last executing test programs:

7m20.417611338s ago: executing program 4 (id=5):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r2 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x6, 0xd, &(0x7f0000000040), 0x8)
sendmsg$kcm(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80800})
listen(0xffffffffffffffff, 0x5)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2102, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x1}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}, 0x41)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf)
r5 = fcntl$dupfd(r3, 0x0, r3)
ioctl$TCFLSH(r3, 0x400455c8, 0x1)
ioctl$TIOCSETD(r5, 0x5412, &(0x7f0000000140)=0xffffffc0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00')
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

7m5.221781058s ago: executing program 32 (id=5):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r2 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x6, 0xd, &(0x7f0000000040), 0x8)
sendmsg$kcm(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80800})
listen(0xffffffffffffffff, 0x5)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2102, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x1}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}, 0x41)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf)
r5 = fcntl$dupfd(r3, 0x0, r3)
ioctl$TCFLSH(r3, 0x400455c8, 0x1)
ioctl$TIOCSETD(r5, 0x5412, &(0x7f0000000140)=0xffffffc0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00')
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

3m6.556950382s ago: executing program 0 (id=542):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x6, @multicast2, 0x4e22, 0x1, 'wrr\x00', 0x20, 0x1b53, 0xd}, 0x2c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0xb, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003300)=ANY=[@ANYBLOB="3c1100003e00010329bd700000dcdf25030000"], 0x113c}}, 0x8004)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x195)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x0, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r4, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "7817765dc500003d", "c0a9b92b592a8e91a6934cb6b7b18f7a7a6eaa9cbd8ef3b0fbc326100136e976", '\x00', "2a9e833e3c673811"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000240)=@gcm_128={{0x304}, "c8f37a2bb2e81421", "8300fb030000000000000015a46800", "0200", "49e31cc4e09f261f"}, 0x28)

3m1.43089507s ago: executing program 0 (id=553):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$net_dm(&(0x7f0000001140), r2)
sendmsg$NET_DM_CMD_STOP(r2, &(0x7f00000002c0)={0x0, 0x11, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1, 0x70bd25, 0x8001}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000000040)=0x8001)
r5 = getpgid(0x0)
fcntl$setownex(r4, 0xf, &(0x7f0000000140)={0x2, r5})
fcntl$setsig(r4, 0xa, 0x1c)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000380)={0x24, 0x0, 0x0, &(0x7f0000000700)=ANY=[], 0x0}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x1, @local}, 0x10)
connect$inet(r6, &(0x7f0000000280)={0x2, 0x4e20, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x700)

2m58.528683337s ago: executing program 0 (id=559):
fcntl$addseals(0xffffffffffffffff, 0x409, 0xa)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0x0)

2m57.936934642s ago: executing program 0 (id=560):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000340), 0x2)
r2 = memfd_create(0x0, 0x2)
ftruncate(r2, 0xffff)
fcntl$addseals(r2, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={r2, 0x0, 0x0, 0x8000})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_audit(0x10, 0x3, 0x9)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000000), &(0x7f0000000080)=r7}, 0x20)
mount$tmpfs(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x0, &(0x7f0000000500)=ANY=[])
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000040)=0x3)
close_range(r0, 0xffffffffffffffff, 0x0)

2m55.044693465s ago: executing program 0 (id=566):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x48c, 0x0, 0x200}]})

2m53.731907587s ago: executing program 0 (id=569):
r0 = syz_io_uring_setup(0xb14, &(0x7f00000000c0)={0x0, 0x99a3, 0x8001, 0x3, 0x2e1}, &(0x7f0000000000), &(0x7f0000000180))
ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000400)={<r1=>r0, &(0x7f0000000300)='\x00', 0x200800, &(0x7f0000000340)={@_ha_fsid={[0x4, 0x4]}, {0x363a, 0x8, 0x1}}, 0x1, &(0x7f0000000380), &(0x7f00000003c0)=0xd})
ioctl$FE_GET_EVENT(r1, 0x80286f4e, &(0x7f0000000440)={0x0, {0x0, 0x0, @qam}})
io_uring_setup(0x68b1, &(0x7f0000000240)={0x0, 0x17a2, 0x10})
openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095000000000000004495e980d4ab43a654dbda1289491fde9751ca443daaa97c18e213"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="44000000100001010000000000008000be7e8533", @ANYRES32=0x0, @ANYBLOB="00000000042004001c002b8008000800", @ANYRES32=r3, @ANYBLOB="080003001900000008000100", @ANYRES32=r4, @ANYBLOB="08001b"], 0x44}}, 0x20000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000700), 0x0, 0x40400)
ioctl$BLKSECDISCARD(r5, 0x127d, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
syz_open_dev$evdev(0x0, 0x5, 0x1ef082)
socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB='t\x00\x00\x00\n'], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x800)
r7 = socket$netlink(0x10, 0x3, 0xc)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2m38.648103505s ago: executing program 33 (id=569):
r0 = syz_io_uring_setup(0xb14, &(0x7f00000000c0)={0x0, 0x99a3, 0x8001, 0x3, 0x2e1}, &(0x7f0000000000), &(0x7f0000000180))
ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000400)={<r1=>r0, &(0x7f0000000300)='\x00', 0x200800, &(0x7f0000000340)={@_ha_fsid={[0x4, 0x4]}, {0x363a, 0x8, 0x1}}, 0x1, &(0x7f0000000380), &(0x7f00000003c0)=0xd})
ioctl$FE_GET_EVENT(r1, 0x80286f4e, &(0x7f0000000440)={0x0, {0x0, 0x0, @qam}})
io_uring_setup(0x68b1, &(0x7f0000000240)={0x0, 0x17a2, 0x10})
openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095000000000000004495e980d4ab43a654dbda1289491fde9751ca443daaa97c18e213"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="44000000100001010000000000008000be7e8533", @ANYRES32=0x0, @ANYBLOB="00000000042004001c002b8008000800", @ANYRES32=r3, @ANYBLOB="080003001900000008000100", @ANYRES32=r4, @ANYBLOB="08001b"], 0x44}}, 0x20000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000700), 0x0, 0x40400)
ioctl$BLKSECDISCARD(r5, 0x127d, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
syz_open_dev$evdev(0x0, 0x5, 0x1ef082)
socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB='t\x00\x00\x00\n'], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x800)
r7 = socket$netlink(0x10, 0x3, 0xc)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)

48.722392693s ago: executing program 5 (id=878):
syz_emit_ethernet(0x0, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0)
close(0x3)
openat$procfs(0xffffffffffffff9c, &(0x7f00000011c0)='/proc/cpuinfo\x00', 0x0, 0x0)
file_setattr(r4, 0x0, &(0x7f0000000080)={0x88, 0xd9, 0x3, 0xb, 0x57519bea}, 0x18, 0x1000)
r5 = socket$kcm(0x1e, 0x5, 0x0)
sendmsg$kcm(r5, &(0x7f0000000580)={&(0x7f0000000300)=@ethernet={0x6, @broadcast}, 0x80, 0x0, 0x0, &(0x7f0000000340)=ANY=[], 0x220}, 0x0)
recvmsg$kcm(r5, &(0x7f0000001740)={0x0, 0x0, 0x0}, 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x2)
capset(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r6, &(0x7f0000000040), 0xc)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="300000004000071efeffffff00000000017c0000040042801400018010000400cab1893a20b8d2a93521800a04000280141511b5250edf7fed8a42dd8103d02b0e42800c3c9ed0177a7ebc4675544401f81bfb004ad7fbc3a82b84720e6654737ec5ae7908c2761c1db2c622ba62a5a3f015896d9f03756a6c71304e4b3ddea352da5e875d91d63a00521891a45ef4d5d16aa6adf58d174977ca0589d3da2bb1eadb663247"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
connect$qrtr(r6, &(0x7f0000000040)={0x2a, 0x0, 0xfffffffe}, 0xc)

47.59796175s ago: executing program 5 (id=882):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0x0, 0x3}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffffb}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x2)
io_setup(0x7, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000b40)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x8655, 0xffffffffffffffff, 0x0}])
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
mremap(&(0x7f00004d6000/0x3000)=nil, 0x3000, 0x3000, 0x0, &(0x7f000056c000/0x3000)=nil)
sendmsg$nl_xfrm(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000ac141436000000000000000000000000000000000000000000010000000000000000000000000000fdffffffffffffff000000000000000000000000000000000000000000000000e300000000000000fdffffffffffffff0300000000000000004000080000000000000000010000000000000000000000020000002dbd7000000000000a000040cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000027bd7000000000002abd700028bd700000000000155b1731c2f031295163458f8cae6f"], 0x154}}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r6)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, r7, 0x533, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xc081}, 0x4000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)

46.602693182s ago: executing program 5 (id=885):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e21, @loopback}}, 0x0, 0x0, 0x24, 0x0, "e83ae75240c2d6d8ec87bb53fab0910000000000000007a5922406b64cddaeb9d339ba3c35dc0a08df8e61740b7cf2d4e499d58654a4cf0fa0ce1f830c3079cffcfd00"}, 0xd8)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0x0)

46.313125481s ago: executing program 5 (id=887):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
r1 = open(&(0x7f00000002c0)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x14a)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x2010})
ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000080)={0xf0f041})
renameat(r1, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0x1, 0x51, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f00003ab000/0x4000)=nil, 0x4000, 0x6)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d0000090582020000000000090503"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x4008c002, 0x0)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0x30, r7, 0x1, 0xea, 0x25dfdbfd, {{}, {0x0, 0x3}, {0x14}}}, 0x30}, 0x1, 0x0, 0x0, 0x4004018}, 0x0)

43.161161097s ago: executing program 5 (id=897):
ptrace$ARCH_SHSTK_DISABLE(0x1e, 0xffffffffffffffff, 0x0, 0x5002) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) (rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.time\x00', 0x275a, 0x0) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x24}}, 0x0) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x30, r7, 0x5, 0x0, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000100)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x101, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x0, 0x0, 0x1, 0x0, 0x1, 0x8, 0x1}}}, 0x38) (async)
syz_80211_inject_frame(0x0, 0x0, 0x0) (async)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_OPER(r9, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x20, r10, 0x1, 0x0, 0x0, {{0x8}, {@void, @val={0xc, 0x99, {0x1}}}}}, 0x20}}, 0x0) (async, rerun: 32)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09) (async, rerun: 32)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673c35d]}}) (async)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) (async, rerun: 32)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x3c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}, @NFQA_CFG_QUEUE_MAXLEN={0x36, 0x3, 0x1, 0x0, 0xffff}, @NFQA_CFG_QUEUE_MAXLEN={0xffffffffffffffb2, 0x3, 0x1, 0x0, 0xffffff7f}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x1}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x10}]}, 0x3c}}, 0x4090) (rerun: 32)

42.535021716s ago: executing program 5 (id=900):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000000738af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)

42.0627237s ago: executing program 34 (id=900):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000000000738af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)

15.025554169s ago: executing program 2 (id=969):
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f0000000080)={'filter\x00', 0x0, 0x0, 0x0, [0x101, 0xa2, 0x7, 0xc, 0x7, 0x4]}, &(0x7f0000000000)=0x78)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0)

15.01732124s ago: executing program 6 (id=970):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0xc00)
ioctl$VIDIOC_G_SELECTION(r5, 0xc040565e, &(0x7f0000000380)={0x2, 0x1, 0x7, {0x80000004, 0x7, 0x2, 0x8000001}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x48c, 0x0, 0x200}]})
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_usb_connect(0x3, 0x8c6, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201500236e47e2082055c2955d4010203010902b408048006a00309047f0e01ff2dde"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0})

14.573290142s ago: executing program 2 (id=973):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
r1 = syz_clone(0x4820000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000001c0)=@assoc_value={0x0, 0x6}, 0x8)
r3 = syz_pidfd_open(r1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x11, 0x200000000000002, 0x300)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000008c0)=0x22)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$FITRIM(r3, 0xff0a, 0x0)

12.096544837s ago: executing program 2 (id=978):
syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x400, 0x0, 0x4000}, &(0x7f0000000340)=<r0=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000040)=0x8, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}})
ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000080))
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000180)={0x8, 0x10000000, 0x0, 'queue0\x00'})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r3, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r4, r3, 0x0, 0x578410eb)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

11.597677177s ago: executing program 6 (id=979):
r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsmount(r2, 0x1, 0x8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000775)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000006f000000000000000004000000bb7f1a006600feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f00000005c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x4c)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

11.351557847s ago: executing program 3 (id=980):
r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsmount(r2, 0x1, 0x8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000775)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000006f000000000000000004000000bb7f1a006600feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f00000005c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x4c)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

10.342631674s ago: executing program 6 (id=982):
r0 = socket(0x80000000000000a, 0x2, 0x0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={<r4=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000001c0)=@req3={0x1, 0x3, 0x47, 0x100, 0x1, 0x3, 0x5}, 0x1c)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)
r5 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'team0\x00'})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000840)={r4, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, r6, 0x800, 0x70bd2a, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4008050)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x30, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x80)

9.841391899s ago: executing program 3 (id=983):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000680)={0x0, 0xa9f3, 0x400, 0x3, 0x287}, &(0x7f00000004c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x4c, r4, 0xd55319eec59dfa33, 0xfffffffd, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x0, 0x67}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'caif0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}]]}, 0x4c}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1, {0x0, r6}})
r7 = syz_io_uring_setup(0x7dc9, &(0x7f0000000340)={0x0, 0xa12d, 0x10100, 0xfffffff8, 0x234, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000000)=<r8=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
poll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x400}], 0x1, 0xfffffffa)
syz_io_uring_submit(0x0, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r7, 0x184c, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r1, 0x40f9, 0x217, 0xa5, 0x0, 0xf5)

8.855481971s ago: executing program 3 (id=987):
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
ftruncate(0xffffffffffffffff, 0xffff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed, 0x7ff}, 0xe)

8.64741836s ago: executing program 1 (id=988):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
r1 = syz_clone(0x4820000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000001c0)=@assoc_value={0x0, 0x6}, 0x8)
r3 = syz_pidfd_open(r1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x11, 0x200000000000002, 0x300)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000008c0)=0x22)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
ioctl$FITRIM(r3, 0xff0a, 0x0)

8.482889573s ago: executing program 1 (id=989):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x28300, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x42)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r1, 0x6b, 0x3, &(0x7f0000000000)=0x5, 0x4)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @multicast})
write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="000386dd0a00100014004000000060ec970200140400fb8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='efs\x00', 0x200000, 0x0)
r4 = io_uring_setup(0x265b, &(0x7f0000000100)={0x0, 0xe8e2, 0x1, 0x1fffe, 0x200002c6})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000400)=[{0x0}], 0x1)
pipe2(&(0x7f0000000000)={0x0, <r5=>0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r6, 0x0, 0xffffffffffffffff, 0x0, 0x8000f28, 0x8)
read$FUSE(0xffffffffffffffff, &(0x7f0000000300)={0x2020}, 0x2020)
close_range(r5, 0xffffffffffffffff, 0x0)
r7 = io_uring_setup(0x407d, &(0x7f0000000500)={0x0, 0x3fbe, 0x800, 0x20000001, 0xef, 0x0, r4})
io_uring_register$IORING_REGISTER_FILES(r7, 0x1e, &(0x7f0000000280)=[r4], 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@deltaction={0x138, 0x31, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@TCA_ACT_TAB={0x54, 0x1, [{0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}, @TCA_ACT_TAB={0x58, 0x1, [{0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x73b3}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @TCA_ACT_TAB={0x68, 0x1, [{0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x401}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x14, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7f}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0x9)

8.394513322s ago: executing program 2 (id=990):
r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsmount(r2, 0x1, 0x8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000775)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000006f000000000000000004000000bb7f1a006600feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f00000005c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x4c)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

7.396069208s ago: executing program 1 (id=992):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
syz_usb_disconnect(r0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xff, 0x7fff0000}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0)
request_key(&(0x7f00000010c0)='dns_resolver\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r5, &(0x7f0000000300)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000b00)="86cf8445f4ba1d9f20174688f169e58c", 0x10)
io_uring_enter(0xffffffffffffffff, 0x14ef, 0x5f72, 0x48, &(0x7f0000000040)={[0x2]}, 0x8)
close_range(r1, 0xffffffffffffffff, 0x0)

