] usb 2-1: USB disconnect, device number 26
[  340.547773][  T976] usb 4-1: config 55 has no interface number 0
[  340.571139][  T976] usb 4-1: config 55 interface 30 has no altsetting 0
[  340.603694][  T976] usb 4-1: string descriptor 0 read error: -22
[  340.611700][  T976] usb 4-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[  340.643839][  T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.971230][ T9283] syz_tun: entered promiscuous mode
[  341.002266][  T976] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[  341.009520][  T976] dw2102: su3000_power_ctrl: 1, initialized 0
[  341.017627][ T9283] batadv_slave_0: entered promiscuous mode
[  341.027612][ T9285] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  341.032840][  T976] dvb-usb: bulk message failed: -22 (2/0)
[  341.055165][  T976] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  341.076796][  T976] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[  341.086309][  T976] usb 4-1: media controller created
[  341.104949][ T9039] 8021q: adding VLAN 0 to HW filter on device team0
[  341.128191][  T976] dvb-usb: bulk message failed: -22 (6/0)
[  341.143909][  T976] dw2102: i2c transfer failed.
[  341.166631][  T976] dvb-usb: bulk message failed: -22 (6/0)
[  341.178139][ T3595] bridge0: port 1(bridge_slave_0) entered blocking state
[  341.185245][ T3595] bridge0: port 1(bridge_slave_0) entered forwarding state
[  341.190732][  T976] dw2102: i2c transfer failed.
[  341.210478][  T976] dvb-usb: bulk message failed: -22 (6/0)
[  341.216645][  T976] dw2102: i2c transfer failed.
[  341.262201][   T30] audit: type=1400 audit(1759118943.857:565): avc:  denied  { append } for  pid=9282 comm="syz.4.773" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  341.262222][  T976] dvb-usb: bulk message failed: -22 (6/0)
[  341.345670][ T3595] bridge0: port 2(bridge_slave_1) entered blocking state
[  341.352809][ T3595] bridge0: port 2(bridge_slave_1) entered forwarding state
[  341.377819][   T30] audit: type=1400 audit(1759118943.857:566): avc:  denied  { map } for  pid=9282 comm="syz.4.773" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  341.405010][   T30] audit: type=1400 audit(1759118943.857:567): avc:  denied  { execute } for  pid=9282 comm="syz.4.773" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  341.445249][  T976] dw2102: i2c transfer failed.
[  341.469064][  T976] dvb-usb: bulk message failed: -22 (6/0)
[  341.507566][  T976] dw2102: i2c transfer failed.
[  341.533536][  T976] dvb-usb: bulk message failed: -22 (6/0)
[  341.564157][  T976] dw2102: i2c transfer failed.
[  341.596134][  T976] dvb-usb: MAC address: 02:02:02:02:02:02
[  341.646462][   T30] audit: type=1400 audit(1759118944.237:568): avc:  denied  { getopt } for  pid=9280 comm="syz.2.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  341.716778][  T976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  341.781453][  T976] dvb-usb: bulk message failed: -22 (3/0)
[  341.796377][  T976] dw2102: command 0x0e transfer failed.
[  341.834595][  T976] dvb-usb: bulk message failed: -22 (3/0)
[  341.850132][  T976] dw2102: command 0x0e transfer failed.
[  341.979600][ T9293] netlink: 40 bytes leftover after parsing attributes in process `syz.4.775'.
[  342.051108][ T9290] netlink: 'syz.3.776': attribute type 1 has an invalid length.
[  342.075617][ T9295] netlink: 20 bytes leftover after parsing attributes in process `syz.2.777'.
[  342.136702][ T9290] bond2: entered promiscuous mode
[  342.143573][ T9290] 8021q: adding VLAN 0 to HW filter on device bond2
[  342.180783][  T976] dvb-usb: bulk message failed: -22 (3/0)
[  342.229217][  T976] dw2102: command 0x0e transfer failed.
[  342.245458][  T976] dvb-usb: bulk message failed: -22 (3/0)
[  342.266834][  T976] dw2102: command 0x0e transfer failed.
[  342.279300][  T976] dvb-usb: bulk message failed: -22 (1/0)
[  342.359469][ T9298] overlayfs: failed lookup in lower (newroot/163, name='bus', err=-40): overlapping layers
[  342.580168][  T976] dw2102: command 0x51 transfer failed.
[  342.608541][  T976] dvb-usb: bulk message failed: -22 (5/0)
[  342.645502][  T976] dw2102: i2c probe for address 0x68 failed.
[  342.678930][  T976] dvb-usb: bulk message failed: -22 (5/0)
[  342.727133][  T976] dw2102: i2c probe for address 0x69 failed.
[  342.761775][  T976] dvb-usb: bulk message failed: -22 (5/0)
[  342.776829][  T976] dw2102: i2c probe for address 0x6a failed.
[  342.796637][  T976] dw2102: probing for demodulator failed. Is the external power switched on?
[  342.859338][ T9039] 8021q: adding VLAN 0 to HW filter on device batadv0
[  342.875829][  T976] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[  342.898373][ T9310] netlink: 80 bytes leftover after parsing attributes in process `syz.1.779'.
[  342.921699][ T5953] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  343.036209][   T30] audit: type=1400 audit(1759118945.617:569): avc:  denied  { setattr } for  pid=9303 comm="syz.1.779" name="dmmidi2" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  343.041017][  T976] rc_core: IR keymap rc-tt-1500 not found
[  343.089211][ T3595] Bluetooth: hci5: Frame reassembly failed (-84)
[  343.104231][ T5953] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  343.145118][ T5953] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  343.166083][  T976] Registered IR keymap rc-empty
[  343.180084][  T976] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0
[  343.220164][ T5953] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  343.229537][  T976] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input28
[  343.281586][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.293941][  T976] dvb-usb: schedule remote query interval to 250 msecs.
[  343.300871][ T9302] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  343.325125][ T9307] SELinux: failed to load policy
[  343.330528][ T5953] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  343.397459][  T976] dw2102: su3000_power_ctrl: 0, initialized 1
[  343.486963][ T9039] veth0_vlan: entered promiscuous mode
[  343.494877][  T976] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[  343.548138][  T976] usb 4-1: USB disconnect, device number 16
[  343.626927][ T9302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  343.659786][ T9302] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  343.723909][ T9039] veth1_vlan: entered promiscuous mode
[  343.788493][  T976] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[  343.851718][   T24] usb 3-1: USB disconnect, device number 24
[  344.232312][ T9318] Failed to initialize the IGMP autojoin socket (err -2)
[  344.301735][ T9039] veth0_macvtap: entered promiscuous mode
[  344.377604][ T9039] veth1_macvtap: entered promiscuous mode
[  344.573923][ T9039] batman_adv: batadv0: Interface activated: batadv_slave_0
[  344.599821][ T9039] batman_adv: batadv0: Interface activated: batadv_slave_1
[  344.670100][ T9332] netlink: 'syz.1.784': attribute type 3 has an invalid length.
[  344.678709][ T9332] netlink: 152 bytes leftover after parsing attributes in process `syz.1.784'.
[  344.738295][ T9332] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  344.788761][ T9039] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  344.881007][ T9039] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  344.925253][ T9039] wireguard: wg0: Could not create IPv4 socket
[  344.948906][ T9039] wireguard: wg1: Could not create IPv4 socket
[  345.010220][ T9039] wireguard: wg2: Could not create IPv4 socket
[  345.020720][ T9344] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  345.021033][   T30] audit: type=1400 audit(1759118947.617:570): avc:  denied  { accept } for  pid=9343 comm="syz.4.787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  345.092413][ T5856] Bluetooth: hci5: command 0x1003 tx timeout
[  345.099275][ T5861] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  345.116056][  T976] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  345.272679][  T976] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  345.301865][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.391391][  T976] usb 3-1: config 0 descriptor??
[  345.413068][  T976] gspca_main: spca508-2.14.0 probing 8086:0110
[  345.741422][   T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  346.114058][   T24] usb 5-1: Using ep0 maxpacket: 16
[  346.125305][  T976] gspca_spca508: reg_read err -71
[  346.133652][  T976] gspca_spca508: reg_read err -71
[  346.153152][   T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  346.174645][  T976] gspca_spca508: reg_read err -71
[  346.187946][  T976] gspca_spca508: reg_read err -71
[  346.200263][  T976] gspca_spca508: reg write: error -71
[  346.214128][  T976] spca508 3-1:0.0: probe with driver spca508 failed with error -71
[  346.248667][  T976] usb 3-1: USB disconnect, device number 25
[  346.267977][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  346.328621][ T9357] syz.3.789 (9357): drop_caches: 2
[  346.360659][   T24] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  346.407692][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.430717][   T24] usb 5-1: Product: syz
[  346.449321][   T24] usb 5-1: Manufacturer: syz
[  346.483889][   T24] usb 5-1: SerialNumber: syz
[  346.541446][   T24] usb 5-1: config 0 descriptor??
[  346.551221][   T24] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  346.570640][   T24] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  347.656568][ T9350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  347.785321][ T9350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  347.870407][ T9377] openvswitch: netlink: Invalid VLAN frame
[  348.001551][   T24] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  348.015020][   T24] em28xx 5-1:0.0: Config register raw data: 0x56
[  348.215627][   T24] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  348.257548][   T24] em28xx 5-1:0.0: No AC97 audio processor
[  349.153271][ T9394] openvswitch: netlink: Invalid VLAN frame
[  349.256477][  T976] usb 5-1: USB disconnect, device number 28
[  349.271307][  T976] em28xx 5-1:0.0: Disconnecting em28xx
[  349.411780][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  349.437795][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  349.452536][  T976] em28xx 5-1:0.0: Freeing device
[  349.460550][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  349.480817][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  349.490672][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  349.624013][ T9395] Failed to initialize the IGMP autojoin socket (err -2)
[  349.667083][ T9399] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  349.873475][ T9403] FAULT_INJECTION: forcing a failure.