7.357450268s ago: executing program 2 (id=993):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
syz_usb_disconnect(r0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xff, 0x7fff0000}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0)
request_key(&(0x7f00000010c0)='dns_resolver\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r4, &(0x7f0000000300)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000b00)="86cf8445f4ba1d9f20174688f169e58c", 0x10)
io_uring_enter(0xffffffffffffffff, 0x14ef, 0x5f72, 0x48, &(0x7f0000000040)={[0x2]}, 0x8)
close_range(r1, 0xffffffffffffffff, 0x0)

7.221428702s ago: executing program 6 (id=994):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x6, @multicast2, 0x4e22, 0x1, 'wrr\x00', 0x20, 0x1b53, 0xd}, 0x2c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0xb, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003300)=ANY=[@ANYBLOB="3c1100003e00010329bd700000dcdf25030000"], 0x113c}}, 0x8004)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
mkdirat(0xffffffffffffff9c, 0x0, 0x195)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "7817765dc500003d", "c0a9b92b592a8e91a6934cb6b7b18f7a7a6eaa9cbd8ef3b0fbc326100136e976", '\x00', "2a9e833e3c673811"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000240)=@gcm_128={{0x304}, "c8f37a2bb2e81421", "8300fb030000000000000015a46800", "0200", "49e31cc4e09f261f"}, 0x28)

5.847515615s ago: executing program 7 (id=996):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="600000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500feffff7f08001240000000000500050002000000050004000000000014000300686173683a69702c706f72742c6970"], 0x60}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0xfe800000, 0x0, 0x20040001}, 0x80c0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="18dd0000200000000000f4ffffffffff9400000000000000778e53ed95879e8ec80089bc1ded8e03c100000000a762c1a0f4bc913849"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=0x1, @ANYBLOB='.'], 0x20)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000200))
ioctl$SG_IO(r5, 0x2285, 0x0)
writev(r5, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a66000000000000000000bbee07cb010052f436dd2a00"/42, 0x2a}, {&(0x7f0000000040)="aa1d484ea0000000f747082f52a9d212fad09cdb0e8f", 0x16}], 0x2)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000500)={0x2, 0x0, @ioapic={0x10000, 0xffffffff, 0x601, 0x380000, 0x0, [{0x7, 0x10, 0xff, '\x00', 0x38}, {0x4, 0xfc, 0x7c, '\x00', 0x31}, {0x5, 0xb3, 0x1, '\x00', 0xd}, {0x5, 0x1, 0x10, '\x00', 0x6}, {0x5, 0x7f, 0x6, '\x00', 0x9}, {0x7, 0x80, 0x0, '\x00', 0x6}, {0xc, 0xa, 0xfd, '\x00', 0x45}, {0x52, 0x9, 0x7, '\x00', 0x5}, {0x5, 0x2, 0x73, '\x00', 0xff}, {0x1, 0xb6, 0x9, '\x00', 0x80}, {0x6, 0x8, 0xa0, '\x00', 0x1}, {0x1, 0x1, 0x7, '\x00', 0x4}, {0x88, 0xc, 0x5, '\x00', 0x6}, {0xd, 0x10, 0x8c, '\x00', 0x4}, {0x0, 0xc2, 0x7, '\x00', 0x1}, {0x8, 0x2, 0xfa, '\x00', 0x2}, {0x7, 0x6, 0x8, '\x00', 0x5}, {0x9, 0x0, 0xfa, '\x00', 0x5}, {0x1, 0x3, 0x6, '\x00', 0x6}, {0xf8, 0x8, 0xa, '\x00', 0xf8}, {0x8, 0x1, 0xcc, '\x00', 0xf7}, {0x0, 0x6, 0xfe, '\x00', 0xa}, {0xff, 0x0, 0x3, '\x00', 0x7}, {0x5, 0xe, 0x4, '\x00', 0xff}]}})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

5.656250109s ago: executing program 3 (id=997):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="080000000400000004001000f6ff", @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000c40)=ANY=[@ANYBLOB="180900000000000000000000e700000018120000cd3d7ad4961afb4458beb57650b46358d164ed36ef6eec9dc5c5bebfa8cda96fb2981a24da14be3b5e04758a8025e512fcebbcd7f122981c3e142c5d14727786d31ecc26ffe2745a467750f6e50f0a25d13c7b805a80e12e1c7976546c823f8f5cef54d590b966e4f8f0e7b0283963b5995b0f25a088a845dc3a3d02872411b27ca039ffdc1f9b7ef89b471627c62542890fa743f3e273eb53ef0166651a36d32c53a9aa847637ab615a15b7936298df407cb81a18d2c5f3b1fcd803662db5edbee03c2722ce8addb0e7d7225df4fe15b8b2b94bc7e2c46681bd7353f5b31e2676e4c72923e7c0e5e9a365777354ef1f6c228f5049db595f782f216cfb82f9a0bb5974b4aa", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000070000008500000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$FE_SET_PROPERTY(0xffffffffffffffff, 0x40106f52, &(0x7f0000000040)={0x3b, &(0x7f0000000200)=[{0x20, '\x00', @buffer={"785f629b000bc36e4c47ceeef4e988279ccb9ce37f092b150598374457bf103b", 0x20}, 0x9}]})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="4000000018"], 0x40}], 0x1, 0x0, 0x0, 0x40065}, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="140000000000000029000000340000000400000000000000680000000000000029000000040000000409000000000000fe2bf4e12b9826287997a6b33d89f3d60da1641d9fe3896c421b6c130ef4f01be8f5836d41787454800809e12e5f0b6bdcf705020bf4c910fc020000000000000000000000000000000000140000000000000029000000340000000000000000000000300000000000000029000000360000005e02"], 0xc8}}], 0x1, 0x810)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001740)=[{{&(0x7f0000000480)={0xa, 0x4e23, 0x0, @rand_addr=' \x01\x00'}, 0x1c, 0x0}}], 0x1, 0x24088804)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)=[{{&(0x7f0000000280)={0xa, 0x4e20, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000600)}, {&(0x7f0000002840)="33db2a1949865d5bb1c5bfb13ffb96a1cdad02489f447c9f6e61ae185cf1962c0bee82f04dfd646365d75c057a118bea734fb3f7e5bd047d4c32bf72ead3fa9aca6aeb1cc044533c24edc3e8ec198203ec244cb6b2b79bedc3a8a74e17e85b4c32c0819c4c77dcc823cb4fa659cffc6e8348b875e177f03f4378da4b36ac7df34de2f67398e62f3708bb83c1b0f505aaa85a3422cf0a710a03415896a50197b4a0624542e33fdad43547a88b0fc5d26804a2c8f54e65fbeaae715fbba862f15688e80655f3890ac49ca3ccb40cb2dd711b88d4480d20c760f12c23568c8b5fe181abc11d1f2ab914f875ba85f8355c9d248deef68e71555867160c0161a078f42d6778ee2bcc3015ccb433ff9022b312b620c18e4f4b3824d186e3051adf3a6e0332222108e63f6eda5a1517ee3765ae0677f165fde798d1917a2583aa4b52e67438cf61f0cadd336edf8b5f132d54f4ca42b3d8d39ccba6293913d4f233f29af17bcf049306e43f99ad7c321bacbfa17c2e8d8269e42c5390e279a1a1370c15bec875beb8542823f5ab28abb5d48fd5662bbf3516ef63120e56fffe7d1e86748b788f80ef4deaaaeb0815d8fa04bdd351a00618ff45c64a886de5a7b51408a1d53ce8d4d7c2891492e10d1de29d4e0ef564a859500f97048c1a0b319e1305c1f228882d02a227dea730ce09b1200813bfbf6750800d1bd8d2c264ac6063d4b0fb4cb42c1924a6fac095d848450a00dcc6a827b9d0bcc0131ff3da234568d469f1246848b71bd3dfbe767de19ffe542a0a37317d84bfc63c9449a4cc04446c859f972b77188eb5b7517540b70c5a0701c78ca108c09aadd28a91278cb6633d88cff45cfd5e30f87d6be9eb53cf89d5c047f3c36f490fa652a148c5d824b2d9cb8ffe1edb80cd48922aede8f3b22d21806572bf5b7bbcd27555b41e137eb06e5a3f514780796a2c8700d13eeb1800227298d82e42388a3aad5293562cc05650ef93d23d5290dc0de915d8143f76b2838cea8db2ca4cc802cd8d6d2c43c95f919bf0ebd7403f8047a0c010dcbc26a4bead1b274b573773ad2a2000c7730b49d5a97505024b905be151207a4d737233ccd853c4420391150e546b205181aa376088c5ccfe1b42da805cb6eca7e7d622daeff2c66d75697f7cc50ce2cc096cfedfd5d6cc5551a83dd3beb24ecf9c0160e190138e8eb9e86de71ccd5d76a258844e34683f7accd5f0b07a87be90b7ae6976f4a89183ab489754c9034eee063309f8d8f36914cc56887e80acb660b40f8960df4280641cc2199fd90d4f71923f041396b834d3af2558f04055e1133140d3a4399cf32a1a1d441056c114a5311f0a9a13ee68ddc1481ccad45bcec671d980f8cc1e2155a637bd2f9dcc8f7ab57683c841545f4c6a1e75ebf778b518e2185935f7c6b020ee30a29355f6bf0e5adaac184a25aba83aa5221d983235d8c277c81c26497c1d019056a56abf062203887bd4a1143b991ac51b2aa136793e331ef84556ec6d254e2adadf0d77c21d46fadbe3cd187bf36f18905e24f6dbeb7e2a75119f943d1cd55ec316a58116fb2f00d511ddddc7baa8dd8e67a7b2a6a5bcac586115dd8ff84a899503d06d62e1d51f82d2681811da3ac71c76133f81308e048734030f24e6988b1cc512c9518365f87c0f00776ef77cab78d0f04f4d077dec4705da22593d934ad32b7bd17c6dc9957d5b742ef8f0894b15c27c3fac6775bbf4cbe107b1d726d1ef6f6b1d20a7ea23b34b87cb3dfcd5747f4f598bb4832de298032db313bbc727f1ea41ac96c8979387b375490e3199585d2a932734ab265afc1fb12253ede0c5dfcf702c88619919c8b8aff987ceaddd9e40bb43d34599b50b07bf2fc605e5e2c8e8b70e63bc0893af943641c3ae65cf717aa01d537e44eab989fff563d22be3c6ba7e25bd4ef6c8001e87a59788ac3140143620cf8a6e62cdad64a11fca4bbdece3d3c8032850f40de027e2dbaa3b250af2babc1549b8f8fa72c52e868743ba43e183f50c8b9d8ce45d0acf64758fd65edb776199ee84c6da0d228e0627e0ea92949e4dc6ef5f023b7c6e1a9d261384fa4db33962341c330b710405b1a339209fdfc6cb2eb29a7fb3ccbe4a1c7e2daf4f6f1c227ed4b77384938d082f59bfee13585ca9fc46c232f62ebb6287c3e02018313f22c0c8096a37c1506873294ede68b3eba8cc66ca31f40f0d19ff1536fd8fb42b3ff2fa3b191194d6d04e2d056b0c3c0c4abd88bc1c7e4c5b1e7b31245acebf616d2746d461c8a75ae762b2df0862c7705f2cad59f00303afaa9d9e774d005eecb3fe80c5bee4266703c2981803d7aad43c42d312e9376fc2a03b3a9067e88e1a4c063646493a63cc95082ad51505176a7dda5b4493dbc78a4021f6a0d31868d75ee08bb6129e84f247eb3ad352ec045c8d5dc8ee5ad7b7eae948ae056f523a4745f3839cb763505afe12e8b0a988caba151b38549e06738a15dfec6a5597b31f47fbbcb622b4b6dce331b50a4a7561396da5e3cd3383840afc00ac0537bf03a8aab179330a38d15115a01b0db44c9302bc908a5d86c5acef4859fc7464a0e4f2970f4221bffdd617bff126e6256cfbd24be7dc1eee65996013cd23a184ba66c7c0cdeb6b551fab006fda43591645106cf836bed95c143df06918fc0a3c32f6eea50a5208550fb42503987e64571d718b751597998d76941feed27076b64492eea782db891df0f69e89a6211d584f9f9c7d090ec9f6dd70a590436dfa4790a534bdfc1f46fd1ddbbcee124cd9668d968d95add753b630262989cf986b146722242b17cb2bbb083b590ab4946cf25326024a6d4377a9988a3335a84e0eba9c4287cf5fd3304e11cba1119c22a6ae371aa82cd398499a80be864159c08b6925ecc3d25b2aa9a841a5131123e09697cc5e516e9a117b6e86a6ebee3bb39f0801ffcc65f1acbd69f8cab1a1ec921d144366af2049aac2d58cbc20333d1fd63695891d50209e50a281f3a1906d8d12b5dd1610c307901d6283db0e8833bb63714785332cc03f28111d64a6649267da73ef1d9ebb0bd584fd651cce2518ce7bf40c48b07d6f50b1aa224d656d1cd8db83f250ddac303ff8076a4c151abacb7ceb18b10cc3c3de6f929d3858074223765d0e0005606b550f4a00cc855a8d8a99dac57a4a8b15729638dd982aec22e79c42bf3b5f67fe2ab4632acadc954444fb54806d730880b48cb10d641f3b607e6413d106c0622ba4670c169c0bc3073cf6bf160e7989b78aaae81e7306727c2d13776d827a209a4a84805f2b8f5bbf2950e9d213a344f236c9dfbfe0a4fed7eb5d27d3bb15e89d454bc3dc83df918e57e8b4c763aeabdd00cd768b69a052e848694b97cef6c333eed2d3278cefa13c73c4d1b886c1c23c3a9a5533d4f0aea3416fb0054a42c3b61ec6eebd0cadff6106cc7b58e2b5aefd2d9482d37cdbc04cfff4e8efde9397598d3f164483613391be5d96eab911ab979c9418b26abcf05d14e1c1fc84a943829d3a84d08ea171034c60a953fca50fb373aa1ffe26cf1ed8f1e2b64b50f05f22af000ccdfc87fc5d999ee0d5ade3e1438747a55ac95482b6619c4bf41dea7d164aaa6922b2f563a95ac5f4b906c3bc8172a184e7d28a1e10e0a38455a4a326610b41da0e48fcd60be7417b9a92ad92ecc6068dbcb93543f02c1ca310d45d118869e06169f2164d4ce5a6f96a5b8b75bbcd945c8f7e947cb435051fcf6f8f8244269b4d3412aaf91374b18f385ba052eedd9613793a9d1382d30b912f0af55bd3b7a821fb1fc32c62434970afd2af33707487beb86fae9a927e1a10e20803ff58bf02213ff4b019df223589710d2fb436a930c009e513cec0a3733badfb7c183bb4fe18f3c1f3efabc18629462fb16a82aaae57e976f233d8debf50c6f2b7b1e53870103bcd4ce8ed53e5effffccd5fb0d45a235a326aa3d4381d9031b25913203b8eb2f170e30f4e324db5fd01e0ae5b86dd48a27aba37871fb7d3f4be672f1191bca2516d2c17a9aaba68ffa02fb999f7441e7238341fbea72a00b7f9f9acbca02a3157984f7a88ec809c1083dddec5151bedc6892d77cbb0f878ff2bbdb61922daaaf99a419bb9aaf41c2e49f9470dee0fbac03b84272626eb1e11b37b3b9d735df63f08965d3cd2bcdda5d34fe7919c976702a01d9a18bf6b1d2cc5ba4d78bb38634198003cf17a33e17391b3e0ff25368e8adf469861496dcd5868d163a2087c584df9874f4185752cc16ebdb852d60932ece37096301a718b7489f3688848996b649775533aa55918327ca1b5de7abb448c178d98e7e13cd4ce939326edefeb9ea6bb65fb6131cf0749425df1afb553411dad6041232ff4493aa644624b960badd643ebbd84e7c80bcf9acd1aa3bcb0bac9208b05098c6005b8efff52699a04111bf93591b95c8800ad9adb3c33044684fbac1b05db253874b9fb00f428707e3da0bbedd7d290a4b17ec3e73f28bba6c27d83b8517b5c2e4ac0d26f5a524ec91d02bd118f0e68a286b1bf456702a3001ab0754c87895976ccb202e4d75171fe005a18ed6a7fbeb9d678b73a751a0d18c7e2d615b572f79902510213f7079a736ba035d9590c12d9a628f8babf40391cf592eb0c0a224d16a436b6c99170faf80551b010d2da7a8a215d23bc63dd100752da133107d255b53c20357bf975e19bfa383d316cbb1c6bade2fd47cacf1eb0f484b98a269ed56c7c", 0xd15}], 0x2, &(0x7f0000000340)}}], 0x1, 0x4000081)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90", 0xf53}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.289432934s ago: executing program 7 (id=998):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ptrace(0x10, r0)
ptrace$peekuser(0x3, r0, 0x2000000000088)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x80101, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMRRU(r3, 0x4004743b, &(0x7f0000000780)=0x9a0)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[], 0x1c)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="7f454c466000002ed8e4f97765ce27b90300060000000000000000b738000000000035f4c38422a3bc8220000500000004020300b300000000002a002400b3d7c52ebf31a8d5c8c3c6cb00000009e500d5ffffff05ffffff03"], 0xd8)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ioctl$PPPIOCSFLAGS1(r4, 0x4004743a, &(0x7f0000000300))
ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000001f00))
sendmmsg(r2, &(0x7f0000007180)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000025c0)="3dbc77b7b3ff", 0x6}], 0x1}}], 0x1, 0x10014)

4.128639989s ago: executing program 3 (id=999):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x6, @multicast2, 0x4e22, 0x1, 'wrr\x00', 0x20, 0x1b53, 0xd}, 0x2c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0xb, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003300)=ANY=[@ANYBLOB="3c1100003e00010329bd700000dcdf25030000"], 0x113c}}, 0x8004)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
mkdirat(0xffffffffffffff9c, 0x0, 0x195)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x0, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r4, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "7817765dc500003d", "c0a9b92b592a8e91a6934cb6b7b18f7a7a6eaa9cbd8ef3b0fbc326100136e976", '\x00', "2a9e833e3c673811"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000240)=@gcm_128={{0x304}, "c8f37a2bb2e81421", "8300fb030000000000000015a46800", "0200", "49e31cc4e09f261f"}, 0x28)

4.07872751s ago: executing program 7 (id=1000):
r0 = socket$kcm(0x2, 0x3, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x1e, 0x1, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x4}}}]}]}], {0x14}}, 0x6c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f0000000380)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)="fbd2b9ed29d8974a6ce75f08916ac3b4da11bc1a", 0xffeb}], 0x1}, 0x0)

4.02387844s ago: executing program 2 (id=1001):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x6, @multicast2, 0x4e22, 0x1, 'wrr\x00', 0x20, 0x1b53, 0xd}, 0x2c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0xb, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0xa6, &(0x7f0000000000)={&(0x7f0000003300)=ANY=[@ANYBLOB="3c1100003e00010329bd700000dcdf25030000"], 0x113c}}, 0x8004)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r3)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSETAW(r4, 0x5407, &(0x7f0000000040)={0x6, 0x7, 0x9, 0x0, 0x1, "100056f200"})
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000000)=0x8004)
openat$ttyS3(0xffffff9c, &(0x7f0000000140), 0x20040, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000240)=@raw={0xfe, 0x6, "00fcffffff00"})
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f00007df000/0x2000)=nil, 0x2000, 0x3000008, 0x30, 0xffffffffffffffff, 0xfdbd9000)

3.890313324s ago: executing program 1 (id=1002):
r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsmount(r2, 0x1, 0x8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000775)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000006f000000000000000004000000bb7f1a006600feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f00000005c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x4c)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, 0x17, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x8094)

3.831485985s ago: executing program 7 (id=1003):
syz_emit_ethernet(0x0, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0)
close(0x3)
openat$procfs(0xffffffffffffff9c, &(0x7f00000011c0)='/proc/cpuinfo\x00', 0x0, 0x0)
file_setattr(r4, 0x0, &(0x7f0000000080)={0x88, 0xd9, 0x3, 0xb, 0x57519bea}, 0x18, 0x1000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)=@ethernet={0x6, @broadcast}, 0x80, 0x0, 0x0, &(0x7f0000000340)=ANY=[], 0x220}, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, 0x0}, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x2)
capset(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000040), 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="300000004000071efeffffff00000000017c0000040042801400018010000400cab1893a20b8d2a93521800a04000280141511b5250edf7fed8a42dd8103d02b0e42800c3c9ed0177a7ebc4675544401f81bfb004ad7fbc3a82b84720e6654737ec5ae7908c2761c1db2c622ba62a5a3f015896d9f03756a6c71304e4b3ddea352da5e875d91d63a00521891a45ef4d5d16aa6adf58d174977ca0589d3da2bb1eadb663247"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0x0, 0xfffffffe}, 0xc)

3.69312253s ago: executing program 6 (id=1004):
r0 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0x80003125, 0x3cd0, 0x4004, 0x181})
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4000080)
io_uring_register$IORING_REGISTER_FILES(r0, 0x20, &(0x7f0000000000)=[r0], 0x1)

2.272299213s ago: executing program 1 (id=1005):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000340), 0x2)
r2 = memfd_create(0x0, 0x2)
ftruncate(r2, 0xffff)
fcntl$addseals(r2, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={r2, 0x0, 0x0, 0x8000})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_audit(0x10, 0x3, 0x9)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0))
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000000), &(0x7f0000000080)=r7}, 0x20)
mount$tmpfs(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x0, &(0x7f0000000500)=ANY=[])
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000040)=0x3)
close_range(r0, 0xffffffffffffffff, 0x0)

2.077898754s ago: executing program 6 (id=1006):
socket$nl_route(0x10, 0x3, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r0}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffff88)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
syz_emit_vhci(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2020)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000180)={0xc})
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
unshare(0x6a040000)
open(&(0x7f0000000080)='./bus\x00', 0x141bc2, 0x1c0)

1.626145022s ago: executing program 7 (id=1007):
r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsmount(r2, 0x1, 0x8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000775)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000006f000000000000000004000000bb7f1a006600feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f00000005c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x4c)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, 0x17, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x8094)

1.005309931s ago: executing program 1 (id=1008):
socket$nl_route(0x10, 0x3, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r0}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffff88)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
syz_emit_vhci(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2020)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000180)={0xc})
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
unshare(0x6a040000)
open(&(0x7f0000000080)='./bus\x00', 0x141bc2, 0x1c0)

167.073004ms ago: executing program 3 (id=1009):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r0, 0x29, 0x24, &(0x7f0000000000)=0xb, 0x4)
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
lseek(r1, 0x8000000000000002, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/32, 0x20}], 0x1)
bind$llc(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
dup3(0xffffffffffffffff, r2, 0x0)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
tee(r6, r5, 0x2000200000000, 0x3)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'gretap0\x00', 0x0})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_open_dev$dri(0x0, 0x1, 0x0)
syz_emit_ethernet(0x42, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @empty, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, "269fe0", 0x8, 0x3a, 0xff, @empty, @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0xff, 0x7}}}}}}, 0x0)

0s ago: executing program 7 (id=1010):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1000000)
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000280)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0x64480000, 0x0, 0x0, 0x7, 0xa15, 0x0, 0x0, 0x1}}, 0x50)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0x80003125, 0x3cd0, 0x4004, 0x181})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4000080)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
io_uring_register$IORING_REGISTER_FILES(r2, 0x20, &(0x7f0000000000)=[r2], 0x1)

kernel console output (not intermixed with test programs):