[  349.873475][ T9403] name failslab, interval 1, probability 0, space 0, times 0
[  349.896292][ T9403] CPU: 1 UID: 0 PID: 9403 Comm: syz.1.798 Not tainted syzkaller #0 PREEMPT(full) 
[  349.896315][ T9403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  349.896325][ T9403] Call Trace:
[  349.896331][ T9403]  <TASK>
[  349.896338][ T9403]  dump_stack_lvl+0x16c/0x1f0
[  349.896365][ T9403]  should_fail_ex+0x512/0x640
[  349.896387][ T9403]  ? fs_reclaim_acquire+0xae/0x150
[  349.896410][ T9403]  ? tomoyo_encode2+0x100/0x3e0
[  349.896431][ T9403]  should_failslab+0xc2/0x120
[  349.896450][ T9403]  __kmalloc_noprof+0xd2/0x510
[  349.896475][ T9403]  tomoyo_encode2+0x100/0x3e0
[  349.896503][ T9403]  tomoyo_encode+0x29/0x50
[  349.896530][ T9403]  tomoyo_realpath_from_path+0x18f/0x6e0
[  349.896558][ T9403]  ? tomoyo_profile+0x47/0x60
[  349.896577][ T9403]  tomoyo_path_number_perm+0x245/0x580
[  349.896598][ T9403]  ? tomoyo_path_number_perm+0x237/0x580
[  349.896622][ T9403]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  349.896646][ T9403]  ? find_held_lock+0x2b/0x80
[  349.896690][ T9403]  ? find_held_lock+0x2b/0x80
[  349.896711][ T9403]  ? hook_file_ioctl_common+0x145/0x410
[  349.896734][ T9403]  ? __fget_files+0x20e/0x3c0
[  349.896758][ T9403]  security_file_ioctl+0x9b/0x240
[  349.896785][ T9403]  __x64_sys_ioctl+0xb7/0x210
[  349.896813][ T9403]  do_syscall_64+0xcd/0x4e0
[  349.896839][ T9403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.896857][ T9403] RIP: 0033:0x7f57bbd8eec9
[  349.896872][ T9403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.896889][ T9403] RSP: 002b:00007f57bcbb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  349.896906][ T9403] RAX: ffffffffffffffda RBX: 00007f57bbfe5fa0 RCX: 00007f57bbd8eec9
[  349.896918][ T9403] RDX: 0000200000000180 RSI: 0000000040103e05 RDI: 0000000000000007
[  349.896928][ T9403] RBP: 00007f57bcbb1090 R08: 0000000000000000 R09: 0000000000000000
[  349.896938][ T9403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.896947][ T9403] R13: 00007f57bbfe6038 R14: 00007f57bbfe5fa0 R15: 00007ffcc9f66668
[  349.896971][ T9403]  </TASK>
[  349.897069][ T9403] ERROR: Out of memory at tomoyo_realpath_from_path.
[  349.950860][   T30] audit: type=1400 audit(1759118952.537:571): avc:  denied  { write } for  pid=9407 comm="syz.4.800" name="usbmon6" dev="devtmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  350.003958][ T9410] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.792'.
[  350.402684][   T57] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  350.672760][   T57] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  350.699609][   T57] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  350.709183][   T57] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.821242][   T57] usb 4-1: config 0 descriptor??
[  350.888200][ T9420] ip6gretap0 speed is unknown, defaulting to 1000
[  350.897103][ T9420] ip6gretap0 speed is unknown, defaulting to 1000
[  350.905015][ T9420] ip6gretap0 speed is unknown, defaulting to 1000
[  350.993757][ T9420] infiniband syz2: set active
[  350.998456][ T9420] infiniband syz2: added ip6gretap0
[  351.005820][ T9420] syz2: rxe_create_qp: returned err = -2
[  351.011538][ T9420] infiniband syz2: Couldn't create ib_mad QP1
[  351.018060][ T9420] infiniband syz2: Couldn't open port 1
[  351.027369][ T5953] ip6gretap0 speed is unknown, defaulting to 1000
[  351.046935][ T9420] RDS/IB: syz2: added
[  351.050980][ T9420] smc: adding ib device syz2 with port count 1
[  351.057127][ T9420] smc:    ib device syz2 port 1 has pnetid 
[  351.069358][ T9420] ip6gretap0 speed is unknown, defaulting to 1000
[  351.081894][ T5953] ip6gretap0 speed is unknown, defaulting to 1000
[  351.140787][ T5960] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  351.204341][ T9420] ip6gretap0 speed is unknown, defaulting to 1000
[  351.288947][ T9420] ip6gretap0 speed is unknown, defaulting to 1000
[  351.370704][ T9420] ip6gretap0 speed is unknown, defaulting to 1000
[  351.445966][   T57] lenovo 0003:17EF:6047.0007: item fetching failed at offset 2/5
[  351.454395][   T57] lenovo 0003:17EF:6047.0007: hid_parse failed
[  351.460705][   T57] lenovo 0003:17EF:6047.0007: probe with driver lenovo failed with error -22
[  351.570873][ T5856] Bluetooth: hci4: command tx timeout
[  351.631404][ T5960] usb 3-1: Using ep0 maxpacket: 8
[  352.144272][   T30] audit: type=1400 audit(1759118953.738:572): avc:  denied  { ioctl } for  pid=9429 comm="syz.1.804" path="socket:[24985]" dev="sockfs" ino=24985 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  352.226795][ T9395] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  352.259798][ T9395] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  352.320826][ T9395] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  352.805337][    T9] usb 4-1: USB disconnect, device number 17
[  352.846070][ T9453] netlink: 'syz.4.805': attribute type 3 has an invalid length.
[  352.866850][ T9453] netlink: 152 bytes leftover after parsing attributes in process `syz.4.805'.
[  352.878412][ T9453] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  352.922613][ T9437] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  354.009271][ T5960] usb 3-1: unable to get BOS descriptor or descriptor too short
[  354.055046][ T5856] Bluetooth: hci4: command tx timeout
[  354.070753][ T5960] usb 3-1: unable to read config index 0 descriptor/start: -71
[  354.078348][ T5960] usb 3-1: can't read configurations, error -71
[  354.514577][ T9473] rdma_rxe: rxe_newlink: failed to add erspan0
[  354.551907][ T9395] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  354.798016][ T9468] tmpfs: Unknown parameter 'qfÇ5veth1_virt_wifi'
[  354.818201][ T9395] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  354.932775][ T9477] bond2: entered promiscuous mode
[  354.937898][ T9477] bond2: entered allmulticast mode
[  354.943440][ T9477] 8021q: adding VLAN 0 to HW filter on device bond2
[  355.124110][ T9395] wireguard: wg0: Could not create IPv4 socket
[  355.158218][ T9395] wireguard: wg1: Could not create IPv4 socket
[  355.650770][ T9395] wireguard: wg2: Could not create IPv4 socket
[  356.650614][   T30] audit: type=1400 audit(1759118958.238:573): avc:  denied  { mounton } for  pid=9511 comm="syz.4.814" path="/173/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  356.686221][   T30] audit: type=1400 audit(1759118958.238:574): avc:  denied  { setattr } for  pid=9511 comm="syz.4.814" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  356.942920][ T9518] tmpfs: Unknown parameter ''
[  357.597922][  T976] usb 3-1: new low-speed USB device number 28 using dummy_hcd
[  360.973468][ T9575] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.822'.
[  360.994766][ T9573] gtp0: entered promiscuous mode
[  361.154666][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  361.166543][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  361.175808][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  361.299902][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  361.319318][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  361.420205][ T9580] Failed to initialize the IGMP autojoin socket (err -2)
[  361.473241][   T30] audit: type=1326 audit(1759118963.048:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  361.598480][   T30] audit: type=1326 audit(1759118963.048:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  361.742572][   T30] audit: type=1326 audit(1759118963.048:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  361.842463][   T30] audit: type=1326 audit(1759118963.048:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  361.901327][   T30] audit: type=1326 audit(1759118963.048:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  362.006507][   T30] audit: type=1326 audit(1759118963.048:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  362.008743][ T9595] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  362.218128][   T30] audit: type=1326 audit(1759118963.048:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  362.267123][   T30] audit: type=1326 audit(1759118963.058:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  362.411769][   T30] audit: type=1326 audit(1759118963.058:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  362.479518][   T30] audit: type=1326 audit(1759118963.058:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  362.632293][   T30] audit: type=1326 audit(1759118963.098:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  362.786617][   T30] audit: type=1326 audit(1759118963.098:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9587 comm="syz.4.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3f2e18eec9 code=0x7ffc0000
[  363.761023][ T5861] Bluetooth: hci4: command tx timeout
[  365.483642][ T9580] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  365.500157][ T9580] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  365.562028][ T9580] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  365.807160][ T9627] tmpfs: Unknown parameter 'qfÇ5Þth1_virt_wifi'
[  365.814051][ T5861] Bluetooth: hci4: command tx timeout
[  366.470989][ T9580] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  366.569261][ T9580] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  366.604814][ T9580] wireguard: wg0: Could not create IPv4 socket
[  366.617446][ T9580] wireguard: wg1: Could not create IPv4 socket
[  366.629972][ T9580] wireguard: wg2: Could not create IPv4 socket
[  366.832069][ T9655] syz2: rxe_newlink: already configured on ip6gretap0
[  366.842117][ T9657] binder: 9654:9657 ioctl c00c620f 2000000003c0 returned -22
[  367.160694][   T24] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  367.320752][   T24] usb 3-1: Using ep0 maxpacket: 8
[  368.963956][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  368.963977][   T30] audit: type=1326 audit(1759118970.558:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9721 comm="syz.4.840" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f2e18eec9 code=0x0
[  370.029751][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  370.057121][   T24] usb 3-1: unable to read config index 0 descriptor/start: -71
[  370.070994][   T24] usb 3-1: can't read configurations, error -71
[  370.529934][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  370.538873][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  370.546812][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  370.554275][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  370.561550][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  370.582642][ T9758] Failed to initialize the IGMP autojoin socket (err -2)
[  372.170344][ T9775] netlink: 36 bytes leftover after parsing attributes in process `syz.3.844'.
[  372.611393][ T5856] Bluetooth: hci4: command tx timeout
[  372.804712][ T9780] sd 0:0:1:0: device reset
[  372.829697][   T30] audit: type=1400 audit(1759118974.398:609): avc:  denied  { read } for  pid=9778 comm="syz.2.845" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  373.006794][ T9787] kvm: pic: non byte write
[  373.047818][ T9785] fuse: Unknown parameter '0x0000000000000007'
[  373.054748][   T30] audit: type=1400 audit(1759118974.638:610): avc:  denied  { mounton } for  pid=9784 comm="syz.1.846" path="/163/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  374.690629][ T5856] Bluetooth: hci4: command tx timeout
[  375.285884][   T30] audit: type=1400 audit(1759118976.578:611): avc:  denied  { mount } for  pid=9801 comm="syz.3.850" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  375.429805][   T30] audit: type=1400 audit(1759118977.018:612): avc:  denied  { write } for  pid=9809 comm="syz.2.851" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  375.474344][ T9758] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  375.505885][ T9758] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  375.566945][   T30] audit: type=1400 audit(1759118977.158:613): avc:  denied  { unmount } for  pid=5843 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  375.657075][ T9758] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  375.771282][ T9818] openvswitch: netlink: Invalid VLAN frame
[  375.995385][   T10] ip6gretap0 speed is unknown, defaulting to 1000
[  376.248140][ T9824] openvswitch: netlink: Invalid VLAN frame
[  376.772422][ T5856] Bluetooth: hci4: command tx timeout
[  377.566537][ T9846] netlink: 'syz.3.857': attribute type 3 has an invalid length.