evice number 17 using dummy_hcd
[  585.164538][ T1208] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  585.252565][ T5827] usb 2-1: USB disconnect, device number 12
[  585.288632][ T1208] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  585.354523][ T1208] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  586.731980][ T1208] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.054629][ T8409] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  587.065434][ T1208] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  587.455827][ T1208] usb 4-1: USB disconnect, device number 17
[  587.471569][ T5827] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  587.761576][ T5827] usb 6-1: Using ep0 maxpacket: 8
[  587.768439][ T5827] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  588.302124][ T5827] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  588.321604][ T5827] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  588.413719][ T5827] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  588.467042][ T5827] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  588.490213][ T5827] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  588.509873][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.591094][ T8435] syzkaller1: entered promiscuous mode
[  588.651673][ T8435] syzkaller1: entered allmulticast mode
[  588.672229][ T8436] efs: cannot read volume header
[  588.861640][ T5827] usb 6-1: GET_CAPABILITIES returned 0
[  588.867120][ T5827] usbtmc 6-1:16.0: can't read capabilities
[  589.318622][ T8447] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  589.346648][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.356417][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.365486][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.380876][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.389948][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.398999][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.408059][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.417108][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.426157][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.435202][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.444246][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.453323][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.462368][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.471410][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.480463][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.489499][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  589.539246][ T6005] usb 6-1: USB disconnect, device number 13
[  590.531752][ T8454] netlink: 16 bytes leftover after parsing attributes in process `syz.2.525'.
[  590.883437][ T8458] 8021q: adding VLAN 0 to HW filter on device batadv4
[  590.891945][ T8458] team0: Port device batadv4 added
[  592.091828][ T1208] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  592.331642][ T1208] usb 2-1: Using ep0 maxpacket: 8
[  592.406795][ T1208] usb 2-1: config 0 has an invalid interface number: 31 but max is 0
[  592.427937][ T1208] usb 2-1: config 0 has no interface number 0
[  592.482332][ T1208] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  592.520590][ T1208] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.854287][ T1208] usb 2-1: Product: syz
[  592.868467][ T1208] usb 2-1: Manufacturer: syz
[  592.881586][ T1208] usb 2-1: SerialNumber: syz
[  592.910543][ T1208] usb 2-1: config 0 descriptor??
[  593.253047][ T1208] uvcvideo 2-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  593.445007][ T1208] uvcvideo 2-1:0.31: Entity type for entity Output 32774 was not initialized!
[  593.499412][ T1208] usb 2-1: USB disconnect, device number 13
[  593.718499][ T8480] cgroup: No subsys list or none specified
[  594.297600][ T8480] exFAT-fs (loop2): unable to read boot sector
[  594.344035][   T30] audit: type=1400 audit(2000000014.290:371): avc:  denied  { map } for  pid=8476 comm="syz.2.533" path="socket:[19359]" dev="sockfs" ino=19359 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  594.391641][ T8480] exFAT-fs (loop2): failed to read boot sector
[  594.663739][ T8480] exFAT-fs (loop2): failed to recognize exfat type
[  596.811871][ T1208] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  597.001640][ T1208] usb 4-1: Using ep0 maxpacket: 32
[  597.141056][ T1208] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 2301, setting to 64
[  597.185564][ T1208] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  597.228922][ T1208] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.282709][ T1208] usb 4-1: Product: syz
[  597.305906][ T1208] usb 4-1: Manufacturer: syz
[  597.351154][ T1208] usb 4-1: SerialNumber: syz
[  597.395615][ T1208] usb 4-1: config 0 descriptor??
[  597.464394][ T1208] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  597.970941][ T8519] efs: cannot read volume header
[  598.144391][ T8516] syzkaller1: entered promiscuous mode
[  598.149884][ T8516] syzkaller1: entered allmulticast mode
[  598.156714][ T6008] usb 4-1: Failed to submit usb control message: -71
[  598.156851][ T1208] usb 4-1: USB disconnect, device number 18
[  598.170559][ T6008] usb 4-1: unable to send the bmi data to the device: -71
[  598.213156][ T6008] usb 4-1: unable to get target info from device
[  598.281056][ T6008] usb 4-1: could not get target info (-71)
[  598.303537][ T6008] usb 4-1: could not probe fw (-71)
[  599.127109][ T8533] random: crng reseeded on system resumption
[  599.773007][ T8537] netlink: 8 bytes leftover after parsing attributes in process `syz.5.544'.
[  600.150841][ T8547] 8021q: adding VLAN 0 to HW filter on device batadv2
[  600.160228][ T8547] team0: Port device batadv2 added
[  603.472179][ T8571] netlink: 64 bytes leftover after parsing attributes in process `syz.5.551'.
[  604.330733][ T8584] random: crng reseeded on system resumption
[  604.397545][ T8588] netlink: 12 bytes leftover after parsing attributes in process `syz.3.554'.
[  604.406484][ T8588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.554'.
[  607.958297][ T2617] block nbd0: Possible stuck request ffff888027db0000: control (read@0,1024B). Runtime 60 seconds
[  607.969632][ T2617] block nbd0: Possible stuck request ffff888027db0200: control (read@1024,1024B). Runtime 60 seconds
[  607.980583][ T2617] block nbd0: Possible stuck request ffff888027db0400: control (read@2048,1024B). Runtime 60 seconds
[  607.991545][ T2617] block nbd0: Possible stuck request ffff888027db0600: control (read@3072,1024B). Runtime 60 seconds
[  608.312950][ T8616] random: crng reseeded on system resumption
[  608.382320][ T8620] fuse: Bad value for 'fd'
[  608.571731][ T8626] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  608.722229][ T8628] 8021q: adding VLAN 0 to HW filter on device batadv5
[  608.730572][ T8628] team0: Port device batadv5 added
[  612.150159][ T8652] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  612.823668][ T8667] random: crng reseeded on system resumption
[  615.484455][ T5827] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  615.649282][ T5827] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  615.716012][ T8684] can0: slcan on ttyS3.
[  615.748651][ T5827] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  615.821541][ T5827] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  615.840911][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.071433][ T8681] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  616.171612][ T5827] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  616.192831][ T8685] can0 (unregistered): slcan off ttyS3.
[  616.608620][ T5827] usb 2-1: USB disconnect, device number 14
[  616.814992][   T30] audit: type=1400 audit(2000000003.380:372): avc:  denied  { mount } for  pid=8690 comm="syz.5.576" name="/" dev="hugetlbfs" ino=20749 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  617.173123][   T30] audit: type=1400 audit(2000000003.380:373): avc:  denied  { create } for  pid=8690 comm="syz.5.576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  617.492828][ T8697] netlink: 64 bytes leftover after parsing attributes in process `syz.2.578'.
[  618.823753][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  618.986450][ T8709] 8021q: adding VLAN 0 to HW filter on device batadv6
[  619.008851][ T8709] team0: Port device batadv6 added
[  619.405173][ T1208] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  620.158874][ T1208] usb 6-1: config 1 interface 0 altsetting 15 bulk endpoint 0x1 has invalid maxpacket 32
[  620.170061][ T1208] usb 6-1: config 1 interface 0 altsetting 15 bulk endpoint 0x82 has invalid maxpacket 8
[  620.180241][ T1208] usb 6-1: config 1 interface 0 has no altsetting 0
[  620.203516][ T1208] usb 6-1: string descriptor 0 read error: -22
[  620.209813][ T1208] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  620.242196][ T1208] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.285475][ T8707] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  620.293521][ T8707] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  620.720314][ T8723] can0: slcan on ttyS3.
[  621.033072][ T8723] can0 (unregistered): slcan off ttyS3.
[  621.045427][ T8724] can0: slcan on ttyS3.
[  621.354176][   T30] audit: type=1400 audit(2000000007.920:374): avc:  denied  { read } for  pid=8728 comm="syz.2.585" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  621.418138][   T30] audit: type=1400 audit(2000000007.920:375): avc:  denied  { open } for  pid=8728 comm="syz.2.585" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  622.634917][ T1208] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 15 proto 3 vid 0x0525 pid 0xA4A8
[  622.688667][ T1208] usb 6-1: USB disconnect, device number 14
[  623.070535][ T1208] usblp0: removed
[  623.122652][ T8702] can0 (unregistered): slcan off ttyS3.
[  623.191641][ T6005] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  624.133636][ T6005] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  624.148884][ T6005] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  624.252493][ T6005] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  624.294914][ T6005] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  624.319422][ T6005] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  624.339835][ T6005] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  624.355814][ T6005] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  624.358953][ T8730] netlink: 'syz.2.585': attribute type 16 has an invalid length.
[  624.371662][ T8730] netlink: 'syz.2.585': attribute type 17 has an invalid length.
[  624.390261][ T6005] usb 4-1: Product: syz
[  624.396654][ T6005] usb 4-1: Manufacturer: syz
[  624.405643][ T6005] cdc_wdm 4-1:1.0: skipping garbage
[  624.414927][ T6005] cdc_wdm 4-1:1.0: skipping garbage
[  624.420243][ T8730] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  624.438024][   T30] audit: type=1400 audit(2000000010.980:376): avc:  denied  { ioctl } for  pid=8728 comm="syz.2.585" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  624.617744][ T8767] netlink: 64 bytes leftover after parsing attributes in process `syz.5.589'.
[  624.845118][ T6005] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  624.859421][ T6005] cdc_wdm 4-1:1.0: Unknown control protocol
[  624.891729][ T6005] usb 4-1: USB disconnect, device number 19
[  625.268263][ T8748] 8021q: adding VLAN 0 to HW filter on device batadv1
[  625.271619][   T30] audit: type=1400 audit(2000000011.830:377): avc:  denied  { setopt } for  pid=8741 comm="syz.3.586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  625.394789][ T8783] random: crng reseeded on system resumption
[  625.427894][ T8784] netlink: 100 bytes leftover after parsing attributes in process `syz.1.590'.
[  625.794687][ T8748] team0: Port device batadv1 added
[  625.840976][ T8782] netlink: 'syz.1.590': attribute type 4 has an invalid length.
[  626.089054][ T8793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.177543][ T8793] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.381540][ T5934] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  626.883112][ T5854] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  626.903420][ T5854] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  626.912016][ T5854] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  626.920295][ T5854] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  626.930719][ T5854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  627.901787][ T8815] cgroup: No subsys list or none specified
[  627.963232][ T8815] exFAT-fs (loop3): unable to read boot sector
[  627.969402][ T8815] exFAT-fs (loop3): failed to read boot sector
[  627.983019][ T8815] exFAT-fs (loop3): failed to recognize exfat type
[  628.046619][ T8800] chnl_net:caif_netlink_parms(): no params data found
[  629.122416][ T8800] bridge0: port 1(bridge_slave_0) entered blocking state
[  629.129474][ T8800] bridge0: port 1(bridge_slave_0) entered disabled state
[  629.165844][ T8800] bridge_slave_0: entered allmulticast mode
[  629.257310][   T30] audit: type=1400 audit(2000000015.770:378): avc:  denied  { execute_no_trans } for  pid=8823 comm="syz.5.600" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F520C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="tmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  629.263205][ T8800] bridge_slave_0: entered promiscuous mode
[  629.458137][   T51] Bluetooth: hci5: command tx timeout
[  629.519209][ T8800] bridge0: port 2(bridge_slave_1) entered blocking state
[  629.554364][ T8800] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.595557][ T8800] bridge_slave_1: entered allmulticast mode
[  629.610846][   T30] audit: type=1400 audit(2000000016.160:379): avc:  denied  { getopt } for  pid=8835 comm="syz.5.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  629.709534][   T30] audit: type=1400 audit(2000000016.270:380): avc:  denied  { recv } for  pid=8833 comm="syz.1.601" saddr=10.128.0.169 src=30006 daddr=10.128.0.132 dest=33282 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  629.780047][ T8800] bridge_slave_1: entered promiscuous mode
[  629.831594][ T6005] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  629.848011][ T8800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  629.861580][ T1208] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  629.879813][ T8800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  630.049566][ T1208] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.051716][ T6005] usb 3-1: Using ep0 maxpacket: 32
[  630.059932][ T1208] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  630.075474][ T1208] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  630.220969][ T1208] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  630.234805][ T1208] usb 6-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  630.236508][ T8800] team0: Port device team_slave_0 added
[  630.244130][ T1208] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.258011][ T6005] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 2301, setting to 64
[  630.299697][ T6005] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  630.312741][ T6005] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.319428][ T1208] usb 6-1: config 0 descriptor??
[  630.328071][ T8800] team0: Port device team_slave_1 added
[  630.342673][ T8834] netlink: 'syz.1.601': attribute type 16 has an invalid length.
[  630.350407][ T8834] netlink: 'syz.1.601': attribute type 17 has an invalid length.
[  630.360019][ T6005] usb 3-1: Product: syz
[  630.364400][ T6005] usb 3-1: Manufacturer: syz
[  630.369091][ T6005] usb 3-1: SerialNumber: syz
[  630.381680][ T8834] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  630.416020][ T8800] batman_adv: batadv0: Adding interface: batadv_slave_0
[  630.429485][ T6005] usb 3-1: config 0 descriptor??
[  630.441562][ T8800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  630.477583][ T8800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  630.497868][ T8800] batman_adv: batadv0: Adding interface: batadv_slave_1
[  630.511556][ T8800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  630.540692][ T6005] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  630.554326][ T8800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  630.596800][   T30] audit: type=1400 audit(2000000017.160:381): avc:  denied  { append } for  pid=8835 comm="syz.5.603" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  630.620517][   T30] audit: type=1400 audit(2000000017.160:382): avc:  denied  { module_request } for  pid=8835 comm="syz.5.603" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  630.701035][   T30] audit: type=1400 audit(2000000017.260:383): avc:  denied  { read write } for  pid=8835 comm="syz.5.603" name="sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  630.727086][    C1] sd 0:0:1:0: [sda] tag#9541 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  630.730693][   T30] audit: type=1400 audit(2000000017.300:384): avc:  denied  { open } for  pid=8835 comm="syz.5.603" path="/dev/sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  630.737500][    C1] sd 0:0:1:0: [sda] tag#9541 CDB: Read(6) 08 00 00 00 00 00 00 00 00 00 00 00
[  630.771585][   T30] audit: type=1400 audit(2000000017.300:385): avc:  denied  { ioctl } for  pid=8835 comm="syz.5.603" path="/dev/sg0" dev="devtmpfs" ino=768 ioctlcmd=0x5393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  630.820777][ T1208] usb 6-1: USB disconnect, device number 15
[  630.869519][ T8800] hsr_slave_0: entered promiscuous mode
[  630.879361][ T8800] hsr_slave_1: entered promiscuous mode
[  630.894746][ T8800] debugfs: 'hsr0' already exists in 'hsr'
[  630.901363][ T8800] Cannot create hsr debugfs directory
[  631.053127][   T49] usb 3-1: Failed to submit usb control message: -71
[  631.054279][ T5934] usb 3-1: USB disconnect, device number 12
[  631.060043][   T49] usb 3-1: unable to send the bmi data to the device: -71
[  631.076214][   T49] usb 3-1: unable to get target info from device
[  631.084024][   T49] usb 3-1: could not get target info (-71)
[  631.529432][   T49] usb 3-1: could not probe fw (-71)
[  631.551516][   T51] Bluetooth: hci5: command tx timeout
[  631.567586][ T8855] can0: slcan on ttyS3.
[  631.671928][ T8856] can0 (unregistered): slcan off ttyS3.
[  631.684064][ T8860] netlink: 24 bytes leftover after parsing attributes in process `syz.2.607'.
[  631.701327][ T8857] can0: slcan on ttyS3.
[  631.797132][   T30] audit: type=1400 audit(2000000018.360:386): avc:  denied  { name_bind } for  pid=8862 comm="syz.5.606" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  631.882203][ T8851] can0 (unregistered): slcan off ttyS3.
[  631.943722][ T8861] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=8861 comm=syz.2.607
[  631.983287][   T30] audit: type=1400 audit(2000000018.540:387): avc:  denied  { recv } for  pid=8800 comm="syz-executor" saddr=10.128.0.169 src=43436 daddr=10.128.0.132 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  632.077045][ T8863] SELinux: failed to load policy
[  632.122342][ T8867] cgroup: No subsys list or none specified
[  632.162097][ T8867] exFAT-fs (loop3): unable to read boot sector
[  632.364253][ T8867] exFAT-fs (loop3): failed to read boot sector
[  632.370440][ T8867] exFAT-fs (loop3): failed to recognize exfat type
[  633.247934][ T8800] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  633.729335][   T51] Bluetooth: hci5: command tx timeout
[  633.832694][ T8880] slcan: can't register candev
[  633.906005][ T8877] netlink: 'syz.1.609': attribute type 4 has an invalid length.
[  633.915223][ T8800] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  634.032036][ T8800] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  634.107740][ T8800] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  634.138554][ T8895] cgroup: No subsys list or none specified
[  634.295487][ T8904] exFAT-fs (loop5): unable to read boot sector
[  634.385617][ T8904] exFAT-fs (loop5): failed to read boot sector
[  634.466820][ T8904] exFAT-fs (loop5): failed to recognize exfat type
[  635.250667][ T8912] netlink: 'syz.2.615': attribute type 4 has an invalid length.