[  377.890442][ T9846] netlink: 152 bytes leftover after parsing attributes in process `syz.3.857'.
[  378.085058][ T9846] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  378.158548][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  378.474264][ T5916] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  378.642971][ T5916] usb 5-1: Using ep0 maxpacket: 32
[  378.683188][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  378.729802][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  378.741721][ T9758] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  378.759843][ T5916] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  378.790984][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.832191][ T5916] usb 5-1: config 0 descriptor??
[  378.837355][ T9758] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  378.858858][ T5856] Bluetooth: hci4: command tx timeout
[  378.880117][ T9758] wireguard: wg0: Could not create IPv4 socket
[  378.887909][ T9758] wireguard: wg1: Could not create IPv4 socket
[  378.908468][ T9758] wireguard: wg2: Could not create IPv4 socket
[  379.505945][ T5916] ft260 0003:0403:6030.0008: unknown main item tag 0x7
[  379.703168][ T5916] ft260 0003:0403:6030.0008: chip code: 6424 8183
[  379.906853][ T5916] ft260 0003:0403:6030.0008: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.4-1/input0
[  380.125436][ T5916] ft260 0003:0403:6030.0008: failed to retrieve status: -32, no wakeup
[  380.173671][ T5916] ft260 0003:0403:6030.0008: failed to retrieve status: -71
[  380.207684][ T5916] ft260 0003:0403:6030.0008: failed to reset I2C controller: -71
[  380.387644][ T5916] usb 5-1: USB disconnect, device number 29
[  380.422220][ T9882] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  380.448301][ T9882] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  381.356545][ T9906] overlayfs: failed to resolve './file0': -2
[  381.357198][   T10] erspan0 speed is unknown, defaulting to 1000
[  381.370582][  T992] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  381.379703][   T10] syz1: Port: 1 Link DOWN
[  381.451753][  T976] erspan0 speed is unknown, defaulting to 1000
[  381.496389][  T992] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  381.545680][  T992] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  381.575481][ T3568] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  381.840977][ T5916] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  382.495253][ T9925] overlayfs: failed to resolve './file1': -2
[  382.535177][   T30] audit: type=1400 audit(1759118984.128:614): avc:  denied  { watch } for  pid=9924 comm="syz.3.870" path="/186/bus/file1" dev="tmpfs" ino=1035 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  382.558314][    C1] vkms_vblank_simulate: vblank timer overrun
[  382.574579][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  382.593836][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  382.602455][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  382.610156][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  382.631492][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  382.650829][ T5916] usb 2-1: Using ep0 maxpacket: 32
[  382.668157][ T5916] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  382.687138][ T9926] Failed to initialize the IGMP autojoin socket (err -2)
[  382.713536][ T5916] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x6 has invalid wMaxPacketSize 0
[  382.758349][ T5916] usb 2-1: config 0 interface 0 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 0
[  382.802314][ T5916] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  382.886946][ T5916] usb 2-1: config 0 interface 0 has no altsetting 0
[  382.934811][ T5916] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  382.961426][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.992301][ T5916] usb 2-1: Product: syz
[  382.996493][ T5916] usb 2-1: Manufacturer: syz
[  383.010327][ T5916] usb 2-1: SerialNumber: syz
[  383.034606][ T9944] FAULT_INJECTION: forcing a failure.
[  383.034606][ T9944] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  383.058466][ T5916] usb 2-1: config 0 descriptor??
[  383.065950][ T9944] CPU: 1 UID: 0 PID: 9944 Comm: syz.4.874 Not tainted syzkaller #0 PREEMPT(full) 
[  383.065974][ T9944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  383.065983][ T9944] Call Trace:
[  383.065989][ T9944]  <TASK>
[  383.065995][ T9944]  dump_stack_lvl+0x16c/0x1f0
[  383.066020][ T9944]  should_fail_ex+0x512/0x640
[  383.066049][ T9944]  _copy_from_user+0x2e/0xd0
[  383.066071][ T9944]  iommufd_vfio_ioctl+0x678/0xe90
[  383.066098][ T9944]  ? __pfx_iommufd_vfio_ioctl+0x10/0x10
[  383.066120][ T9944]  ? tomoyo_path_number_perm+0x18d/0x580
[  383.066155][ T9944]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  383.066175][ T9944]  ? do_vfs_ioctl+0x128/0x14f0
[  383.066205][ T9944]  iommufd_fops_ioctl+0x45b/0x540
[  383.066226][ T9944]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  383.066249][ T9944]  ? hook_file_ioctl_common+0x145/0x410
[  383.066272][ T9944]  ? selinux_file_ioctl+0x180/0x270
[  383.066295][ T9944]  ? selinux_file_ioctl+0xb4/0x270
[  383.066319][ T9944]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  383.066340][ T9944]  __x64_sys_ioctl+0x18b/0x210
[  383.066367][ T9944]  do_syscall_64+0xcd/0x4e0
[  383.066391][ T9944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.066407][ T9944] RIP: 0033:0x7f3f2e18eec9
[  383.066421][ T9944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.066436][ T9944] RSP: 002b:00007f3f2eff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  383.066452][ T9944] RAX: ffffffffffffffda RBX: 00007f3f2e3e5fa0 RCX: 00007f3f2e18eec9
[  383.066463][ T9944] RDX: 0000200000000240 RSI: 0000000000003b70 RDI: 0000000000000003
[  383.066473][ T9944] RBP: 00007f3f2eff9090 R08: 0000000000000000 R09: 0000000000000000
[  383.066482][ T9944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.066492][ T9944] R13: 00007f3f2e3e6038 R14: 00007f3f2e3e5fa0 R15: 00007ffc0f5e21c8
[  383.066514][ T9944]  </TASK>
[  383.068131][ T5916] gs_usb 2-1:0.0: Required endpoints not found
[  383.738104][ T9952] sg_write: data in/out 49020/1 bytes for SCSI command 0x1c-- guessing data in;
[  383.738104][ T9952]    program syz.4.875 not setting count and/or reply_len properly
[  384.061797][   T57] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  384.280903][   T57] usb 5-1: Using ep0 maxpacket: 8
[  384.305899][   T57] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  384.382896][   T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.544293][   T57] usb 5-1: Product: syz
[  384.606026][   T57] usb 5-1: Manufacturer: syz
[  384.646184][ T5916] usb 2-1: USB disconnect, device number 27
[  384.690829][ T5856] Bluetooth: hci4: command tx timeout
[  384.829189][   T57] usb 5-1: SerialNumber: syz
[  384.836182][   T57] usb 5-1: config 0 descriptor??
[  384.885654][   T57] gspca_main: sq930x-2.14.0 probing 2770:930c
[  385.059649][   T57] gspca_sq930x: reg_r 001f failed -71
[  385.074905][   T57] sq930x 5-1:0.0: probe with driver sq930x failed with error -71
[  385.132968][   T57] usb 5-1: USB disconnect, device number 30
[  385.465083][   T30] audit: type=1400 audit(1759118987.058:615): avc:  denied  { map } for  pid=9982 comm="syz.2.880" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  385.716696][ T9926] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  385.749008][ T9993] netlink: 'syz.1.882': attribute type 1 has an invalid length.
[  385.914295][T10000] netlink: 24 bytes leftover after parsing attributes in process `syz.4.883'.
[  385.933834][ T9993] bond3: entered promiscuous mode
[  385.946796][ T9993] 8021q: adding VLAN 0 to HW filter on device bond3
[  386.011277][ T9926] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  386.262889][ T9926] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  386.369695][ T9993] overlayfs: failed lookup in lower (newroot/171, name='bus', err=-40): overlapping layers
[  386.771050][ T5856] Bluetooth: hci4: command tx timeout
[  386.801371][   T57] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  386.905696][T10023] netlink: 'syz.4.885': attribute type 3 has an invalid length.
[  386.916804][T10023] netlink: 152 bytes leftover after parsing attributes in process `syz.4.885'.
[  386.943214][T10023] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  387.007672][   T57] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  387.024817][   T57] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  387.071093][   T57] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  387.085132][   T57] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.087287][T10026] can0: slcan on ttyprintk.
[  387.108844][   T57] usb 2-1: Product: syz
[  387.123492][   T57] usb 2-1: Manufacturer: syz
[  387.135417][   T57] usb 2-1: SerialNumber: syz
[  387.187884][   T57] cdc_mbim 2-1:1.0: skipping garbage
[  387.286730][ T9926] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  387.614582][T10013] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  387.810951][ T9926] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  387.850790][   T30] audit: type=1400 audit(1759118989.438:616): avc:  denied  { getopt } for  pid=10025 comm="syz.2.886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  388.053877][ T9926] wireguard: wg0: Could not create IPv4 socket
[  388.071152][ T9926] wireguard: wg1: Could not create IPv4 socket
[  388.087820][ T9926] wireguard: wg2: Could not create IPv4 socket
[  388.094517][T10025] can0 (unregistered): slcan off ttyprintk.
[  388.890706][ T5856] Bluetooth: hci4: command tx timeout
[  389.101430][   T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  389.260860][   T10] usb 3-1: Using ep0 maxpacket: 16
[  389.285615][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  389.318700][   T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  389.356100][   T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  389.392470][   T10] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  389.440146][   T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  389.469769][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  389.500732][ T5923] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  389.505613][   T10] usb 3-1: SerialNumber: syz
[  389.539971][   T10] hub 3-1:1.0: bad descriptor, ignoring hub
[  389.547374][   T10] hub 3-1:1.0: probe with driver hub failed with error -5
[  389.574224][   T10] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  389.577598][   T57] cdc_mbim 2-1:1.0: bind() failure
[  389.606906][   T57] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71
[  389.726438][ T5923] usb 5-1: Using ep0 maxpacket: 8
[  389.732939][   T57] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71
[  389.995943][T10045] raw-gadget.1 gadget.2: fail, usb_ep_set_halt returned -11
[  390.204456][ T5923] usb 5-1: unable to get BOS descriptor or descriptor too short
[  390.212902][   T57] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  390.228935][ T5923] usb 5-1: config index 0 descriptor too short (expected 55058, got 18)
[  390.254025][ T5923] usb 5-1: config 55 has too many interfaces: 90, using maximum allowed: 32
[  390.280841][   T57] usb 2-1: USB disconnect, device number 28
[  390.364542][ T5923] usb 5-1: config 55 has 1 interface, different from the descriptor's value: 90
[  390.510169][ T5923] usb 5-1: config 55 has no interface number 0
[  390.517185][ T5923] usb 5-1: config 55 interface 30 has no altsetting 0
[  390.527934][ T5923] usb 5-1: string descriptor 0 read error: -22
[  390.535000][ T5923] usb 5-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[  390.552937][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.578579][ T5923] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[  390.596194][ T5923] dw2102: su3000_power_ctrl: 1, initialized 0
[  390.604484][ T5923] dvb-usb: bulk message failed: -22 (2/0)
[  390.617908][ T5923] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  390.632345][ T5923] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[  390.640085][ T5923] usb 5-1: media controller created
[  390.655865][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[  390.691286][ T5923] dw2102: i2c transfer failed.
[  390.713422][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[  390.740734][ T5923] dw2102: i2c transfer failed.
[  390.749707][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[  390.777196][ T5923] dw2102: i2c transfer failed.
[  390.784603][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[  390.791545][   T57] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  390.800902][ T5923] dw2102: i2c transfer failed.
[  390.806193][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[  390.812454][ T5923] dw2102: i2c transfer failed.
[  390.817354][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[  390.823300][ T5923] dw2102: i2c transfer failed.
[  390.828197][ T5923] dvb-usb: MAC address: 02:02:02:02:02:02
[  390.850477][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  390.877355][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[  390.892485][ T5923] dw2102: command 0x0e transfer failed.
[  390.907489][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[  390.920753][ T5923] dw2102: command 0x0e transfer failed.
[  390.954577][   T57] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  390.971394][   T57] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  390.995389][   T57] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  391.032654][   T57] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.112521][T10069] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  391.127097][   T57] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  391.315811][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[  391.350616][ T5923] dw2102: command 0x0e transfer failed.
[  391.356695][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[  391.366996][ T5923] dw2102: command 0x0e transfer failed.
[  391.403938][ T5923] dvb-usb: bulk message failed: -22 (1/0)
[  391.409691][ T5923] dw2102: command 0x51 transfer failed.
[  391.420898][   T24] usb 3-1: USB disconnect, device number 31
[  391.452140][ T5923] dvb-usb: bulk message failed: -22 (5/0)
[  391.469898][ T5923] dw2102: i2c probe for address 0x68 failed.
[  391.526502][T10089] overlayfs: failed to resolve './file0': -2
[  391.537490][ T5923] dvb-usb: bulk message failed: -22 (5/0)
[  391.573503][ T5923] dw2102: i2c probe for address 0x69 failed.
[  391.607739][ T5923] dvb-usb: bulk message failed: -22 (5/0)
[  391.723135][ T5923] dw2102: i2c probe for address 0x6a failed.
[  391.744867][ T5923] dw2102: probing for demodulator failed. Is the external power switched on?
[  391.823360][ T5923] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[  392.141513][ T5923] rc_core: IR keymap rc-tt-1500 not found
[  392.152985][ T5923] Registered IR keymap rc-empty
[  392.167676][ T5923] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[  392.289334][ T5923] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input29
[  392.365749][T10108] netlink: 'syz.2.897': attribute type 1 has an invalid length.
[  392.813007][ T5923] dvb-usb: schedule remote query interval to 250 msecs.
[  392.859001][T10108] bond3: entered promiscuous mode
[  392.891854][T10108] 8021q: adding VLAN 0 to HW filter on device bond3
[  392.892170][T10115] overlayfs: failed lookup in lower (newroot/190, name='bus', err=-40): overlapping layers
[  392.908661][ T5923] dw2102: su3000_power_ctrl: 0, initialized 1
[  392.936120][ T5923] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[  392.972221][ T5923] usb 5-1: USB disconnect, device number 31
[  393.043166][ T5923] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[  393.831019][ T5923] usb 2-1: USB disconnect, device number 29
[  394.074172][T10140] netlink: 36 bytes leftover after parsing attributes in process `syz.3.900'.
[  395.083483][T10146] FAULT_INJECTION: forcing a failure.
[  395.083483][T10146] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.164322][T10146] CPU: 0 UID: 0 PID: 10146 Comm: syz.1.902 Not tainted syzkaller #0 PREEMPT(full) 
[  395.164339][T10146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  395.164344][T10146] Call Trace:
[  395.164348][T10146]  <TASK>
[  395.164353][T10146]  dump_stack_lvl+0x16c/0x1f0
[  395.164371][T10146]  should_fail_ex+0x512/0x640
[  395.164388][T10146]  _copy_from_user+0x2e/0xd0
[  395.164403][T10146]  memdup_user+0x6b/0xe0
[  395.164416][T10146]  strndup_user+0x78/0xe0
[  395.164427][T10146]  __x64_sys_mount+0x137/0x310
[  395.164442][T10146]  ? __pfx___x64_sys_mount+0x10/0x10
[  395.164462][T10146]  do_syscall_64+0xcd/0x4e0
[  395.164477][T10146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.164487][T10146] RIP: 0033:0x7f57bbd8eec9
[  395.164496][T10146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.164506][T10146] RSP: 002b:00007f57bcb90038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  395.164516][T10146] RAX: ffffffffffffffda RBX: 00007f57bbfe6090 RCX: 00007f57bbd8eec9
[  395.164522][T10146] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 0000000000000000
[  395.164529][T10146] RBP: 00007f57bcb90090 R08: 0000000000000000 R09: 0000000000000000
[  395.164534][T10146] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000001
[  395.164540][T10146] R13: 00007f57bbfe6128 R14: 00007f57bbfe6090 R15: 00007ffcc9f66668
[  395.164552][T10146]  </TASK>
[  395.512420][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  395.526406][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  395.537308][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  395.553774][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  395.564738][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  395.571971][T10148] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  395.650462][T10149] Failed to initialize the IGMP autojoin socket (err -2)
[  396.627941][T10165] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  396.871538][T10173] netlink: 'syz.2.908': attribute type 1 has an invalid length.
[  396.954645][T10173] bond4: entered promiscuous mode
[  396.993159][T10173] 8021q: adding VLAN 0 to HW filter on device bond4
[  397.131153][T10180] overlayfs: failed lookup in lower (newroot/194, name='bus', err=-40): overlapping layers
[  397.240749][ T5916] usb 5-1: new low-speed USB device number 32 using dummy_hcd
[  397.543397][ T5916] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  397.543820][T10184] netlink: 'syz.2.910': attribute type 1 has an invalid length.
[  397.561218][ T5916] usb 5-1: config 0 has no interface number 0
[  397.605914][T10184] bond5: entered promiscuous mode
[  397.608905][ T5916] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  397.632143][T10184] 8021q: adding VLAN 0 to HW filter on device bond5
[  397.654150][ T5861] Bluetooth: hci4: command tx timeout
[  397.676084][ T5916] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  397.727200][ T5916] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  397.754014][ T5916] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  397.790296][ T5916] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  397.874209][T10186] overlayfs: failed lookup in lower (newroot/195, name='bus', err=-40): overlapping layers
[  398.096889][ T5916] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  398.411697][ T5916] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  398.457878][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.514262][ T5916] usb 5-1: config 0 descriptor??
[  398.521179][T10178] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  398.528401][T10178] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  398.574623][T10149] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  398.688090][T10198] netlink: 4 bytes leftover after parsing attributes in process `syz.2.912'.
[  398.732648][ T5916] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  398.756121][T10149] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  398.934434][T10149] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  398.942850][ T5916] usb 5-1: USB disconnect, device number 32
[  398.942903][    C1] ldusb 5-1:0.55: usb_submit_urb failed (-19)
[  398.983407][ T5916] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  399.089989][T10195] rdma_rxe: rxe_newlink: failed to add ip6gretap0
[  399.184963][T10178] ldusb: No device or device unplugged -19
[  399.361258][ T5923] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  399.580971][ T5923] usb 2-1: Using ep0 maxpacket: 8
[  399.589029][T10217] overlayfs: failed to resolve './file0': -2
[  399.939318][ T5861] Bluetooth: hci4: command tx timeout
[  401.131959][T10149] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  401.178385][T10149] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  401.205481][T10149] wireguard: wg0: Could not create IPv4 socket
[  401.214261][T10149] wireguard: wg1: Could not create IPv4 socket
[  401.222027][T10149] wireguard: wg2: Could not create IPv4 socket
[  401.537282][T10233] netlink: 'syz.4.920': attribute type 3 has an invalid length.
[  401.606995][ T5923] usb 2-1: unable to get BOS descriptor or descriptor too short
[  401.624564][T10233] netlink: 152 bytes leftover after parsing attributes in process `syz.4.920'.
[  401.634152][T10233] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  401.663778][ T5923] usb 2-1: unable to read config index 0 descriptor/start: -71
[  401.673177][ T5923] usb 2-1: can't read configurations, error -71
[  402.222506][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  402.496374][T10241] ceph: No mds server is up or the cluster is laggy
[  402.838890][T10252] IPv6: sit1: Disabled Multicast RS
[  402.871161][T10252] sit1: entered allmulticast mode
[  403.054108][ T5923] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  403.240645][ T5923] usb 2-1: Using ep0 maxpacket: 8
[  403.324200][ T5923] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  403.399920][ T5923] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  403.450397][ T5923] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  403.471240][ T5923] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  403.505509][ T5923] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  403.549189][ T5923] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  403.569321][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.123770][T10252] comedi comedi0: Minor 47 could not be opened
[  404.735652][ T5923] usb 2-1: GET_CAPABILITIES returned 0
[  405.350182][ T5923] usbtmc 2-1:16.0: can't read capabilities
[  405.504329][T10252] block nbd2: shutting down sockets
[  405.577221][ T5923] usb 2-1: USB disconnect, device number 32
[  405.602512][T10285] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  405.627257][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  407.690847][ T5856] Bluetooth: hci4: command 0x1003 tx timeout
[  407.690933][ T5861] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  409.691279][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  409.710942][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  409.725455][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  409.731639][T10369] input: syz1 as /devices/virtual/input/input30
[  409.733670][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  409.748469][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  409.769191][T10369] input: failed to attach handler leds to device input30, error: -6
[  409.774160][T10365] Failed to initialize the IGMP autojoin socket (err -2)
[  410.230613][T10378] mkiss: ax0: crc mode is auto.
[  410.246840][   T30] audit: type=1400 audit(1759119011.828:617): avc:  denied  { listen } for  pid=10366 comm="syz.3.934" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  410.840655][ T5923] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  410.858163][T10392] netlink: 'syz.4.939': attribute type 1 has an invalid length.