[  635.522060][ T8800] 8021q: adding VLAN 0 to HW filter on device bond0
[  635.757932][ T8800] 8021q: adding VLAN 0 to HW filter on device team0
[  635.852278][   T51] Bluetooth: hci5: command tx timeout
[  635.882809][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  635.889917][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  635.898623][ T8927] random: crng reseeded on system resumption
[  635.936162][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  635.943307][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  636.088816][ T5827] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  636.096884][   T30] audit: type=1400 audit(2000000022.650:388): avc:  denied  { egress } for  pid=6005 comm="kworker/0:6" daddr=ff02::16 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  636.181444][   T30] audit: type=1400 audit(2000000022.650:389): avc:  denied  { sendto } for  pid=6005 comm="kworker/0:6" daddr=ff02::16 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  636.572083][ T5827] usb 3-1: Using ep0 maxpacket: 32
[  636.583047][ T8920] netlink: 'syz.5.619': attribute type 16 has an invalid length.
[  636.590779][ T8920] netlink: 'syz.5.619': attribute type 17 has an invalid length.
[  636.605464][ T8920] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  636.643174][ T5827] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 2301, setting to 64
[  636.799583][ T5827] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  636.817421][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.833246][ T5827] usb 3-1: Product: syz
[  636.840609][ T5827] usb 3-1: Manufacturer: syz
[  636.853173][ T5827] usb 3-1: SerialNumber: syz
[  636.873330][ T5827] usb 3-1: config 0 descriptor??
[  636.885856][ T8800] 8021q: adding VLAN 0 to HW filter on device batadv0
[  636.923952][ T5827] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  637.215799][   T49] usb 3-1: Failed to submit usb control message: -71
[  637.217320][ T1208] usb 3-1: USB disconnect, device number 13
[  637.226664][   T49] usb 3-1: unable to send the bmi data to the device: -71
[  637.256039][   T49] usb 3-1: unable to get target info from device
[  637.279304][   T49] usb 3-1: could not get target info (-71)
[  637.305674][   T49] usb 3-1: could not probe fw (-71)
[  637.653706][ T8800] veth0_vlan: entered promiscuous mode
[  637.801158][ T8800] veth1_vlan: entered promiscuous mode
[  637.849575][ T8800] veth0_macvtap: entered promiscuous mode
[  637.871907][ T8800] veth1_macvtap: entered promiscuous mode
[  637.903393][ T8800] batman_adv: batadv0: Interface activated: batadv_slave_0
[  637.944048][ T8800] batman_adv: batadv0: Interface activated: batadv_slave_1
[  637.985985][   T58] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  638.005474][ T6057] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  638.021832][ T2617] block nbd0: Possible stuck request ffff888027db0000: control (read@0,1024B). Runtime 90 seconds
[  638.032568][ T2617] block nbd0: Possible stuck request ffff888027db0200: control (read@1024,1024B). Runtime 90 seconds
[  638.034438][ T6057] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  638.043464][ T2617] block nbd0: Possible stuck request ffff888027db0400: control (read@2048,1024B). Runtime 90 seconds
[  638.043512][ T2617] block nbd0: Possible stuck request ffff888027db0600: control (read@3072,1024B). Runtime 90 seconds
[  638.079572][ T8950] netlink: 8 bytes leftover after parsing attributes in process `syz.5.622'.
[  638.199278][   T30] audit: type=1400 audit(2000000024.670:390): avc:  denied  { mounton } for  pid=8954 comm="syz.3.624" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  638.243017][   T58] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  638.425397][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  638.456104][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  638.504229][ T5978] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  638.512349][ T5978] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  638.599367][ T8965] random: crng reseeded on system resumption
[  638.619637][   T30] audit: type=1400 audit(2000000025.180:391): avc:  denied  { mounton } for  pid=8800 comm="syz-executor" path="/root/syzkaller.SWY455/syz-tmp" dev="sda1" ino=2053 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  638.732110][   T30] audit: type=1400 audit(2000000025.230:392): avc:  denied  { mounton } for  pid=8800 comm="syz-executor" path="/root/syzkaller.SWY455/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  638.876964][   T30] audit: type=1400 audit(2000000025.230:393): avc:  denied  { mounton } for  pid=8800 comm="syz-executor" path="/root/syzkaller.SWY455/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=22025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  638.954442][   T30] audit: type=1400 audit(2000000025.250:394): avc:  denied  { mounton } for  pid=8800 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2786 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  641.400531][   T30] audit: type=1400 audit(2000000027.960:395): avc:  denied  { ioctl } for  pid=8979 comm="syz.5.629" path="socket:[22067]" dev="sockfs" ino=22067 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  641.513236][   T30] audit: type=1400 audit(2000000028.060:396): avc:  denied  { accept } for  pid=8979 comm="syz.5.629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  641.664816][ T8985] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  643.681782][ T5827] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  643.814669][   T30] audit: type=1400 audit(2000000000.080:397): avc:  denied  { unlink } for  pid=9013 comm="syz.5.638" name="#1" dev="tmpfs" ino=505 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  643.843820][ T9014] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  643.853505][ T9014] FAULT_INJECTION: forcing a failure.
[  643.853505][ T9014] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  643.867629][   T30] audit: type=1400 audit(2000000000.110:398): avc:  denied  { mount } for  pid=9013 comm="syz.5.638" name="/" dev="overlay" ino=500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  643.915558][ T9014] CPU: 1 UID: 0 PID: 9014 Comm: syz.5.638 Not tainted syzkaller #0 PREEMPT(full) 
[  643.915582][ T9014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  643.915593][ T9014] Call Trace:
[  643.915598][ T9014]  <TASK>
[  643.915604][ T9014]  dump_stack_lvl+0x100/0x190
[  643.915636][ T9014]  should_fail_ex.cold+0x5/0xa
[  643.915665][ T9014]  _copy_to_user+0x32/0xd0
[  643.915686][ T9014]  simple_read_from_buffer+0xcb/0x170
[  643.915712][ T9014]  proc_fail_nth_read+0x1af/0x230
[  643.915731][ T9014]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  643.915762][ T9014]  ? rw_verify_area+0xce/0x6d0
[  643.915784][ T9014]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  643.915812][ T9014]  vfs_read+0x1e4/0xb30
[  643.915838][ T9014]  ? __pfx_vfs_read+0x10/0x10
[  643.915859][ T9014]  ? __fget_files+0x215/0x3d0
[  643.915891][ T9014]  ? __fget_files+0x21f/0x3d0
[  643.915924][ T9014]  ksys_read+0x12a/0x250
[  643.915947][ T9014]  ? __pfx_ksys_read+0x10/0x10
[  643.915977][ T9014]  do_syscall_64+0x106/0xf80
[  643.915999][ T9014]  ? clear_bhb_loop+0x40/0x90
[  643.916021][ T9014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.916039][ T9014] RIP: 0033:0x7f899415c84e
[  643.916055][ T9014] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  643.916072][ T9014] RSP: 002b:00007f899501ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  643.916090][ T9014] RAX: ffffffffffffffda RBX: 00007f89950206c0 RCX: 00007f899415c84e
[  643.916101][ T9014] RDX: 000000000000000f RSI: 00007f89950200a0 RDI: 0000000000000004
[  643.916111][ T9014] RBP: 00007f8995020090 R08: 0000000000000000 R09: 0000000000000000
[  643.916121][ T9014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.916132][ T9014] R13: 00007f8994416038 R14: 00007f8994415fa0 R15: 00007fff99466928
[  643.916157][ T9014]  </TASK>
[  643.925637][ T5827] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  644.253312][ T5827] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  644.269148][ T5827] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  644.344640][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  644.353461][ T5827] usb 4-1: SerialNumber: syz
[  644.779454][ T9023] netlink: 8 bytes leftover after parsing attributes in process `syz.2.639'.
[  644.961835][ T9024] random: crng reseeded on system resumption
[  645.003459][ T9010] netlink: 'syz.1.631': attribute type 16 has an invalid length.
[  645.011201][ T9010] netlink: 'syz.1.631': attribute type 17 has an invalid length.
[  645.022812][ T9010] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  645.941574][ T6005] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  646.110285][   T30] audit: type=1400 audit(2000000002.370:399): avc:  denied  { write } for  pid=9043 comm="syz.5.647" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  646.239798][ T6005] usb 7-1: Using ep0 maxpacket: 8
[  646.279165][ T6005] usb 7-1: config 0 has an invalid interface number: 31 but max is 0
[  646.288404][ T5827] usb 4-1: 0:2 : does not exist
[  646.307244][ T6005] usb 7-1: config 0 has no interface number 0
[  646.315460][ T5827] usb 4-1: unit 5 not found!
[  646.335538][ T6005] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  646.371403][ T6005] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.424155][ T5827] usb 4-1: USB disconnect, device number 20
[  646.431509][ T6005] usb 7-1: Product: syz
[  646.454449][ T6005] usb 7-1: Manufacturer: syz
[  646.477263][ T6005] usb 7-1: SerialNumber: syz
[  646.485869][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  646.507712][ T6005] usb 7-1: config 0 descriptor??
[  647.243012][ T6005] uvcvideo 7-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  647.251824][ T6005] uvcvideo 7-1:0.31: Entity type for entity Output 32774 was not initialized!
[  647.272131][ T6005] usb 7-1: USB disconnect, device number 2
[  647.423371][ T5827] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  648.258711][ T5827] usb 6-1: config 1 interface 0 altsetting 15 bulk endpoint 0x1 has invalid maxpacket 32
[  648.300524][ T5827] usb 6-1: config 1 interface 0 altsetting 15 bulk endpoint 0x82 has invalid maxpacket 8
[  648.411003][ T5827] usb 6-1: config 1 interface 0 has no altsetting 0
[  648.557053][   T30] audit: type=1400 audit(2000000004.830:400): avc:  denied  { create } for  pid=9068 comm="syz.6.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  648.969244][ T5827] usb 6-1: string descriptor 0 read error: -22
[  648.986089][ T5827] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  649.018314][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.029553][ T9071] syzkaller1: entered promiscuous mode
[  649.035076][   T30] audit: type=1400 audit(2000000004.830:401): avc:  denied  { setopt } for  pid=9068 comm="syz.6.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  649.108429][ T9071] syzkaller1: entered allmulticast mode
[  649.371403][ T9054] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  649.560306][ T9071] efs: cannot read volume header
[  650.183766][ T9087] random: crng reseeded on system resumption
[  650.343937][ T9091] can0: slcan on ttyS3.
[  650.982504][ T9091] can0 (unregistered): slcan off ttyS3.
[  651.457123][ T5827] usb 6-1: can't set config #1, error -71
[  651.516947][ T5827] usb 6-1: USB disconnect, device number 16
[  651.540434][   T30] audit: type=1400 audit(2000000000.370:402): avc:  denied  { read } for  pid=9104 comm="syz.6.662" name="event3" dev="devtmpfs" ino=924 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  651.581666][   T30] audit: type=1400 audit(2000000000.370:403): avc:  denied  { open } for  pid=9104 comm="syz.6.662" path="/dev/input/event3" dev="devtmpfs" ino=924 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  651.684423][ T9108] netlink: 16 bytes leftover after parsing attributes in process `syz.6.662'.
[  651.765790][   T30] audit: type=1400 audit(2000000000.590:404): avc:  denied  { write } for  pid=9104 comm="syz.6.662" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  651.865599][   T30] audit: type=1400 audit(2000000000.590:405): avc:  denied  { ioctl } for  pid=9104 comm="syz.6.662" path="/dev/input/event3" dev="devtmpfs" ino=924 ioctlcmd=0x4593 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  652.069647][ T9117] FAULT_INJECTION: forcing a failure.
[  652.069647][ T9117] name failslab, interval 1, probability 0, space 0, times 0
[  652.086832][ T9117] CPU: 1 UID: 0 PID: 9117 Comm: syz.5.665 Not tainted syzkaller #0 PREEMPT(full) 
[  652.086855][ T9117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  652.086865][ T9117] Call Trace:
[  652.086870][ T9117]  <TASK>
[  652.086876][ T9117]  dump_stack_lvl+0x100/0x190
[  652.086908][ T9117]  should_fail_ex.cold+0x5/0xa
[  652.086930][ T9117]  ? lsm_blob_alloc+0x68/0x90
[  652.086948][ T9117]  should_failslab+0xc2/0x120
[  652.086973][ T9117]  __kmalloc_noprof+0xe0/0x850
[  652.086994][ T9117]  ? trace_kmalloc+0x101/0x130
[  652.087021][ T9117]  lsm_blob_alloc+0x68/0x90
[  652.087040][ T9117]  security_sk_alloc+0x2d/0x290
[  652.087062][ T9117]  sk_prot_alloc+0x12a/0x2a0
[  652.087088][ T9117]  sk_alloc+0x36/0xe80
[  652.087108][ T9117]  bpf_prog_test_run_skb+0x4cd/0x3230
[  652.087137][ T9117]  ? find_held_lock+0x2b/0x80
[  652.087158][ T9117]  ? __fget_files+0x215/0x3d0
[  652.087190][ T9117]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  652.087215][ T9117]  ? fput+0x79/0x100
[  652.087235][ T9117]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  652.087257][ T9117]  __sys_bpf+0x1725/0x4b90
[  652.087277][ T9117]  ? __pfx___sys_bpf+0x10/0x10
[  652.087291][ T9117]  ? proc_fail_nth_write+0x9f/0x220
[  652.087309][ T9117]  ? find_held_lock+0x2b/0x80
[  652.087335][ T9117]  ? find_held_lock+0x2b/0x80
[  652.087354][ T9117]  ? ksys_write+0x190/0x250
[  652.087382][ T9117]  ? __mutex_unlock_slowpath+0x15c/0x790
[  652.087406][ T9117]  ? __fget_files+0x215/0x3d0
[  652.087443][ T9117]  ? fput+0x79/0x100
[  652.087459][ T9117]  ? ksys_write+0x1ac/0x250
[  652.087482][ T9117]  ? __pfx_ksys_write+0x10/0x10
[  652.087509][ T9117]  __x64_sys_bpf+0x7b/0xc0
[  652.087525][ T9117]  ? lockdep_hardirqs_on+0x78/0x100
[  652.087545][ T9117]  do_syscall_64+0x106/0xf80
[  652.087566][ T9117]  ? clear_bhb_loop+0x40/0x90
[  652.087588][ T9117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.087606][ T9117] RIP: 0033:0x7f899419bf79
[  652.087622][ T9117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  652.087637][ T9117] RSP: 002b:00007f8995020028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  652.087658][ T9117] RAX: ffffffffffffffda RBX: 00007f8994415fa0 RCX: 00007f899419bf79
[  652.087669][ T9117] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a
[  652.087679][ T9117] RBP: 00007f8995020090 R08: 0000000000000000 R09: 0000000000000000
[  652.087688][ T9117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  652.087698][ T9117] R13: 00007f8994416038 R14: 00007f8994415fa0 R15: 00007fff99466928
[  652.087720][ T9117]  </TASK>
[  652.644204][ T9123] netlink: 'syz.1.668': attribute type 4 has an invalid length.
[  654.320731][ T9147] can0: slcan on ttyS3.
[  655.317626][ T9147] can0 (unregistered): slcan off ttyS3.
[  655.441671][ T5934] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  655.666408][ T5934] usb 7-1: Using ep0 maxpacket: 32
[  655.673942][ T5934] usb 7-1: unable to get BOS descriptor or descriptor too short
[  655.702956][ T5934] usb 7-1: config 128 has an invalid interface number: 127 but max is 3
[  655.711450][ T5934] usb 7-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  655.722941][ T5934] usb 7-1: config 128 has 1 interface, different from the descriptor's value: 4
[  655.732540][ T5934] usb 7-1: config 128 has no interface number 0
[  655.753735][ T5934] usb 7-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  655.758896][ T9164] netlink: 12 bytes leftover after parsing attributes in process `syz.3.677'.
[  655.768724][ T5934] usb 7-1: config 128 interface 127 has no altsetting 0
[  656.020553][ T5934] usb 7-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  656.036485][ T5934] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.149880][ T9168] macvlan2: entered promiscuous mode
[  656.161599][ T5827] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  656.179835][ T9168] macvlan2: entered allmulticast mode
[  656.185266][ T5934] usb 7-1: Product: syz
[  656.189542][ T5934] usb 7-1: Manufacturer: syz
[  656.206601][ T5934] usb 7-1: SerialNumber: syz
[  656.239600][ T9168] bond1: entered promiscuous mode
[  656.308937][ T9168] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  656.352701][ T9168] bond1: left promiscuous mode
[  656.384420][ T5827] usb 3-1: config 1 interface 0 altsetting 15 bulk endpoint 0x1 has invalid maxpacket 32
[  656.395249][ T5827] usb 3-1: config 1 interface 0 altsetting 15 bulk endpoint 0x82 has invalid maxpacket 8
[  656.405848][ T5827] usb 3-1: config 1 interface 0 has no altsetting 0
[  656.420719][ T5827] usb 3-1: string descriptor 0 read error: -22
[  656.427871][ T5827] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  656.437798][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.458003][ T9165] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  656.563630][ T9165] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  656.647190][ T5934] usb 7-1: USB disconnect, device number 3
[  656.674977][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  656.846026][ T9179] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  658.223408][ T9196] can0: slcan on ttyS3.
[  658.625745][ T9196] can0 (unregistered): slcan off ttyS3.
[  658.639618][ T9197] can0: slcan on ttyS3.
[  659.408401][ T9210] netlink: 'syz.5.689': attribute type 4 has an invalid length.
[  659.621885][ T5934] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  659.932297][ T5934] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  660.171561][ T5934] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  660.209830][ T5827] usblp 3-1:1.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 15 proto 3 vid 0x0525 pid 0xA4A8
[  660.226959][ T5934] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  660.278145][ T5934] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.314577][ T5827] usb 3-1: USB disconnect, device number 14
[  660.324729][ T9208] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  660.354492][ T9158] can0 (unregistered): slcan off ttyS3.
[  660.366187][ T5827] usblp0: removed
[  660.371317][ T5934] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  661.027175][ T9230] can0: slcan on ttyS3.
[  661.078950][ T5934] usb 7-1: USB disconnect, device number 4
[  661.124133][ T9231] can0 (unregistered): slcan off ttyS3.
[  661.374112][ T9232] can0: slcan on ttyS3.
[  661.943594][ T9233] can0 (unregistered): slcan off ttyS3.
[  662.164333][ T9254] netlink: 8 bytes leftover after parsing attributes in process `syz.3.694'.
[  664.658882][ T9280] 8021q: adding VLAN 0 to HW filter on device batadv1
[  664.727690][ T9280] team0: Port device batadv1 added
[  666.925789][ T9316] 8021q: adding VLAN 0 to HW filter on device batadv2
[  666.963033][ T9316] team0: Port device batadv2 added
[  667.059418][   T30] audit: type=1400 audit(2000000001.730:406): avc:  denied  { map } for  pid=9319 comm="syz.5.700" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  667.223168][   T30] audit: type=1400 audit(2000000001.900:407): avc:  denied  { map } for  pid=9319 comm="syz.5.700" path="socket:[23200]" dev="sockfs" ino=23200 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  667.604858][ T5827] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  667.784690][ T5827] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  667.797996][ T5827] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  667.824232][ T5827] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  668.095315][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.414817][ T9324] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  668.422633][ T2617] block nbd0: Possible stuck request ffff888027db0000: control (read@0,1024B). Runtime 120 seconds