[  411.167464][T10392] bond5: entered promiscuous mode
[  411.178694][T10392] 8021q: adding VLAN 0 to HW filter on device bond5
[  411.250956][T10392] overlayfs: failed lookup in lower (newroot/204, name='bus', err=-40): overlapping layers
[  411.811864][ T5856] Bluetooth: hci4: command tx timeout
[  413.165623][T10365] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  413.221093][T10365] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  413.278615][   T30] audit: type=1400 audit(1759119014.868:618): avc:  denied  { create } for  pid=10405 comm="syz.4.941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  413.359249][T10365] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  413.398018][   T30] audit: type=1400 audit(1759119014.898:619): avc:  denied  { getopt } for  pid=10405 comm="syz.4.941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  413.890753][ T5856] Bluetooth: hci4: command 0x041b tx timeout
[  414.778292][T10457] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[10457]
[  414.801817][T10457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.947'.
[  414.810835][T10457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.947'.
[  414.818042][   T10] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  415.030767][   T10] usb 4-1: Using ep0 maxpacket: 32
[  415.163067][T10365] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  415.183568][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  415.204151][   T10] usb 4-1: config 0 has no interfaces?
[  415.235581][   T10] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  415.259563][T10365] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  415.320498][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.354617][T10365] wireguard: wg0: Could not create IPv4 socket
[  415.362665][   T10] usb 4-1: Product: syz
[  415.380429][   T10] usb 4-1: Manufacturer: syz
[  415.391932][T10365] wireguard: wg1: Could not create IPv4 socket
[  415.399197][   T10] usb 4-1: SerialNumber: syz
[  415.417934][T10365] wireguard: wg2: Could not create IPv4 socket
[  415.477208][   T10] usb 4-1: config 0 descriptor??
[  415.970743][ T5856] Bluetooth: hci4: command 0x041b tx timeout
[  416.451837][T10480] openvswitch: netlink: Invalid VLAN frame
[  416.752027][ T1779] usb 4-1: USB disconnect, device number 18
[  417.981268][T10502] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  417.987961][T10502] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  417.999029][T10502] vhci_hcd vhci_hcd.0: Device attached
[  418.060805][T10500] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(11)
[  418.067432][T10500] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  418.109568][T10511] netlink: 'syz.4.957': attribute type 11 has an invalid length.
[  418.117537][T10511] netlink: 20 bytes leftover after parsing attributes in process `syz.4.957'.
[  418.147153][T10500] vhci_hcd vhci_hcd.0: Device attached
[  418.260767][   T24] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  418.299268][T10504] vhci_hcd: connection closed
[  418.301526][T10507] vhci_hcd: connection closed
[  418.307127][ T6221] vhci_hcd: stop threads
[  418.327289][ T6221] vhci_hcd: release socket
[  418.371337][ T6221] vhci_hcd: disconnect device
[  418.424127][ T6221] vhci_hcd: stop threads
[  418.447065][ T6221] vhci_hcd: release socket
[  418.470107][ T6221] vhci_hcd: disconnect device
[  418.668222][T10522] netlink: 'syz.4.959': attribute type 1 has an invalid length.
[  418.715471][T10522] bond6: entered promiscuous mode
[  418.721632][T10522] 8021q: adding VLAN 0 to HW filter on device bond6
[  418.865751][T10525] overlayfs: failed lookup in lower (newroot/211, name='bus', err=-40): overlapping layers
[  420.473785][T10565] netlink: 'syz.2.962': attribute type 1 has an invalid length.
[  420.522725][T10565] bond6: entered promiscuous mode
[  420.531279][T10565] 8021q: adding VLAN 0 to HW filter on device bond6
[  420.539378][T10572] binder: Bad value for 'max'
[  420.694763][T10577] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  420.806551][T10578] overlayfs: failed lookup in lower (newroot/207, name='bus', err=-40): overlapping layers
[  421.155506][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  421.166934][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  421.178790][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  421.192869][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  421.200257][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  421.375633][T10580] Failed to initialize the IGMP autojoin socket (err -2)
[  422.251355][T10585] program syz.2.965 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  422.385920][   T30] audit: type=1400 audit(1759119023.958:620): avc:  denied  { ioctl } for  pid=10589 comm="syz.4.966" path="socket:[29458]" dev="sockfs" ino=29458 ioctlcmd=0xb101 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  422.720705][ T5916] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  422.960690][ T5916] usb 5-1: Using ep0 maxpacket: 16
[  422.980268][ T5916] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  422.988616][ T5916] usb 5-1: config 0 has no interface number 0
[  423.005359][ T5916] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  423.493559][   T24] vhci_hcd: vhci_device speed not set
[  423.510752][ T5861] Bluetooth: hci4: command tx timeout
[  423.528359][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.563615][ T5916] usb 5-1: Product: syz
[  423.572552][ T5916] usb 5-1: Manufacturer: syz
[  423.577210][ T5916] usb 5-1: SerialNumber: syz
[  423.605039][ T5916] usb 5-1: config 0 descriptor??
[  423.638178][ T5916] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  423.829362][   T57] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  423.892685][T10580] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  423.940988][   T57] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  423.965064][T10580] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  424.150839][ T5916] gspca_spca1528: reg_w err -110
[  424.156201][T10580] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  424.616076][ T5916] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[  425.090180][T10590] syzkaller0: entered promiscuous mode
[  425.104532][T10590] syzkaller0: entered allmulticast mode
[  425.246187][ T1779] usb 5-1: USB disconnect, device number 33
[  425.401877][T10580] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  425.422119][T10580] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  425.445384][T10580] wireguard: wg0: Could not create IPv4 socket
[  425.458104][T10580] wireguard: wg1: Could not create IPv4 socket
[  425.511675][T10580] wireguard: wg2: Could not create IPv4 socket
[  425.571024][ T5861] Bluetooth: hci4: command tx timeout
[  425.702930][   T30] audit: type=1400 audit(1759119027.298:621): avc:  denied  { write } for  pid=10618 comm="syz.1.974" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  425.734100][   T30] audit: type=1400 audit(1759119027.298:622): avc:  denied  { add_name } for  pid=10618 comm="syz.1.974" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  425.755474][   T30] audit: type=1400 audit(1759119027.298:623): avc:  denied  { create } for  pid=10618 comm="syz.1.974" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  425.779030][   T30] audit: type=1400 audit(1759119027.298:624): avc:  denied  { associate } for  pid=10618 comm="syz.1.974" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  426.220920][T10626] random: crng reseeded on system resumption
[  426.240629][   T57] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  426.390734][   T57] usb 2-1: Using ep0 maxpacket: 8
[  426.408686][   T57] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  426.431409][   T57] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  426.446592][   T57] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.456270][   T57] usb 2-1: Product: syz
[  426.461049][   T57] usb 2-1: Manufacturer: syz
[  426.467917][   T57] usb 2-1: SerialNumber: syz
[  426.483753][   T57] usb 2-1: config 0 descriptor??
[  426.501930][   T57] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  426.525791][   T57] usb 2-1: setting power ON
[  426.532785][   T57] dvb-usb: bulk message failed: -22 (2/0)
[  426.542924][   T57] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  426.552959][   T57] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  426.565775][   T57] usb 2-1: media controller created
[  426.606101][   T57] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  426.655218][   T57] usb 2-1: selecting invalid altsetting 6
[  426.667918][   T57] usb 2-1: digital interface selection failed (-22)
[  426.680751][   T57] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  426.699025][   T57] usb 2-1: setting power OFF
[  426.715895][   T57] dvb-usb: bulk message failed: -22 (2/0)
[  426.729974][T10622] dvb-usb: bulk message failed: -22 (3/0)
[  426.737986][T10622] dvb-usb: bulk message failed: -22 (3/0)
[  426.744031][   T57] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  426.776528][   T57] (NULL device *): no alternate interface
[  426.826853][   T57] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  426.862687][   T57] usb 2-1: USB disconnect, device number 34
[  427.204000][T10641] overlayfs: failed to resolve './file1': -2
[  427.323854][T10642] Failed to initialize the IGMP autojoin socket (err -2)
[  428.763465][   T30] audit: type=1400 audit(1759119030.248:625): avc:  denied  { ioctl } for  pid=10658 comm="syz.3.983" path="/dev/usbmon7" dev="devtmpfs" ino=737 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  428.944286][T10667] netlink: 'syz.3.984': attribute type 1 has an invalid length.
[  429.067334][T10667] bond3: entered promiscuous mode
[  429.072657][T10667] 8021q: adding VLAN 0 to HW filter on device bond3
[  429.205604][T10669] overlayfs: failed lookup in lower (newroot/219, name='bus', err=-40): overlapping layers
[  429.602205][T10676] openvswitch: netlink: Invalid VLAN frame
[  429.813959][   T57] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  431.311236][   T30] audit: type=1400 audit(1759119032.858:626): avc:  denied  { write } for  pid=10689 comm="syz.2.988" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  431.552358][   T30] audit: type=1400 audit(1759119032.868:627): avc:  denied  { write } for  pid=10689 comm="syz.2.988" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  431.976742][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  431.987695][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  431.998974][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  432.007068][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  432.017583][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  432.119760][T10709] Failed to initialize the IGMP autojoin socket (err -2)
[  432.485312][T10716] rdma_rxe: rxe_newlink: failed to add ip6gretap0
[  432.653567][   T30] audit: type=1400 audit(1759119034.248:628): avc:  denied  { create } for  pid=10692 comm="syz.4.990" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  432.745554][   T30] audit: type=1400 audit(1759119034.278:629): avc:  denied  { write } for  pid=10692 comm="syz.4.990" path="socket:[30817]" dev="sockfs" ino=30817 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  432.770191][ T5916] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  432.828405][T10694] netlink: 4 bytes leftover after parsing attributes in process `syz.4.990'.
[  433.026867][ T5916] usb 4-1: Using ep0 maxpacket: 8
[  433.043539][ T5916] usb 4-1: unable to get BOS descriptor or descriptor too short
[  433.058560][ T5916] usb 4-1: unable to read config index 0 descriptor/start: -71
[  433.209610][ T5916] usb 4-1: can't read configurations, error -71
[  433.668674][   T30] audit: type=1400 audit(1759119035.258:630): avc:  denied  { ioctl } for  pid=10728 comm="syz.3.994" path="socket:[30920]" dev="sockfs" ino=30920 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  433.721142][   T30] audit: type=1400 audit(1759119035.318:631): avc:  denied  { read } for  pid=10728 comm="syz.3.994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  433.807931][T10733] ptrace attach of "./syz-executor exec"[5844] was attempted by "./syz-executor exec"[10733]
[  433.836994][T10733] netlink: 8 bytes leftover after parsing attributes in process `syz.4.993'.
[  433.850803][T10733] netlink: 8 bytes leftover after parsing attributes in process `syz.4.993'.
[  434.165064][ T5861] Bluetooth: hci4: command tx timeout
[  434.309522][T10709] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  434.330311][T10709] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  434.352765][T10709] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  435.372508][   T30] audit: type=1400 audit(1759119036.918:632): avc:  denied  { accept } for  pid=10747 comm="syz.3.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  435.452970][T10756] netlink: 24 bytes leftover after parsing attributes in process `syz.3.996'.
[  435.992487][T10767] openvswitch: netlink: Invalid VLAN frame
[  436.221291][ T5861] Bluetooth: hci4: command tx timeout
[  436.284135][T10709] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  436.388771][T10709] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  436.455420][T10709] wireguard: wg0: Could not create IPv4 socket
[  436.569294][T10709] wireguard: wg1: Could not create IPv4 socket
[  437.029524][T10709] wireguard: wg2: Could not create IPv4 socket
[  439.080127][   T30] audit: type=1400 audit(1759119040.668:633): avc:  denied  { call } for  pid=10805 comm="syz.1.1010" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  439.101937][T10806] binder: 10805:10806 ioctl c0306201 200000000680 returned -14
[  439.151201][   T30] audit: type=1400 audit(1759119040.698:634): avc:  denied  { transfer } for  pid=10805 comm="syz.1.1010" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  439.263426][T10810] netlink: 'syz.4.1009': attribute type 3 has an invalid length.
[  439.271366][T10810] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1009'.
[  439.282967][T10810] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  439.575244][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  440.321446][T10821] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[10821]
[  440.346012][T10821] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1011'.
[  440.355808][T10821] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1011'.
[  440.450640][    T9] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  440.627054][T10833] fuse: Bad value for 'fd'
[  440.647781][    T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  440.679438][    T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  440.710144][    T9] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  440.750681][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  440.780733][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.856434][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  441.075580][    T9] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -12
[  442.713719][    T9] usb 3-1: USB disconnect, device number 33
[  442.899901][   T30] audit: type=1400 audit(1759119044.488:635): avc:  denied  { map } for  pid=10874 comm="syz.2.1019" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  442.951066][T10875] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1019'.
[  443.310879][   T30] audit: type=1400 audit(1759119044.488:636): avc:  denied  { execute } for  pid=10874 comm="syz.2.1019" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  443.333085][T10882] Failed to initialize the IGMP autojoin socket (err -2)
[  443.889920][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  443.917010][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  443.930970][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  443.951697][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  443.959166][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  444.034437][T10890] Failed to initialize the IGMP autojoin socket (err -2)
[  445.099649][T10910] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  445.519942][T10917] overlayfs: missing 'lowerdir'
[  445.618863][T10917] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  446.051364][ T5856] Bluetooth: hci4: command tx timeout
[  446.404529][T10890] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  446.441682][T10890] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  446.482354][T10890] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  446.487642][T10940] netlink: 'syz.3.1031': attribute type 1 has an invalid length.
[  446.573847][T10940] bond4: entered promiscuous mode
[  446.579113][T10940] 8021q: adding VLAN 0 to HW filter on device bond4
[  446.589202][   T10] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  446.746227][T10946] overlayfs: failed lookup in lower (newroot/235, name='bus', err=-40): overlapping layers
[  447.007944][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  447.037189][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  447.451394][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  447.500599][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  447.552586][   T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  447.580835][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.602957][   T10] usb 2-1: config 0 descriptor??
[  447.670722][ T5916] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  447.801450][   T30] audit: type=1400 audit(1759119049.368:637): avc:  denied  { getopt } for  pid=10957 comm="syz.3.1034" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  447.840714][ T5916] usb 5-1: Using ep0 maxpacket: 32
[  447.849019][T10890] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  447.867291][ T5916] usb 5-1: config 0 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  447.882972][ T5916] usb 5-1: config 0 interface 0 has no altsetting 0
[  447.898338][T10890] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  447.916522][ T5916] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  447.928858][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.939691][T10890] wireguard: wg0: Could not create IPv4 socket
[  447.949447][ T5916] usb 5-1: Product: syz
[  447.956381][T10890] wireguard: wg1: Could not create IPv4 socket
[  447.965793][ T5916] usb 5-1: Manufacturer: syz
[  447.971350][ T5916] usb 5-1: SerialNumber: syz
[  447.978512][T10890] wireguard: wg2: Could not create IPv4 socket
[  447.987618][ T5916] usb 5-1: config 0 descriptor??
[  448.002648][ T5916] gs_usb 5-1:0.0: Required endpoints not found
[  448.037973][   T10] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  448.130760][ T5856] Bluetooth: hci4: command tx timeout
[  449.212998][T10992] overlayfs: missing 'lowerdir'
[  449.235945][T10992] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  449.872233][ T5916] usb 2-1: reset high-speed USB device number 35 using dummy_hcd
[  450.010807][ T5916] usb 2-1: device descriptor read/64, error -32
[  450.058844][T11015] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  450.250752][ T5916] usb 2-1: reset high-speed USB device number 35 using dummy_hcd
[  450.390723][ T5916] usb 2-1: device descriptor read/64, error -32
[  450.498628][   T57] usb 5-1: USB disconnect, device number 34
[  450.640656][ T5916] usb 2-1: reset high-speed USB device number 35 using dummy_hcd
[  450.980862][ T5916] usb 2-1: device descriptor read/8, error -32
[  451.181583][T11036] binder: BINDER_SET_CONTEXT_MGR already set
[  451.187936][T11036] binder: 11035:11036 ioctl 4018620d 2000000002c0 returned -16
[  451.972942][   T92] usb 2-1: USB disconnect, device number 35
[  452.517856][T11056] overlayfs: missing 'lowerdir'
[  452.570492][T11056] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  453.409248][T11072] netlink: 'syz.2.1055': attribute type 9 has an invalid length.
[  453.488046][T11072] netlink: 211988 bytes leftover after parsing attributes in process `syz.2.1055'.
[  454.157333][T11080] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1057'.
[  457.164072][T11151] can0: slcan on ttyS3.
[  457.260934][T11151] can0 (unregistered): slcan off ttyS3.
[  457.852414][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  457.863742][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  457.872083][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  457.881487][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  457.890137][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  457.915111][T11160] Failed to initialize the IGMP autojoin socket (err -2)
[  458.183041][T11168] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1066'.
[  459.006739][T11173] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  459.124167][T11179] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1070'.
[  460.016530][ T5861] Bluetooth: hci4: command tx timeout
[  460.046633][T11199] ptrace attach of "./syz-executor exec"[5850] was attempted by "./syz-executor exec"[11199]
[  460.611223][T11206] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1068'.
[  460.620111][T11206] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1068'.
[  461.071422][    T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  461.254487][    T9] usb 3-1: config 27 has an invalid descriptor of length 48, skipping remainder of the config
[  461.339476][    T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 48, changing to 9
[  461.354416][    T9] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  461.376683][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  461.396900][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.474039][T11219] binder: Bad value for 'max'
[  461.716087][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  461.767470][T11160] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  461.772128][    T9] usb 3-1: invalid MIDI out EP 0
[  461.859396][T11160] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  461.962239][T11160] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  461.987980][T11229] 9pnet_fd: Insufficient options for proto=fd
[  462.052976][ T5861] Bluetooth: hci4: command tx timeout
[  462.122736][    T9] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  463.613769][    T9] usb 3-1: USB disconnect, device number 34
[  463.655483][T11202] delete_channel: no stack
[  463.671504][T11160] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  463.779623][T11160] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  464.131026][ T5861] Bluetooth: hci4: command tx timeout
[  464.382504][T11160] wireguard: wg0: Could not create IPv4 socket
[  464.414499][T11160] wireguard: wg1: Could not create IPv4 socket
[  464.449126][T11160] wireguard: wg2: Could not create IPv4 socket
[  464.539971][   T30] audit: type=1400 audit(1759119066.128:638): avc:  denied  { map } for  pid=11270 comm="syz.1.1084" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[  465.950798][    T9] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  466.019117][T11302] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  466.150756][    T9] usb 2-1: Using ep0 maxpacket: 32
[  466.151984][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  466.152001][    T9] usb 2-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  466.152014][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  466.157282][    T9] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  466.420938][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.420966][    T9] usb 2-1: Product: syz
[  466.421014][    T9] usb 2-1: Manufacturer: syz
[  466.421029][    T9] usb 2-1: SerialNumber: syz
[  466.569320][    T9] usb 2-1: config 0 descriptor??
[  467.029478][   T30] audit: type=1400 audit(1759119068.618:639): avc:  denied  { read } for  pid=11306 comm="syz.3.1091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  467.102718][    T9] gs_usb 2-1:0.0: Couldn't get device config: (err=-32)
[  467.120683][    T9] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -32
[  467.551113][    T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  467.721303][    T9] usb 3-1: Using ep0 maxpacket: 32
[  467.727896][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  467.748979][    T9] usb 3-1: config 0 has no interfaces?
[  467.764978][    T9] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  467.777524][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.787167][    T9] usb 3-1: Product: syz
[  467.792525][    T9] usb 3-1: Manufacturer: syz
[  467.797312][    T9] usb 3-1: SerialNumber: syz
[  467.810050][    T9] usb 3-1: config 0 descriptor??
[  467.964240][T11337] overlayfs: missing 'lowerdir'
[  468.385651][   T57] usb 3-1: USB disconnect, device number 35
[  468.407259][T11344] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  468.446044][T11344] qnx6: wrong signature (magic) in superblock #1.
[  468.461351][T11344] qnx6: unable to read the first superblock
[  468.486938][T11344] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  468.630627][   T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  468.760614][   T10] usb 4-1: device descriptor read/64, error -71
[  469.016861][   T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  469.150924][   T10] usb 4-1: device descriptor read/64, error -71
[  469.270886][   T10] usb usb4-port1: attempt power cycle
[  469.410625][   T57] usb 2-1: USB disconnect, device number 36
[  469.620858][   T10] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  469.647181][   T10] usb 4-1: device descriptor read/8, error -71
[  469.884444][T11414] netlink: 'syz.1.1097': attribute type 1 has an invalid length.
[  469.896579][   T10] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  469.967203][T11416] binder: Bad value for 'max'
[  470.111283][T11417] netlink: 'syz.2.1098': attribute type 3 has an invalid length.
[  470.189232][T11417] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1098'.