[  668.433375][ T2617] block nbd0: Possible stuck request ffff888027db0200: control (read@1024,1024B). Runtime 120 seconds
[  668.451792][ T2617] block nbd0: Possible stuck request ffff888027db0400: control (read@2048,1024B). Runtime 120 seconds
[  668.464756][ T2617] block nbd0: Possible stuck request ffff888027db0600: control (read@3072,1024B). Runtime 120 seconds
[  668.492484][ T5827] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  668.728382][   T10] usb 4-1: USB disconnect, device number 21
[  668.821991][ T5827] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  669.012835][ T5827] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  669.083296][ T5827] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  669.093920][ T5827] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  669.541979][  T793] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  669.552523][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.584844][ T9338] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  669.624691][ T5827] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  669.830582][  T793] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  669.864575][  T793] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  669.968698][  T793] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  669.977845][  T793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.040930][ T9341] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  670.099711][  T793] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  670.109834][ T5827] usb 6-1: USB disconnect, device number 17
[  670.469667][  T793] usb 2-1: USB disconnect, device number 16
[  670.622734][ T6005] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  671.061653][ T6005] usb 3-1: Using ep0 maxpacket: 32
[  671.075292][ T6005] usb 3-1: unable to get BOS descriptor or descriptor too short
[  671.094927][ T6005] usb 3-1: config 128 has an invalid interface number: 127 but max is 3
[  671.117806][ T6005] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  671.146917][ T6005] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4
[  671.166200][ T6005] usb 3-1: config 128 has no interface number 0
[  671.180101][ T6005] usb 3-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  671.227667][ T6005] usb 3-1: config 128 interface 127 has no altsetting 0
[  671.246609][ T6005] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  671.264226][ T6005] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.280713][ T6005] usb 3-1: Product: syz
[  671.306626][ T6005] usb 3-1: Manufacturer: syz
[  671.327476][ T6005] usb 3-1: SerialNumber: syz
[  671.912791][ T6005] usb 3-1: USB disconnect, device number 15
[  672.701068][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  673.052557][ T9387] netlink: 24 bytes leftover after parsing attributes in process `syz.5.723'.
[  673.097046][ T9387] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=9387 comm=syz.5.723
[  673.261647][ T5934] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  673.581626][ T5934] usb 2-1: Using ep0 maxpacket: 32
[  673.610402][ T5934] usb 2-1: unable to get BOS descriptor or descriptor too short
[  673.864804][ T5934] usb 2-1: config 128 has an invalid interface number: 127 but max is 3
[  673.881554][ T5934] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  673.996915][ T5934] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4
[  674.019237][ T5934] usb 2-1: config 128 has no interface number 0
[  674.036709][ T5934] usb 2-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  674.483883][ T5934] usb 2-1: config 128 interface 127 has no altsetting 0
[  674.508182][ T5934] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  674.518296][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.527767][ T5934] usb 2-1: Product: syz
[  674.532052][ T5934] usb 2-1: Manufacturer: syz
[  674.537691][ T5934] usb 2-1: SerialNumber: syz
[  674.627025][ T9399] netlink: 'syz.2.725': attribute type 4 has an invalid length.
[  675.941683][ T5934] usb 2-1: USB disconnect, device number 17
[  675.998756][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  676.023843][ T9417] random: crng reseeded on system resumption
[  676.791574][ T6005] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  677.190305][ T6005] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  677.228828][ T6005] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  677.275955][ T6005] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  677.308179][ T6005] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.353567][ T9419] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  677.370081][ T6005] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  677.397790][ T9427] syzkaller1: entered promiscuous mode
[  677.403452][ T9427] syzkaller1: entered allmulticast mode
[  677.413234][ T9427] efs: cannot read volume header
[  677.568567][ T5979] usb 2-1: USB disconnect, device number 18
[  678.995536][ T9453] 8021q: adding VLAN 0 to HW filter on device batadv2
[  679.102788][ T9453] team0: Port device batadv2 added
[  679.793657][ T9464] syzkaller1: entered promiscuous mode
[  679.831708][ T9464] syzkaller1: entered allmulticast mode
[  680.010158][ T9464] efs: cannot read volume header
[  680.262184][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  680.330327][ T9476] 8021q: adding VLAN 0 to HW filter on device batadv7
[  680.577716][ T9476] team0: Port device batadv7 added
[  680.644260][ T9472] 8021q: adding VLAN 0 to HW filter on device batadv3
[  680.654073][ T9472] team0: Port device batadv3 added
[  682.379363][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  682.392579][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  682.406655][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  682.748666][   T30] audit: type=1400 audit(2000000009.070:408): avc:  denied  { write } for  pid=9486 comm="syz.1.744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  682.861758][ T9492] infiniband syz2: set active
[  682.866690][ T9492] infiniband syz2: added vxcan1
[  682.889432][ T9492] RDS/IB: syz2: added
[  682.893899][ T9492] smc: adding ib device syz2 with port count 1
[  682.900105][ T9492] smc:    ib device syz2 port 1 has no pnetid
[  682.907768][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  682.959056][ T5934] vxcan1 speed is unknown, defaulting to 1000
[  682.966337][ T5934] vxcan1 speed is unknown, defaulting to 1000
[  682.975524][   T30] audit: type=1326 audit(2000000009.120:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  683.061695][   T30] audit: type=1326 audit(2000000009.120:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  683.103725][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  683.143896][   T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  683.193801][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  683.279206][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  683.525608][ T9498] netlink: 'syz.5.745': attribute type 4 has an invalid length.
[  683.951136][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  684.048187][ T9492] vxcan1 speed is unknown, defaulting to 1000
[  684.181933][   T30] audit: type=1326 audit(2000000009.120:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  684.210919][   T10] usb 4-1: Using ep0 maxpacket: 32
[  684.271522][   T30] audit: type=1326 audit(2000000009.120:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  684.347359][   T10] usb 4-1: device descriptor read/all, error -71
[  684.473022][   T30] audit: type=1326 audit(2000000009.120:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  684.559221][   T30] audit: type=1326 audit(2000000009.120:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  684.719615][   T30] audit: type=1326 audit(2000000009.120:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  684.787374][   T30] audit: type=1326 audit(2000000009.120:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  684.862201][   T30] audit: type=1326 audit(2000000009.120:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9486 comm="syz.1.744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  685.292129][ T9518] can0: slcan on ttyS3.
[  685.673502][ T9518] can0 (unregistered): slcan off ttyS3.
[  685.701913][ T9079] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  685.817354][ T9525] FAULT_INJECTION: forcing a failure.
[  685.817354][ T9525] name failslab, interval 1, probability 0, space 0, times 0
[  685.902222][ T9079] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  685.947573][ T9079] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  685.957546][ T9525] CPU: 0 UID: 0 PID: 9525 Comm: syz.3.753 Not tainted syzkaller #0 PREEMPT(full) 
[  685.957561][ T9525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  685.957568][ T9525] Call Trace:
[  685.957573][ T9525]  <TASK>
[  685.957577][ T9525]  dump_stack_lvl+0x100/0x190
[  685.957599][ T9525]  should_fail_ex.cold+0x5/0xa
[  685.957614][ T9525]  should_failslab+0xc2/0x120
[  685.957631][ T9525]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  685.957645][ T9525]  ? skb_clone+0x190/0x400
[  685.957660][ T9525]  skb_clone+0x190/0x400
[  685.957674][ T9525]  netlink_deliver_tap+0xaed/0xcc0
[  685.957691][ T9525]  netlink_unicast+0x650/0x870
[  685.957709][ T9525]  ? __pfx_netlink_unicast+0x10/0x10
[  685.957729][ T9525]  netlink_sendmsg+0x8b0/0xda0
[  685.957746][ T9525]  ? __pfx_netlink_sendmsg+0x10/0x10
[  685.957760][ T9525]  ? __might_fault+0x20/0x140
[  685.957778][ T9525]  ____sys_sendmsg+0xa54/0xc30
[  685.957796][ T9525]  ? __pfx_____sys_sendmsg+0x10/0x10
[  685.957818][ T9525]  ___sys_sendmsg+0x190/0x1e0
[  685.957836][ T9525]  ? __pfx____sys_sendmsg+0x10/0x10
[  685.957870][ T9525]  __sys_sendmsg+0x170/0x220
[  685.957884][ T9525]  ? __pfx___sys_sendmsg+0x10/0x10
[  685.957905][ T9525]  do_syscall_64+0x106/0xf80
[  685.957919][ T9525]  ? clear_bhb_loop+0x40/0x90
[  685.957932][ T9525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.957944][ T9525] RIP: 0033:0x7f55d179bf79
[  685.957954][ T9525] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  685.957965][ T9525] RSP: 002b:00007f55d25e5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  685.957976][ T9525] RAX: ffffffffffffffda RBX: 00007f55d1a15fa0 RCX: 00007f55d179bf79
[  685.957983][ T9525] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[  685.957989][ T9525] RBP: 00007f55d25e5090 R08: 0000000000000000 R09: 0000000000000000
[  685.957995][ T9525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  685.958002][ T9525] R13: 00007f55d1a16038 R14: 00007f55d1a15fa0 R15: 00007ffc799b9eb8
[  685.958016][ T9525]  </TASK>
[  686.272570][ T9079] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  686.281865][ T9079] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.300965][ T9513] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  686.314706][ T9079] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  686.471553][ T9532] 8021q: adding VLAN 0 to HW filter on device batadv3
[  686.480490][ T9532] team0: Port device batadv3 added
[  686.527413][ T1208] usb 3-1: USB disconnect, device number 16
[  687.339541][ T9079] IPVS: starting estimator thread 0...
[  687.431616][ T9540] IPVS: using max 44 ests per chain, 105600 per kthread
[  688.419794][ T9557] 8021q: adding VLAN 0 to HW filter on device batadv4
[  688.433354][ T9557] team0: Port device batadv4 added
[  690.593943][ T9572] orangefs_mount: mount request failed with -4
[  692.024891][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  692.024922][   T30] audit: type=1400 audit(2000000018.690:435): avc:  denied  { getopt } for  pid=9586 comm="syz.3.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  692.591530][   T10] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  692.811569][ T9079] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  692.848087][   T10] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  692.917776][   T10] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  693.971611][   T10] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  693.984424][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.000298][ T9079] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  694.768807][ T9595] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  694.780013][   T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  694.787201][ T9079] usb 6-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  694.810262][ T9079] usb 6-1: config 2 interface 0 has no altsetting 0
[  694.878711][ T9079] usb 6-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  694.921705][ T9079] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.037140][ T9079] usb 6-1: Product: syz
[  695.076923][ T9079] usb 6-1: Manufacturer: syz
[  695.083003][   T10] usb 2-1: USB disconnect, device number 19
[  695.098253][ T9079] usb 6-1: SerialNumber: syz
[  695.409980][ T9598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.422004][ T9598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.596893][ T9079] usb 6-1: USB disconnect, device number 18
[  695.963477][ T9623] SELinux: ebitmap: map size 74280818 does not match my size 64 (high bit was 33554432)
[  696.013559][ T9623] SELinux: failed to load policy
[  696.187824][ T9628] FAULT_INJECTION: forcing a failure.
[  696.187824][ T9628] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  696.283981][ T9628] CPU: 0 UID: 0 PID: 9628 Comm: syz.6.778 Not tainted syzkaller #0 PREEMPT(full) 
[  696.284004][ T9628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  696.284014][ T9628] Call Trace:
[  696.284019][ T9628]  <TASK>
[  696.284025][ T9628]  dump_stack_lvl+0x100/0x190
[  696.284054][ T9628]  should_fail_ex.cold+0x5/0xa
[  696.284075][ T9628]  _copy_to_user+0x32/0xd0
[  696.284094][ T9628]  bpf_test_finish.isra.0+0x4df/0x660
[  696.284122][ T9628]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  696.284144][ T9628]  ? 0xffffffffa0206a80
[  696.284156][ T9628]  ? bpf_dispatcher_change_prog+0x2dc/0xa60
[  696.284185][ T9628]  bpf_prog_test_run_xdp+0xa70/0x1670
[  696.284216][ T9628]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  696.284243][ T9628]  ? fput+0x79/0x100
[  696.284258][ T9628]  ? __bpf_prog_get+0x97/0x2a0
[  696.284277][ T9628]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  696.284297][ T9628]  __sys_bpf+0x1725/0x4b90
[  696.284317][ T9628]  ? __pfx___sys_bpf+0x10/0x10
[  696.284329][ T9628]  ? proc_fail_nth_write+0x9f/0x220
[  696.284345][ T9628]  ? find_held_lock+0x2b/0x80
[  696.284369][ T9628]  ? find_held_lock+0x2b/0x80
[  696.284389][ T9628]  ? ksys_write+0x190/0x250
[  696.284416][ T9628]  ? __mutex_unlock_slowpath+0x15c/0x790
[  696.284438][ T9628]  ? __fget_files+0x215/0x3d0
[  696.284475][ T9628]  ? fput+0x79/0x100
[  696.284490][ T9628]  ? ksys_write+0x1ac/0x250
[  696.284510][ T9628]  ? __pfx_ksys_write+0x10/0x10
[  696.284535][ T9628]  __x64_sys_bpf+0x7b/0xc0
[  696.284551][ T9628]  ? lockdep_hardirqs_on+0x78/0x100
[  696.284571][ T9628]  do_syscall_64+0x106/0xf80
[  696.284591][ T9628]  ? clear_bhb_loop+0x40/0x90
[  696.284612][ T9628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.284629][ T9628] RIP: 0033:0x7f62fa79bf79
[  696.284643][ T9628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  696.284657][ T9628] RSP: 002b:00007f62fb668028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  696.284675][ T9628] RAX: ffffffffffffffda RBX: 00007f62faa15fa0 RCX: 00007f62fa79bf79
[  696.284686][ T9628] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  696.284696][ T9628] RBP: 00007f62fb668090 R08: 0000000000000000 R09: 0000000000000000
[  696.284706][ T9628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  696.284715][ T9628] R13: 00007f62faa16038 R14: 00007f62faa15fa0 R15: 00007ffe0980a968
[  696.284740][ T9628]  </TASK>
[  696.608173][ T9638] ALSA: mixer_oss: invalid OSS volume ''
[  697.063175][   T30] audit: type=1400 audit(2000000023.750:436): avc:  denied  { connect } for  pid=9632 comm="syz.3.783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  697.111938][ T9639] ceph: No mds server is up or the cluster is laggy
[  697.230756][   T30] audit: type=1400 audit(2000000023.750:437): avc:  denied  { setopt } for  pid=9632 comm="syz.3.783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  697.311568][   T30] audit: type=1400 audit(2000000023.810:438): avc:  denied  { write } for  pid=9632 comm="syz.3.783" path="socket:[24215]" dev="sockfs" ino=24215 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  697.343711][   T30] audit: type=1400 audit(2000000023.820:439): avc:  denied  { bind } for  pid=9632 comm="syz.3.783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  697.581923][ T9655] can0: slcan on ttyS3.
[  697.732275][ T9655] can0 (unregistered): slcan off ttyS3.
[  697.800588][ T9657] can0: slcan on ttyS3.
[  698.751517][ T9079] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  698.776866][ T9646] can0 (unregistered): slcan off ttyS3.
[  698.812003][ T2617] block nbd0: Possible stuck request ffff888027db0000: control (read@0,1024B). Runtime 150 seconds
[  698.822937][ T2617] block nbd0: Possible stuck request ffff888027db0200: control (read@1024,1024B). Runtime 150 seconds
[  698.834441][ T2617] block nbd0: Possible stuck request ffff888027db0400: control (read@2048,1024B). Runtime 150 seconds
[  698.846074][ T2617] block nbd0: Possible stuck request ffff888027db0600: control (read@3072,1024B). Runtime 150 seconds
[  699.890742][ T9079] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  699.941329][ T9079] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  699.966812][ T9079] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  700.015633][ T9079] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  700.041536][ T9079] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.071340][ T9079] usb 6-1: Product: syz
[  700.089052][ T9079] usb 6-1: Manufacturer: syz
[  700.099173][ T9079] usb 6-1: SerialNumber: syz
[  700.125027][ T9079] usb 6-1: config 0 descriptor??
[  700.149501][ T9649] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  700.161663][ T9649] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  700.180615][ T9079] usb 6-1: ucan: probing device on interface #0
[  700.289346][ T9079] usb 6-1: ucan: could not read protocol version, ret=-71
[  700.339626][ T9079] usb 6-1: ucan: probe failed; try to update the device firmware
[  700.348277][ T9670] netlink: 'syz.2.789': attribute type 16 has an invalid length.
[  700.376084][ T9670] netlink: 'syz.2.789': attribute type 17 has an invalid length.
[  700.443343][ T9079] usb 6-1: USB disconnect, device number 19
[  700.600820][ T9670] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  702.133572][ T9688] 8021q: adding VLAN 0 to HW filter on device batadv3
[  702.193168][ T9688] team0: Port device batadv3 added
[  702.807177][ T9693] syzkaller1: entered promiscuous mode
[  702.829091][ T9693] syzkaller1: entered allmulticast mode
[  702.872435][ T9696] efs: cannot read volume header
[  703.433903][   T10] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  703.581961][ T9079] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  703.611680][   T10] usb 3-1: Using ep0 maxpacket: 32
[  703.622939][   T10] usb 3-1: unable to get BOS descriptor or descriptor too short
[  703.681750][   T10] usb 3-1: config 128 has an invalid interface number: 127 but max is 3
[  703.726895][   T10] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  703.784106][   T10] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4
[  703.888748][ T9079] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  703.934034][ T9079] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  703.946430][   T10] usb 3-1: config 128 has no interface number 0
[  703.966488][   T10] usb 3-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  703.995312][ T9079] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  704.020798][ T9079] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.103270][   T10] usb 3-1: config 128 interface 127 has no altsetting 0
[  704.284611][ T9702] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  704.294943][ T9079] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  704.301993][   T10] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  704.313751][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.364354][   T10] usb 3-1: Product: syz