[  470.256262][   T10] usb 4-1: device descriptor read/8, error -71
[  470.326454][T11421] overlayfs: failed lookup in lower (newroot/220, name='bus', err=-40): overlapping layers
[  470.451596][   T10] usb usb4-port1: unable to enumerate USB device
[  470.566417][T11417] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  470.704124][T11414] bond4: entered promiscuous mode
[  470.709593][T11414] 8021q: adding VLAN 0 to HW filter on device bond4
[  470.894932][T11431] openvswitch: netlink: Invalid VLAN frame
[  471.533005][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  471.543194][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  471.554119][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  471.564584][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  471.573558][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  471.617244][T11443] Failed to initialize the IGMP autojoin socket (err -2)
[  472.194128][T11467] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  472.259623][T11467] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  473.684959][ T5856] Bluetooth: hci4: command tx timeout
[  473.802591][T11475] syz.3.1104 (11475): drop_caches: 2
[  474.110727][   T10] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  474.216687][    T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  474.260710][   T10] usb 2-1: Using ep0 maxpacket: 16
[  474.267836][   T10] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  474.295875][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  474.330223][   T10] usb 2-1: config 0 has no interface number 0
[  474.348543][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  474.363050][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.382934][   T10] usb 2-1: Product: syz
[  474.388202][   T10] usb 2-1: Manufacturer: syz
[  474.393080][    T9] usb 4-1: Using ep0 maxpacket: 32
[  474.396795][T11443] netdevsim netdevsim0 netdevsim1: renamed from eth2
[  474.409776][   T10] usb 2-1: SerialNumber: syz
[  474.417096][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  474.430186][T11443] netdevsim netdevsim0 netdevsim2: renamed from eth3
[  474.431606][    T9] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  474.463219][   T10] usb 2-1: config 0 descriptor??
[  474.472746][T11443] netdevsim netdevsim0 netdevsim3: renamed from eth4
[  474.480405][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  474.497562][    T9] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  474.517260][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.541070][    T9] usb 4-1: Product: syz
[  474.547637][    T9] usb 4-1: Manufacturer: syz
[  474.567895][    T9] usb 4-1: SerialNumber: syz
[  474.578816][    T9] usb 4-1: config 0 descriptor??
[  474.580676][   T92] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  474.723867][   T10] usb 2-1: Found UVC 0.00 device syz (046d:08d3)
[  474.761917][   T10] usb 2-1: No valid video chain found.
[  474.797673][   T10] usb 2-1: USB disconnect, device number 37
[  474.852176][   T92] usb 3-1: Using ep0 maxpacket: 32
[  474.864472][   T92] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  474.888076][   T92] usb 3-1: config 0 has no interfaces?
[  474.908648][   T92] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  474.920115][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.929977][   T92] usb 3-1: Product: syz
[  474.937517][   T92] usb 3-1: Manufacturer: syz
[  474.945287][   T92] usb 3-1: SerialNumber: syz
[  474.966093][   T92] usb 3-1: config 0 descriptor??
[  475.071733][    T9] gs_usb 4-1:0.0: Couldn't get device config: (err=-32)
[  475.096051][    T9] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -32
[  475.163764][T11443] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  475.563952][    T9] usb 3-1: USB disconnect, device number 36
[  475.640067][T11443] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  475.737557][T11443] wireguard: wg0: Could not create IPv4 socket
[  475.743295][ T5856] Bluetooth: hci4: command tx timeout
[  475.774523][T11443] wireguard: wg1: Could not create IPv4 socket
[  475.807765][T11443] wireguard: wg2: Could not create IPv4 socket
[  476.000209][T11531] openvswitch: netlink: Invalid VLAN frame
[  476.685507][   T30] audit: type=1400 audit(1759119078.278:640): avc:  denied  { getopt } for  pid=11552 comm="syz.1.1117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  476.893724][   T30] audit: type=1400 audit(1759119078.468:641): avc:  denied  { bind } for  pid=11552 comm="syz.1.1117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  477.201690][  T976] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  477.361840][  T976] usb 3-1: Using ep0 maxpacket: 8
[  477.376017][   T92] usb 4-1: USB disconnect, device number 25
[  477.512740][  T976] usb 3-1: New USB device found, idVendor=2040, idProduct=9301, bcdDevice=e4.fb
[  477.562956][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.589868][  T976] usb 3-1: config 0 descriptor??
[  477.625094][  T976] dvb-usb: found a 'Hauppauge WinTV-NOVA-T usb2' in warm state.
[  477.642988][  T976] dvb-usb: bulk message failed: -22 (3/0)
[  477.660838][  T976] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  477.691429][  T976] dvbdev: DVB: registering new adapter (Hauppauge WinTV-NOVA-T usb2)
[  477.717651][  T976] usb 3-1: media controller created
[  477.731096][  T976] dvb-usb: bulk message failed: -22 (5/0)
[  477.747081][  T976] dvb-usb: MAC address reading failed.
[  477.806391][   T30] audit: type=1400 audit(1759119079.398:642): avc:  denied  { ioctl } for  pid=11561 comm="syz.2.1118" path="socket:[33701]" dev="sockfs" ino=33701 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  477.838161][  T976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  477.946560][  T976] dvb-usb: bulk message failed: -22 (6/0)
[  477.982940][  T976] dvb-usb: bulk message failed: -22 (6/0)
[  477.998990][  T976] dvb-usb: no frontend was attached by 'Hauppauge WinTV-NOVA-T usb2'
[  478.053650][T11586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1119'.
[  478.102060][T11586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1119'.
[  478.147870][  T976] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input32
[  478.188388][  T976] dvb-usb: schedule remote query interval to 100 msecs.
[  478.201052][  T976] dvb-usb: Hauppauge WinTV-NOVA-T usb2 successfully initialized and connected.
[  478.231987][T11591] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2567 sclass=netlink_route_socket pid=11591 comm=syz.1.1121
[  478.310686][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  478.316571][   T10] dvb-usb: error while querying for an remote control event.
[  479.234383][  T976] usb 3-1: USB disconnect, device number 37
[  479.408939][T11597] binder: Bad value for 'max'
[  479.742628][  T976] dvb-usb: Hauppauge WinTV-NOVA-T usb2 successfully deinitialized and disconnected.
[  480.113888][T11595] bridge0: entered allmulticast mode
[  480.321931][ T5916] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  480.512828][ T5916] usb 5-1: Using ep0 maxpacket: 32
[  480.519559][ T5916] usb 5-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  480.528810][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.543189][ T5916] usb 5-1: config 0 descriptor??
[  480.552786][ T5916] gspca_main: xirlink-cit-2.14.0 probing 0545:8080
[  480.914771][ T5916] input: xirlink-cit as /devices/platform/dummy_hcd.4/usb5/5-1/input/input33
[  481.011690][ T5916] usb 5-1: USB disconnect, device number 35
[  481.014572][T11609] tmpfs: Unknown parameter 'qfÇ5Þh1_virt_wifi'
[  482.622915][   T30] audit: type=1326 audit(1759119084.218:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf70d8eec9 code=0x7ffc0000
[  482.701091][   T30] audit: type=1326 audit(1759119084.218:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf70d8eec9 code=0x7ffc0000
[  482.794148][   T30] audit: type=1326 audit(1759119084.218:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7fdf70d8eec9 code=0x7ffc0000
[  482.889731][   T30] audit: type=1326 audit(1759119084.218:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf70d8eec9 code=0x7ffc0000
[  483.035315][   T30] audit: type=1326 audit(1759119084.218:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7fdf70d8eec9 code=0x7ffc0000
[  483.194501][   T30] audit: type=1326 audit(1759119084.218:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf70d8eec9 code=0x7ffc0000
[  483.293954][   T30] audit: type=1326 audit(1759119084.218:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdf70d8d710 code=0x7ffc0000
[  483.412646][   T30] audit: type=1326 audit(1759119084.218:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf70d8eec9 code=0x7ffc0000
[  483.494137][T11446] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  483.512550][   T30] audit: type=1326 audit(1759119084.218:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fdf70d8eec9 code=0x7ffc0000
[  483.512606][T11446] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  483.535785][    C0] vkms_vblank_simulate: vblank timer overrun
[  483.592002][   T30] audit: type=1326 audit(1759119084.278:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11673 comm="syz.3.1129" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdf70d8eec9 code=0x0
[  483.592144][T11446] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  483.660426][T11446] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  483.692461][T11446] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  483.763808][T11687] Failed to initialize the IGMP autojoin socket (err -2)
[  483.862027][T11694] fuse: Unknown parameter 'group'
[  484.691220][T11710] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  485.492667][T11446] ==================================================================
[  485.500755][T11446] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x22a/0x240
[  485.509599][T11446] Read of size 8 at addr ffff888056ab2590 by task kworker/u9:0/11446
[  485.517648][T11446] 
[  485.519957][T11446] CPU: 1 UID: 0 PID: 11446 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  485.519977][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  485.519988][T11446] Workqueue: hci2 hci_rx_work
[  485.520010][T11446] Call Trace:
[  485.520016][T11446]  <TASK>
[  485.520023][T11446]  dump_stack_lvl+0x116/0x1f0
[  485.520044][T11446]  print_report+0xcd/0x630
[  485.520061][T11446]  ? __virt_addr_valid+0x81/0x610
[  485.520081][T11446]  ? __phys_addr+0xe8/0x180
[  485.520101][T11446]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  485.520118][T11446]  kasan_report+0xe0/0x110
[  485.520134][T11446]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  485.520153][T11446]  l2cap_sock_new_connection_cb+0x22a/0x240
[  485.520171][T11446]  l2cap_connect_cfm+0x4c7/0xf80
[  485.520190][T11446]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  485.520207][T11446]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  485.520223][T11446]  le_conn_complete_evt+0x1ba3/0x2150
[  485.520240][T11446]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  485.520259][T11446]  ? irqentry_exit+0x3b/0x90
[  485.520276][T11446]  ? lockdep_hardirqs_on+0x7c/0x110
[  485.520295][T11446]  hci_le_conn_complete_evt+0x23c/0x370
[  485.520313][T11446]  hci_le_meta_evt+0x354/0x5e0
[  485.520328][T11446]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  485.520344][T11446]  hci_event_packet+0x685/0x11c0
[  485.520358][T11446]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  485.520374][T11446]  ? __pfx_hci_event_packet+0x10/0x10
[  485.520390][T11446]  ? kcov_remote_start+0x3d9/0x6d0
[  485.520407][T11446]  hci_rx_work+0x2c5/0x16b0
[  485.520426][T11446]  process_one_work+0x9cc/0x1b70
[  485.520445][T11446]  ? __pfx_process_one_work+0x10/0x10
[  485.520462][T11446]  ? assign_work+0x1a0/0x250
[  485.520476][T11446]  worker_thread+0x6c8/0xf10
[  485.520494][T11446]  ? __kthread_parkme+0x19e/0x250
[  485.520514][T11446]  ? __pfx_worker_thread+0x10/0x10
[  485.520531][T11446]  kthread+0x3c2/0x780
[  485.520547][T11446]  ? __pfx_kthread+0x10/0x10
[  485.520562][T11446]  ? rcu_is_watching+0x12/0xc0
[  485.520580][T11446]  ? __pfx_kthread+0x10/0x10
[  485.520593][T11446]  ret_from_fork+0x56a/0x730
[  485.520607][T11446]  ? __pfx_kthread+0x10/0x10
[  485.520621][T11446]  ret_from_fork_asm+0x1a/0x30
[  485.520642][T11446]  </TASK>
[  485.520647][T11446] 
[  485.736501][T11446] Allocated by task 11446:
[  485.740897][T11446]  kasan_save_stack+0x33/0x60
[  485.745557][T11446]  kasan_save_track+0x14/0x30
[  485.750220][T11446]  __kasan_kmalloc+0xaa/0xb0
[  485.754784][T11446]  __kmalloc_noprof+0x223/0x510
[  485.759613][T11446]  sk_prot_alloc+0x1a8/0x2a0
[  485.764188][T11446]  sk_alloc+0x36/0xc20
[  485.768235][T11446]  bt_sock_alloc+0x3b/0x3a0
[  485.772722][T11446]  l2cap_sock_alloc.constprop.0+0x33/0x1d0
[  485.778509][T11446]  l2cap_sock_new_connection_cb+0x101/0x240
[  485.784381][T11446]  l2cap_connect_cfm+0x4c7/0xf80
[  485.789294][T11446]  le_conn_complete_evt+0x1ba3/0x2150
[  485.794642][T11446]  hci_le_conn_complete_evt+0x23c/0x370
[  485.800163][T11446]  hci_le_meta_evt+0x354/0x5e0
[  485.804908][T11446]  hci_event_packet+0x685/0x11c0
[  485.809824][T11446]  hci_rx_work+0x2c5/0x16b0
[  485.814480][T11446]  process_one_work+0x9cc/0x1b70
[  485.819396][T11446]  worker_thread+0x6c8/0xf10
[  485.823961][T11446]  kthread+0x3c2/0x780
[  485.828005][T11446]  ret_from_fork+0x56a/0x730
[  485.832569][T11446]  ret_from_fork_asm+0x1a/0x30
[  485.837315][T11446] 
[  485.839613][T11446] Freed by task 11709:
[  485.843660][T11446]  kasan_save_stack+0x33/0x60
[  485.848314][T11446]  kasan_save_track+0x14/0x30
[  485.852966][T11446]  kasan_save_free_info+0x3b/0x60
[  485.857969][T11446]  __kasan_slab_free+0x60/0x70
[  485.862709][T11446]  kfree+0x2b4/0x4d0
[  485.866586][T11446]  __sk_destruct+0x75f/0x9a0
[  485.871153][T11446]  sk_destruct+0xc2/0xf0
[  485.875378][T11446]  __sk_free+0xf4/0x3e0
[  485.879508][T11446]  sk_free+0x6a/0x90
[  485.883380][T11446]  l2cap_sock_kill+0x171/0x2d0
[  485.888123][T11446]  l2cap_sock_cleanup_listen+0x3d/0x2a0
[  485.893659][T11446]  l2cap_sock_release+0x69/0x250
[  485.898580][T11446]  __sock_release+0xb0/0x270
[  485.903156][T11446]  sock_close+0x1c/0x30
[  485.907302][T11446]  __fput+0x402/0xb70
[  485.911271][T11446]  task_work_run+0x150/0x240
[  485.915866][T11446]  do_exit+0x86f/0x2bf0
[  485.920021][T11446]  do_group_exit+0xd3/0x2a0
[  485.924517][T11446]  get_signal+0x2673/0x26d0
[  485.929005][T11446]  arch_do_signal_or_restart+0x8f/0x7d0
[  485.934538][T11446]  exit_to_user_mode_loop+0x84/0x110
[  485.939805][T11446]  do_syscall_64+0x41c/0x4e0
[  485.944377][T11446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.950247][T11446] 
[  485.952548][T11446] The buggy address belongs to the object at ffff888056ab2000
[  485.952548][T11446]  which belongs to the cache kmalloc-2k of size 2048
[  485.966577][T11446] The buggy address is located 1424 bytes inside of
[  485.966577][T11446]  freed 2048-byte region [ffff888056ab2000, ffff888056ab2800)
[  485.980526][T11446] 
[  485.982828][T11446] The buggy address belongs to the physical page:
[  485.989211][T11446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56ab0
[  485.997959][T11446] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  486.006430][T11446] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  486.013950][T11446] page_type: f5(slab)
[  486.017915][T11446] raw: 00fff00000000040 ffff88801b842000 ffffea0000c56e00 dead000000000002
[  486.026492][T11446] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  486.035056][T11446] head: 00fff00000000040 ffff88801b842000 ffffea0000c56e00 dead000000000002
[  486.043706][T11446] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  486.052358][T11446] head: 00fff00000000003 ffffea00015aac01 00000000ffffffff 00000000ffffffff
[  486.061016][T11446] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  486.069670][T11446] page dumped because: kasan: bad access detected
[  486.076055][T11446] page_owner tracks the page as allocated
[  486.081761][T11446] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5916, tgid 5916 (kworker/1:4), ts 63611270920, free_ts 15338207879
[  486.103006][T11446]  post_alloc_hook+0x1c0/0x230
[  486.107760][T11446]  get_page_from_freelist+0x132b/0x38e0
[  486.113321][T11446]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  486.119189][T11446]  alloc_pages_mpol+0x1fb/0x550
[  486.124023][T11446]  new_slab+0x247/0x330
[  486.128165][T11446]  ___slab_alloc+0xcf2/0x1750
[  486.132821][T11446]  __slab_alloc.constprop.0+0x56/0xb0
[  486.138173][T11446]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[  486.144563][T11446]  kmalloc_reserve+0xef/0x2c0
[  486.149222][T11446]  __alloc_skb+0x166/0x380
[  486.153617][T11446]  mld_newpack.isra.0+0x18e/0xa20
[  486.158623][T11446]  add_grhead+0x299/0x340
[  486.162945][T11446]  add_grec+0x11b5/0x1720
[  486.167256][T11446]  mld_ifc_work+0x41f/0xbf0
[  486.171739][T11446]  process_one_work+0x9cc/0x1b70
[  486.176669][T11446]  worker_thread+0x6c8/0xf10
[  486.181241][T11446] page last free pid 1 tgid 1 stack trace:
[  486.187019][T11446]  __free_frozen_pages+0x7d5/0x10f0
[  486.192202][T11446]  free_contig_range+0x183/0x4b0
[  486.197122][T11446]  destroy_args+0x794/0xc10
[  486.201600][T11446]  debug_vm_pgtable+0x1a32/0x3640
[  486.206600][T11446]  do_one_initcall+0x120/0x6e0
[  486.211351][T11446]  kernel_init_freeable+0x5c2/0x910
[  486.216529][T11446]  kernel_init+0x1c/0x2b0
[  486.220830][T11446]  ret_from_fork+0x56a/0x730
[  486.225394][T11446]  ret_from_fork_asm+0x1a/0x30
[  486.230137][T11446] 
[  486.232437][T11446] Memory state around the buggy address:
[  486.238041][T11446]  ffff888056ab2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  486.246074][T11446]  ffff888056ab2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  486.254113][T11446] >ffff888056ab2580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  486.262147][T11446]                          ^
[  486.266705][T11446]  ffff888056ab2600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  486.274741][T11446]  ffff888056ab2680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  486.282772][T11446] ==================================================================
[  486.303100][ T5856] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  486.313413][ T5856] Bluetooth: hci4: command tx timeout
[  486.319459][T11446] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  486.326646][T11446] CPU: 1 UID: 0 PID: 11446 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  486.336175][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  486.346218][T11446] Workqueue: hci2 hci_rx_work
[  486.350882][T11446] Call Trace:
[  486.354138][T11446]  <TASK>
[  486.357055][T11446]  dump_stack_lvl+0x3d/0x1f0
[  486.361635][T11446]  vpanic+0x6e8/0x7a0
[  486.365607][T11446]  ? __pfx_vpanic+0x10/0x10
[  486.370083][T11446]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  486.376144][T11446]  panic+0xca/0xd0
[  486.379848][T11446]  ? __pfx_panic+0x10/0x10
[  486.384239][T11446]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  486.390294][T11446]  ? preempt_schedule_common+0x44/0xc0
[  486.395744][T11446]  ? preempt_schedule_thunk+0x16/0x30
[  486.401090][T11446]  check_panic_on_warn+0xab/0xb0
[  486.405998][T11446]  end_report+0x107/0x170
[  486.410311][T11446]  kasan_report+0xee/0x110
[  486.414698][T11446]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  486.420746][T11446]  l2cap_sock_new_connection_cb+0x22a/0x240
[  486.426646][T11446]  l2cap_connect_cfm+0x4c7/0xf80
[  486.431571][T11446]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  486.437005][T11446]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  486.442438][T11446]  le_conn_complete_evt+0x1ba3/0x2150
[  486.447784][T11446]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  486.453471][T11446]  ? irqentry_exit+0x3b/0x90
[  486.458034][T11446]  ? lockdep_hardirqs_on+0x7c/0x110
[  486.463203][T11446]  hci_le_conn_complete_evt+0x23c/0x370
[  486.468720][T11446]  hci_le_meta_evt+0x354/0x5e0
[  486.473460][T11446]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  486.479504][T11446]  hci_event_packet+0x685/0x11c0
[  486.484408][T11446]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  486.489662][T11446]  ? __pfx_hci_event_packet+0x10/0x10
[  486.495003][T11446]  ? kcov_remote_start+0x3d9/0x6d0
[  486.500087][T11446]  hci_rx_work+0x2c5/0x16b0
[  486.504564][T11446]  process_one_work+0x9cc/0x1b70
[  486.509475][T11446]  ? __pfx_process_one_work+0x10/0x10
[  486.514817][T11446]  ? assign_work+0x1a0/0x250
[  486.519389][T11446]  worker_thread+0x6c8/0xf10
[  486.523950][T11446]  ? __kthread_parkme+0x19e/0x250
[  486.528946][T11446]  ? __pfx_worker_thread+0x10/0x10
[  486.534025][T11446]  kthread+0x3c2/0x780
[  486.538062][T11446]  ? __pfx_kthread+0x10/0x10
[  486.542632][T11446]  ? rcu_is_watching+0x12/0xc0
[  486.547374][T11446]  ? __pfx_kthread+0x10/0x10
[  486.551931][T11446]  ret_from_fork+0x56a/0x730
[  486.556488][T11446]  ? __pfx_kthread+0x10/0x10
[  486.561056][T11446]  ret_from_fork_asm+0x1a/0x30
[  486.565796][T11446]  </TASK>
[  486.569000][T11446] Kernel Offset: disabled
[  486.573316][T11446] Rebooting in 86400 seconds..