[  704.368536][   T10] usb 3-1: Manufacturer: syz
[  704.405734][   T30] audit: type=1326 audit(2000000031.100:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  704.466850][   T10] usb 3-1: SerialNumber: syz
[  704.484003][ T9714] warning: `syz.1.802' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  704.546727][   T30] audit: type=1326 audit(2000000031.100:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  704.592247][ T9707] vxcan1 speed is unknown, defaulting to 1000
[  704.735838][   T30] audit: type=1326 audit(2000000031.100:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  704.787963][   T30] audit: type=1326 audit(2000000031.100:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  704.812809][   T30] audit: type=1326 audit(2000000031.100:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  704.945993][ T9079] usb 6-1: USB disconnect, device number 20
[  704.993768][   T30] audit: type=1326 audit(2000000031.100:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  705.003952][   T10] usb 3-1: USB disconnect, device number 17
[  705.113075][   T30] audit: type=1326 audit(2000000031.100:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  705.139366][   T30] audit: type=1326 audit(2000000031.100:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  705.267498][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  705.411522][   T30] audit: type=1326 audit(2000000031.140:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  705.969619][   T30] audit: type=1326 audit(2000000031.140:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9713 comm="syz.1.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa359bf79 code=0x7ffc0000
[  706.100735][ T9726] netlink: 24 bytes leftover after parsing attributes in process `syz.2.805'.
[  706.125867][ T9724] syzkaller1: entered promiscuous mode
[  706.191135][ T9727] efs: cannot read volume header
[  706.216533][ T9724] syzkaller1: entered allmulticast mode
[  706.238824][ T9726] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=9726 comm=syz.2.805
[  706.886176][ T4814] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  707.072082][ T4814] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  707.253179][ T9746] can0: slcan on ttyS3.
[  707.289360][ T4814] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  707.305433][ T4814] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  707.314785][ T4814] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.333545][ T9743] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  707.352669][ T9747] can0 (unregistered): slcan off ttyS3.
[  707.363659][ T4814] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  707.566801][ T9750] netlink: 'syz.2.808': attribute type 16 has an invalid length.
[  707.576447][ T9750] netlink: 'syz.2.808': attribute type 17 has an invalid length.
[  707.757933][ T9750] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  707.943155][ T4814] usb 7-1: USB disconnect, device number 5
[  707.951029][ T9758] random: crng reseeded on system resumption
[  708.119023][ T9760] FAULT_INJECTION: forcing a failure.
[  708.119023][ T9760] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  708.205344][ T9762] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  708.343504][ T9760] CPU: 1 UID: 0 PID: 9760 Comm: syz.3.813 Not tainted syzkaller #0 PREEMPT(full) 
[  708.343528][ T9760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  708.343538][ T9760] Call Trace:
[  708.343544][ T9760]  <TASK>
[  708.343550][ T9760]  dump_stack_lvl+0x100/0x190
[  708.343583][ T9760]  should_fail_ex.cold+0x5/0xa
[  708.343603][ T9760]  _copy_to_user+0x32/0xd0
[  708.343623][ T9760]  simple_read_from_buffer+0xcb/0x170
[  708.343655][ T9760]  proc_fail_nth_read+0x1af/0x230
[  708.343672][ T9760]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  708.343703][ T9760]  ? rw_verify_area+0xce/0x6d0
[  708.343723][ T9760]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  708.343748][ T9760]  vfs_read+0x1e4/0xb30
[  708.343773][ T9760]  ? __pfx_vfs_read+0x10/0x10
[  708.343794][ T9760]  ? __fget_files+0x215/0x3d0
[  708.343825][ T9760]  ? __fget_files+0x21f/0x3d0
[  708.343857][ T9760]  ksys_read+0x12a/0x250
[  708.343880][ T9760]  ? __pfx_ksys_read+0x10/0x10
[  708.343909][ T9760]  do_syscall_64+0x106/0xf80
[  708.343930][ T9760]  ? clear_bhb_loop+0x40/0x90
[  708.343951][ T9760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.343968][ T9760] RIP: 0033:0x7f55d175c84e
[  708.343983][ T9760] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  708.344000][ T9760] RSP: 002b:00007f55d25c3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  708.344017][ T9760] RAX: ffffffffffffffda RBX: 00007f55d25c46c0 RCX: 00007f55d175c84e
[  708.344027][ T9760] RDX: 000000000000000f RSI: 00007f55d25c40a0 RDI: 0000000000000004
[  708.344037][ T9760] RBP: 00007f55d25c4090 R08: 0000000000000000 R09: 0000000000000000
[  708.344047][ T9760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.344057][ T9760] R13: 00007f55d1a16128 R14: 00007f55d1a16090 R15: 00007ffc799b9eb8
[  708.344082][ T9760]  </TASK>
[  708.457847][ T9762] SELinux: failed to load policy
[  708.878200][ T9764] vxcan1 speed is unknown, defaulting to 1000
[  709.781949][ T1208] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  710.065252][ T9774] vxcan1 speed is unknown, defaulting to 1000
[  710.326800][ T1208] usb 7-1: Using ep0 maxpacket: 32
[  710.360685][ T1208] usb 7-1: unable to get BOS descriptor or descriptor too short
[  710.393207][ T1208] usb 7-1: config 128 has an invalid interface number: 127 but max is 3
[  710.438097][ T1208] usb 7-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  710.494052][ T1208] usb 7-1: config 128 has 1 interface, different from the descriptor's value: 4
[  710.547048][ T1208] usb 7-1: config 128 has no interface number 0
[  710.583808][ T1208] usb 7-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  710.639066][ T1208] usb 7-1: config 128 interface 127 has no altsetting 0
[  710.705697][ T1208] usb 7-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  710.715206][ T1208] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  710.809046][ T1208] usb 7-1: Product: syz
[  710.821879][ T1208] usb 7-1: Manufacturer: syz
[  710.863854][ T1208] usb 7-1: SerialNumber: syz
[  711.029381][ T9779] vxcan1 speed is unknown, defaulting to 1000
[  711.875059][ T9789] orangefs_mount: mount request failed with -4
[  711.998859][ T1208] usb 7-1: USB disconnect, device number 6
[  712.272368][ T9805] netlink: 'syz.5.826': attribute type 23 has an invalid length.
[  712.748586][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  712.942661][   T10] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  713.143002][   T10] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  713.171497][   T10] usb 4-1: config 0 has no interface number 0
[  713.203208][   T10] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F
[  713.483333][   T10] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  713.538525][   T10] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  713.614465][   T10] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  713.691820][   T10] usb 4-1: Product: syz
[  713.696195][   T10] usb 4-1: SerialNumber: syz
[  713.758983][   T10] usb 4-1: config 0 descriptor??
[  713.822732][   T10] cm109 4-1:0.8: invalid payload size 8, expected 4
[  713.874097][   T10] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input7
[  714.099301][ T9820] netlink: 'syz.5.829': attribute type 11 has an invalid length.
[  714.126097][ T9820] netlink: 8 bytes leftover after parsing attributes in process `syz.5.829'.
[  714.242412][   T10] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  714.299605][   T10] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  714.475085][   T30] kauditd_printk_skb: 51 callbacks suppressed
[  714.475104][   T30] audit: type=1400 audit(2000000004.330:501): avc:  denied  { map } for  pid=9823 comm="syz.6.831" path="socket:[25403]" dev="sockfs" ino=25403 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  714.634060][    C0] cm109 4-1:0.8: cm109_urb_irq_callback: urb status -71
[  714.684530][   T30] audit: type=1400 audit(2000000004.330:502): avc:  denied  { accept } for  pid=9823 comm="syz.6.831" path="socket:[25403]" dev="sockfs" ino=25403 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  714.913067][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  714.913260][ T1208] usb 4-1: USB disconnect, device number 24
[  714.920040][    C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  715.142153][ T1208] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  715.306008][   T30] audit: type=1400 audit(2000000005.050:503): avc:  denied  { create } for  pid=9821 comm="syz.1.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  715.682068][   T30] audit: type=1400 audit(2000000005.540:504): avc:  denied  { unmount } for  pid=8800 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  716.519286][ T4814] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  716.681503][ T4814] usb 4-1: Using ep0 maxpacket: 32
[  716.699755][ T4814] usb 4-1: unable to get BOS descriptor or descriptor too short
[  716.720971][ T9842] cgroup: No subsys list or none specified
[  716.750104][ T4814] usb 4-1: config 128 has an invalid interface number: 127 but max is 3
[  716.762137][ T9841] vxcan1 speed is unknown, defaulting to 1000
[  716.802277][ T4814] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  716.825195][ T9842] exFAT-fs (loop1): unable to read boot sector
[  717.190929][ T9845] SELinux:  policydb magic number 0x30307830 does not match expected magic number 0xf97cff8c
[  717.201948][ T9845] SELinux: failed to load policy
[  717.241870][ T9845] Cannot find del_set index 0 as target
[  717.757644][   T30] audit: type=1400 audit(2000000007.020:505): avc:  denied  { name_bind } for  pid=9843 comm="syz.6.832" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  717.801167][ T4814] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4
[  717.850671][ T9842] exFAT-fs (loop1): failed to read boot sector
[  717.874269][ T4814] usb 4-1: config 128 has no interface number 0
[  717.880836][ T9842] exFAT-fs (loop1): failed to recognize exfat type
[  717.932978][ T4814] usb 4-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  717.999254][ T4814] usb 4-1: config 128 interface 127 has no altsetting 0
[  718.036516][ T4814] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  718.066850][ T4814] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.111560][ T4814] usb 4-1: Product: syz
[  718.115730][ T4814] usb 4-1: Manufacturer: syz
[  718.141534][ T4814] usb 4-1: SerialNumber: syz
[  718.592114][ T4814] usb 4-1: USB disconnect, device number 25
[  718.703952][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  719.375113][   T30] audit: type=1400 audit(2000000009.230:506): avc:  denied  { connect } for  pid=9854 comm="syz.1.838" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  720.287542][ T9862] vxcan1 speed is unknown, defaulting to 1000
[  720.403528][   T30] audit: type=1400 audit(2000000000.280:507): avc:  denied  { append } for  pid=9865 comm="syz.5.841" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  720.941576][ T6005] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  720.952108][   T10] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  721.403915][ T6005] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  721.415010][   T10] usb 2-1: config 1 interface 0 altsetting 15 bulk endpoint 0x1 has invalid maxpacket 32
[  721.446325][ T6005] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  721.457897][   T10] usb 2-1: config 1 interface 0 altsetting 15 bulk endpoint 0x82 has invalid maxpacket 8
[  721.482334][ T6005] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  721.493483][   T10] usb 2-1: config 1 interface 0 has no altsetting 0
[  721.513018][   T10] usb 2-1: string descriptor 0 read error: -22
[  721.565467][ T6005] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.577789][   T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  721.591862][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  721.606454][ T9873] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  721.629997][ T9872] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  721.651702][ T9872] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  721.666894][ T6005] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  722.123625][   T30] audit: type=1400 audit(2000000001.890:508): avc:  denied  { append } for  pid=9879 comm="syz.6.844" name="sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  722.240379][   T30] audit: type=1400 audit(2000000002.000:509): avc:  denied  { write } for  pid=9879 comm="syz.6.844" name="rtc0" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  722.777640][ T9888] FAULT_INJECTION: forcing a failure.
[  722.777640][ T9888] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  722.824934][ T9888] CPU: 1 UID: 0 PID: 9888 Comm: syz.2.846 Not tainted syzkaller #0 PREEMPT(full) 
[  722.824957][ T9888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  722.824966][ T9888] Call Trace:
[  722.824971][ T9888]  <TASK>
[  722.824977][ T9888]  dump_stack_lvl+0x100/0x190
[  722.825007][ T9888]  should_fail_ex.cold+0x5/0xa
[  722.825028][ T9888]  _copy_to_user+0x32/0xd0
[  722.825049][ T9888]  simple_read_from_buffer+0xcb/0x170
[  722.825075][ T9888]  proc_fail_nth_read+0x1af/0x230
[  722.825093][ T9888]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  722.825119][ T9888]  ? rw_verify_area+0xce/0x6d0
[  722.825138][ T9888]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  722.825163][ T9888]  vfs_read+0x1e4/0xb30
[  722.825189][ T9888]  ? __pfx_vfs_read+0x10/0x10
[  722.825208][ T9888]  ? __fget_files+0x215/0x3d0
[  722.825236][ T9888]  ? __fget_files+0x21f/0x3d0
[  722.825268][ T9888]  ksys_read+0x12a/0x250
[  722.825288][ T9888]  ? __pfx_ksys_read+0x10/0x10
[  722.825315][ T9888]  do_syscall_64+0x106/0xf80
[  722.825335][ T9888]  ? clear_bhb_loop+0x40/0x90
[  722.825355][ T9888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.825370][ T9888] RIP: 0033:0x7fcdeb55c84e
[  722.825384][ T9888] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  722.825398][ T9888] RSP: 002b:00007fcdec425fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  722.825414][ T9888] RAX: ffffffffffffffda RBX: 00007fcdec4266c0 RCX: 00007fcdeb55c84e
[  722.825425][ T9888] RDX: 000000000000000f RSI: 00007fcdec4260a0 RDI: 0000000000000004
[  722.825434][ T9888] RBP: 00007fcdec426090 R08: 0000000000000000 R09: 0000000000000000
[  722.825443][ T9888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  722.825452][ T9888] R13: 00007fcdeb816038 R14: 00007fcdeb815fa0 R15: 00007fff748771a8
[  722.825474][ T9888]  </TASK>
[  723.372738][ T9892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  723.392627][ T9892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  723.511120][   T10] usblp 2-1:1.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 15 proto 3 vid 0x0525 pid 0xA4A8
[  723.567065][ T1208] usb 6-1: USB disconnect, device number 21
[  723.591532][ T9877] usb 4-1: new low-speed USB device number 26 using dummy_hcd
[  723.609280][   T10] usb 2-1: USB disconnect, device number 20
[  723.840834][   T10] usblp0: removed
[  723.898416][ T9911] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  723.906839][ T9911] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  723.917172][ T9911] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  723.974742][   T30] audit: type=1400 audit(2000000003.800:510): avc:  denied  { firmware_load } for  pid=9900 comm="syz.1.851" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  725.492374][ T6005] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  725.618953][ T9927] vxcan1 speed is unknown, defaulting to 1000
[  727.002869][ T6005] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  727.018610][ T6005] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  727.051586][ T6005] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  727.081503][ T6005] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.147659][ T9923] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  727.163180][ T6005] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  727.395489][ T6005] usb 7-1: USB disconnect, device number 7
[  728.586545][ T9948] netlink: 'syz.6.861': attribute type 4 has an invalid length.
[  728.751621][ T6005] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  728.964433][ T2617] block nbd0: Possible stuck request ffff888027db0000: control (read@0,1024B). Runtime 180 seconds
[  728.975354][ T2617] block nbd0: Possible stuck request ffff888027db0200: control (read@1024,1024B). Runtime 180 seconds
[  728.986392][ T2617] block nbd0: Possible stuck request ffff888027db0400: control (read@2048,1024B). Runtime 180 seconds
[  729.000694][ T2617] block nbd0: Possible stuck request ffff888027db0600: control (read@3072,1024B). Runtime 180 seconds
[  729.164318][ T6005] usb 3-1: config 1 interface 0 altsetting 15 bulk endpoint 0x1 has invalid maxpacket 32
[  729.195398][ T6005] usb 3-1: config 1 interface 0 altsetting 15 bulk endpoint 0x82 has invalid maxpacket 8
[  729.350071][ T6005] usb 3-1: config 1 interface 0 has no altsetting 0
[  729.391541][  T793] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  729.727330][ T6005] usb 3-1: string descriptor 0 read error: -22
[  729.753714][ T6005] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  729.770239][ T9954] vxcan1 speed is unknown, defaulting to 1000
[  729.806482][ T6005] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.833925][  T793] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  729.874264][  T793] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  729.886660][ T9944] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  729.921835][ T9944] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  729.948451][  T793] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  730.040580][  T793] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.132079][ T9950] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  730.142582][  T793] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  730.509200][  T793] usb 2-1: USB disconnect, device number 21
[  731.478492][ T9967] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  731.577771][ T9970] netlink: 4 bytes leftover after parsing attributes in process `syz.5.866'.
[  733.297813][   T30] audit: type=1400 audit(2000000003.820:511): avc:  denied  { write } for  pid=9977 comm="syz.1.868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  733.311751][ T6005] usblp 3-1:1.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 15 proto 3 vid 0x0525 pid 0xA4A8
[  733.379785][ T9985] random: crng reseeded on system resumption
[  733.438846][ T6005] usb 3-1: USB disconnect, device number 18
[  733.462637][ T6005] usblp0: removed
[  733.601710][ T4814] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  733.785171][ T4814] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  733.875886][ T4814] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  733.961079][ T4814] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  734.024384][ T4814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.058031][ T9990] netlink: 24 bytes leftover after parsing attributes in process `syz.3.872'.
[  734.071542][ T4814] usb 2-1: Product: syz
[  734.105512][ T4814] usb 2-1: Manufacturer: syz
[  734.133926][ T4814] usb 2-1: SerialNumber: syz
[  734.217121][ T4814] cdc_mbim 2-1:1.0: skipping garbage
[  734.389642][ T9978] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  735.050381][ T9995] vxcan1 speed is unknown, defaulting to 1000
[  735.210422][ T9978] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  735.493003][T10001] FAULT_INJECTION: forcing a failure.
[  735.493003][T10001] name failslab, interval 1, probability 0, space 0, times 0
[  735.549179][ T4814] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device
[  735.571535][ T9998] SELinux: ebitmap: truncated map
[  735.600827][T10001] CPU: 1 UID: 0 PID: 10001 Comm: syz.6.875 Not tainted syzkaller #0 PREEMPT(full) 
[  735.600851][T10001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  735.600861][T10001] Call Trace:
[  735.600867][T10001]  <TASK>
[  735.600873][T10001]  dump_stack_lvl+0x100/0x190
[  735.600906][T10001]  should_fail_ex.cold+0x5/0xa
[  735.600928][T10001]  should_failslab+0xc2/0x120
[  735.600954][T10001]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  735.600975][T10001]  ? skb_clone+0x190/0x400
[  735.601000][T10001]  skb_clone+0x190/0x400
[  735.601021][T10001]  netlink_deliver_tap+0xaed/0xcc0
[  735.601049][T10001]  netlink_unicast+0x650/0x870
[  735.601076][T10001]  ? __pfx_netlink_unicast+0x10/0x10
[  735.601107][T10001]  netlink_sendmsg+0x8b0/0xda0
[  735.601135][T10001]  ? __pfx_netlink_sendmsg+0x10/0x10
[  735.601156][T10001]  ? __might_fault+0x20/0x140
[  735.601185][T10001]  ____sys_sendmsg+0xa54/0xc30
[  735.601213][T10001]  ? __pfx_____sys_sendmsg+0x10/0x10
[  735.601250][T10001]  ___sys_sendmsg+0x190/0x1e0
[  735.601282][T10001]  ? __pfx____sys_sendmsg+0x10/0x10
[  735.601339][T10001]  __sys_sendmsg+0x170/0x220
[  735.601359][T10001]  ? __pfx___sys_sendmsg+0x10/0x10
[  735.601396][T10001]  do_syscall_64+0x106/0xf80
[  735.601416][T10001]  ? clear_bhb_loop+0x40/0x90
[  735.601441][T10001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.601458][T10001] RIP: 0033:0x7f62fa79bf79
[  735.601473][T10001] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  735.601489][T10001] RSP: 002b:00007f62fb668028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  735.601507][T10001] RAX: ffffffffffffffda RBX: 00007f62faa15fa0 RCX: 00007f62fa79bf79
[  735.601518][T10001] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004
[  735.601528][T10001] RBP: 00007f62fb668090 R08: 0000000000000000 R09: 0000000000000000
[  735.601538][T10001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.601548][T10001] R13: 00007f62faa16038 R14: 00007f62faa15fa0 R15: 00007ffe0980a968
[  735.601573][T10001]  </TASK>
[  735.601663][ T9998] SELinux: failed to load policy
[  735.782886][ T4814] wwan wwan0: port wwan0mbim0 attached
[  736.395707][   T30] audit: type=1400 audit(2000000001.390:512): avc:  denied  { bind } for  pid=10009 comm="syz.2.877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  736.427636][ T4814] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 76:c9:ac:7a:b1:b5
[  736.593417][ T4814] usb 2-1: USB disconnect, device number 22
[  736.642011][ T4814] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[  736.671819][ T6005] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  736.837962][ T6005] usb 7-1: Using ep0 maxpacket: 8
[  737.370819][ T6005] usb 7-1: config 0 has an invalid interface number: 31 but max is 0
[  737.411543][ T6005] usb 7-1: config 0 has no interface number 0
[  737.424919][ T6005] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  737.457643][ T6005] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.486504][ T6005] usb 7-1: Product: syz
[  737.495825][ T6005] usb 7-1: Manufacturer: syz
[  737.509229][ T6005] usb 7-1: SerialNumber: syz
[  737.529931][ T6005] usb 7-1: config 0 descriptor??
[  737.543889][ T4814] wwan wwan0: port wwan0mbim0 disconnected
[  737.751526][   T30] audit: type=1400 audit(2000000002.750:513): avc:  denied  { read } for  pid=5475 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  737.928157][ T6005] uvcvideo 7-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  737.950564][ T6005] uvcvideo 7-1:0.31: Entity type for entity Output 32774 was not initialized!
[  738.050599][T10031] netlink: 'syz.5.882': attribute type 4 has an invalid length.
[  738.438333][ T6005] usb 7-1: USB disconnect, device number 8
[  738.585199][T10035] random: crng reseeded on system resumption
[  738.751220][T10038] netlink: 24 bytes leftover after parsing attributes in process `syz.6.884'.
[  739.053417][T10049] vivid-007: disconnect
[  739.162970][ T4814] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  739.423197][ T4814] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  739.448550][ T4814] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  739.493225][ T4814] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  739.514421][ T4814] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  739.548334][T10045] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  739.574926][ T4814] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  739.601529][T10021] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  739.729501][   T30] audit: type=1326 audit(2000000004.730:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10060 comm="syz.6.890" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f62fa79bf79 code=0x0
[  739.771555][T10021] usb 6-1: Using ep0 maxpacket: 8
[  739.793502][T10021] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  739.811506][T10021] usb 6-1: config 0 has no interface number 0
[  739.831730][T10021] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 33066, setting to 1024
[  739.843133][ T4814] usb 4-1: USB disconnect, device number 27
[  739.851793][T10021] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  739.887540][T10021] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  739.945519][T10021] usb 6-1: config 0 descriptor??
[  739.951082][   T30] audit: type=1400 audit(2000000004.940:515): avc:  denied  { ioctl } for  pid=10060 comm="syz.6.890" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  739.980799][T10021] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  740.688191][ T1208] usb 6-1: USB disconnect, device number 22
[  740.707621][T10064] loop9: detected capacity change from 0 to 7
[  740.739002][ T5853] Dev loop9: unable to read RDB block 7
[  740.753126][T10047] vivid-007: reconnect
[  740.768610][ T5853]  loop9: unable to read partition table
[  740.796616][ T5853] loop9: partition table beyond EOD, truncated
[  740.810908][T10064] Dev loop9: unable to read RDB block 7
[  740.816716][T10064]  loop9: unable to read partition table
[  740.830286][T10064] loop9: partition table beyond EOD, truncated
[  740.836564][T10064] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  741.350305][T10080] can0: slcan on ttyS3.
[  741.500216][ T1208] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  741.634220][T10080] can0 (unregistered): slcan off ttyS3.
[  741.646230][T10079] can0: slcan on ttyS3.
[  741.696536][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  741.741624][ T1208] usb 3-1: Using ep0 maxpacket: 8
[  741.802290][ T1208] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  742.061005][ T1208] usb 3-1: config 0 has no interface number 0
[  742.114446][T10074] can0 (unregistered): slcan off ttyS3.
[  742.253334][ T1208] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  742.273955][ T1208] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.290985][ T1208] usb 3-1: Product: syz
[  742.295326][ T1208] usb 3-1: Manufacturer: syz
[  742.307513][T10095] syzkaller1: entered promiscuous mode
[  742.335380][T10095] syzkaller1: entered allmulticast mode
[  742.361275][ T1208] usb 3-1: SerialNumber: syz
[  742.388416][ T1208] usb 3-1: config 0 descriptor??
[  742.392517][T10095] efs: cannot read volume header
[  742.651402][ T1208] uvcvideo 3-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  742.689828][ T1208] uvcvideo 3-1:0.31: Entity type for entity Output 32774 was not initialized!
[  742.756642][ T1208] usb 3-1: USB disconnect, device number 19
[  743.653535][T10128] netlink: 64 bytes leftover after parsing attributes in process `syz.1.904'.
[  743.692779][T10132] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  743.765006][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  743.784943][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  743.794388][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  743.803082][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  743.810599][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  743.889525][T10126] vxcan1 speed is unknown, defaulting to 1000
[  744.444426][T10144] netlink: 24 bytes leftover after parsing attributes in process `syz.2.907'.
[  744.518105][T10148] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10148 comm=syz.2.907
[  744.587667][T10126] chnl_net:caif_netlink_parms(): no params data found
[  745.289654][T10157] can0: slcan on ttyS3.
[  745.931938][ T5855] Bluetooth: hci4: command tx timeout
[  746.104236][T10158] can0 (unregistered): slcan off ttyS3.
[  746.220981][T10126] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.282755][T10126] bridge0: port 1(bridge_slave_0) entered disabled state
[  746.300365][T10126] bridge_slave_0: entered allmulticast mode
[  746.330971][T10126] bridge_slave_0: entered promiscuous mode
[  746.350220][T10126] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.381682][T10126] bridge0: port 2(bridge_slave_1) entered disabled state
[  746.401950][T10126] bridge_slave_1: entered allmulticast mode
[  746.409187][T10126] bridge_slave_1: entered promiscuous mode
[  746.492398][  T793] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  746.781036][T10126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  746.790416][  T793] usb 4-1: Using ep0 maxpacket: 8
[  746.803795][  T793] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  746.820660][  T793] usb 4-1: config 0 has no interface number 0
[  746.832645][T10126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  746.853245][  T793] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  746.874103][  T793] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.897621][  T793] usb 4-1: Product: syz
[  746.921547][  T793] usb 4-1: Manufacturer: syz
[  746.926185][  T793] usb 4-1: SerialNumber: syz
[  746.931576][  T793] usb 4-1: config 0 descriptor??
[  746.955278][T10126] team0: Port device team_slave_0 added
[  746.964994][T10126] team0: Port device team_slave_1 added
[  747.394969][  T793] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  747.421711][  T793] uvcvideo 4-1:0.31: Entity type for entity Output 32774 was not initialized!
[  747.443644][T10126] batman_adv: batadv0: Adding interface: batadv_slave_0
[  747.450578][T10126] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  747.485730][T10126] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  747.488503][  T793] usb 4-1: USB disconnect, device number 28
[  747.512061][T10126] batman_adv: batadv0: Adding interface: batadv_slave_1
[  747.522381][T10126] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  747.550096][T10126] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  747.602295][T10126] hsr_slave_0: entered promiscuous mode
[  747.608707][T10126] hsr_slave_1: entered promiscuous mode
[  747.616452][T10126] debugfs: 'hsr0' already exists in 'hsr'
[  747.624614][T10126] Cannot create hsr debugfs directory
[  747.893723][T10126] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  747.914623][T10126] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  747.936680][T10126] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  748.022048][ T5855] Bluetooth: hci4: command tx timeout
[  748.087552][T10126] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  748.344351][T10200] netlink: 'syz.2.917': attribute type 16 has an invalid length.
[  748.352546][T10200] netlink: 'syz.2.917': attribute type 17 has an invalid length.
[  748.374888][T10200] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  748.434799][T10207] syzkaller1: entered promiscuous mode
[  748.543031][T10215] efs: cannot read volume header
[  748.717243][T10207] syzkaller1: entered allmulticast mode
[  748.802747][T10126] 8021q: adding VLAN 0 to HW filter on device bond0
[  748.818548][T10126] 8021q: adding VLAN 0 to HW filter on device team0
[  748.830986][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state
[  748.838112][ T5978] bridge0: port 1(bridge_slave_0) entered forwarding state
[  748.850375][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  748.857487][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  749.037971][T10126] 8021q: adding VLAN 0 to HW filter on device batadv0
[  749.179490][T10126] veth0_vlan: entered promiscuous mode
[  749.188506][T10126] veth1_vlan: entered promiscuous mode
[  749.210549][T10126] veth0_macvtap: entered promiscuous mode
[  749.219301][T10126] veth1_macvtap: entered promiscuous mode
[  749.225058][ T6613] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  749.235729][T10126] batman_adv: batadv0: Interface activated: batadv_slave_0
[  749.248555][T10126] batman_adv: batadv0: Interface activated: batadv_slave_1
[  749.259655][ T5978] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  749.269562][ T5978] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  749.288248][ T5978] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  749.319627][ T5978] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  749.383939][ T6613] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  749.419203][ T6613] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  749.443767][ T6057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.455887][ T6613] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  749.490426][ T6613] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.509217][ T6057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.526255][T10223] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  749.548312][ T6613] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  749.664984][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.680961][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.779990][  T793] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  749.920952][T10237] can0: slcan on ttyS3.
[  750.083337][T10236] can0 (unregistered): slcan off ttyS3.
[  750.098801][ T5855] Bluetooth: hci4: command tx timeout
[  750.137163][T10237] can0: slcan on ttyS3.
[  750.170443][ T6613] usb 4-1: USB disconnect, device number 29
[  750.423060][  T793] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  750.487173][  T793] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  750.549770][  T793] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  750.563577][T10233] can0 (unregistered): slcan off ttyS3.
[  750.599094][  T793] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.651177][T10232] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  750.711328][  T793] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  751.221656][  T793] usb 7-1: USB disconnect, device number 9
[  752.306987][   T51] Bluetooth: hci4: command tx timeout
[  752.451727][T10021] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  752.656739][T10021] usb 4-1: Using ep0 maxpacket: 8
[  752.698751][T10021] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  752.721848][T10021] usb 4-1: config 0 has no interface number 0
[  752.745563][T10021] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  752.910108][T10021] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  752.960675][T10021] usb 4-1: Product: syz
[  752.979675][T10021] usb 4-1: Manufacturer: syz
[  753.001203][T10021] usb 4-1: SerialNumber: syz
[  753.011562][  T793] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  753.072433][T10021] usb 4-1: config 0 descriptor??
[  753.300455][T10288] vxcan1 speed is unknown, defaulting to 1000
[  753.589977][  T793] usb 2-1: Using ep0 maxpacket: 32
[  753.597273][  T793] usb 2-1: unable to get BOS descriptor or descriptor too short
[  753.614303][  T793] usb 2-1: config 128 has an invalid interface number: 127 but max is 3
[  753.641531][  T793] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  753.667854][T10021] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  753.701589][T10021] uvcvideo 4-1:0.31: Entity type for entity Output 32774 was not initialized!
[  753.720924][  T793] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4
[  753.762211][  T793] usb 2-1: config 128 has no interface number 0
[  753.811973][T10021] usb 4-1: USB disconnect, device number 30
[  753.821369][  T793] usb 2-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  753.882955][  T793] usb 2-1: config 128 interface 127 has no altsetting 0
[  753.906672][  T793] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  753.927961][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.969694][  T793] usb 2-1: Product: syz
[  753.984516][  T793] usb 2-1: Manufacturer: syz
[  754.000266][  T793] usb 2-1: SerialNumber: syz
[  754.401153][   T51] Bluetooth: hci5: command 0x0405 tx timeout
[  754.417668][ T5958] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  754.499930][  T793] usb 2-1: USB disconnect, device number 23
[  754.587375][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  754.605733][ T5958] usb 3-1: Using ep0 maxpacket: 32
[  754.616469][ T5958] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  754.630952][ T5958] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  754.852660][ T5958] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  754.927360][ T5958] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.952068][ T5958] usb 3-1: config 0 descriptor??
[  755.435241][ T5958] asus 0003:0B05:1822.0007: unknown main item tag 0x0
[  755.489135][ T5958] asus 0003:0B05:1822.0007: unknown main item tag 0x0
[  755.499905][ T5958] asus 0003:0B05:1822.0007: unknown main item tag 0x0
[  755.506990][ T5958] asus 0003:0B05:1822.0007: unknown main item tag 0x0
[  755.515645][ T5958] asus 0003:0B05:1822.0007: unknown main item tag 0x0
[  755.691373][T10327] can0: slcan on ttyS3.
[  755.991862][ T5958] asus 0003:0B05:1822.0007: hidraw0: USB HID v0.00 Device [HID 0b05:1822] on usb-dummy_hcd.2-1/input0
[  756.004190][ T5958] asus 0003:0B05:1822.0007: Asus input not registered
[  756.014351][ T5958] asus 0003:0B05:1822.0007: probe with driver asus failed with error -12
[  756.038796][T10331] syzkaller0: entered promiscuous mode
[  756.051056][T10331] syzkaller0: entered allmulticast mode
[  756.072879][T10327] can0 (unregistered): slcan off ttyS3.
[  756.094777][T10328] can0: slcan on ttyS3.
[  756.140556][T10331] 0: reclassify loop, rule prio 0, protocol 700
[  756.141518][   T30] audit: type=1400 audit(2000000002.940:516): avc:  denied  { write } for  pid=10323 comm="syz.6.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  756.435219][T10321] can0 (unregistered): slcan off ttyS3.
[  756.629269][T10332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  756.674255][T10332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  757.129147][   T30] audit: type=1400 audit(2000000003.810:517): avc:  denied  { open } for  pid=10345 comm="syz.7.939" path="/dev/ttyr3" dev="devtmpfs" ino=394 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  758.061146][   T30] audit: type=1400 audit(2000000004.860:518): avc:  denied  { connect } for  pid=10345 comm="syz.7.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  758.063331][ T6005] usb 3-1: USB disconnect, device number 20
[  758.121139][T10367] dlm: no locking on control device
[  758.139737][T10367] FAULT_INJECTION: forcing a failure.
[  758.139737][T10367] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  758.161008][   T30] audit: type=1400 audit(2000000004.900:519): avc:  denied  { read } for  pid=10345 comm="syz.7.939" laddr=172.20.20.170 lport=62172 faddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  758.229841][T10367] CPU: 1 UID: 0 PID: 10367 Comm: syz.6.941 Not tainted syzkaller #0 PREEMPT(full) 
[  758.229864][T10367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  758.229871][T10367] Call Trace:
[  758.229876][T10367]  <TASK>
[  758.229881][T10367]  dump_stack_lvl+0x100/0x190
[  758.229903][T10367]  should_fail_ex.cold+0x5/0xa
[  758.229918][T10367]  _copy_from_user+0x2e/0xd0
[  758.229933][T10367]  kstrtouint_from_user+0xd6/0x1d0
[  758.229949][T10367]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  758.229964][T10367]  ? __lock_acquire+0x4a5/0x2630
[  758.229983][T10367]  ? lock_acquire+0x1cf/0x380
[  758.230003][T10367]  proc_fail_nth_write+0x83/0x220
[  758.230015][T10367]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  758.230030][T10367]  vfs_write+0x2aa/0x1070
[  758.230046][T10367]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  758.230058][T10367]  ? __pfx_vfs_write+0x10/0x10
[  758.230073][T10367]  ? __fget_files+0x215/0x3d0
[  758.230093][T10367]  ? __fget_files+0x21f/0x3d0
[  758.230114][T10367]  ksys_write+0x12a/0x250
[  758.230128][T10367]  ? __pfx_ksys_write+0x10/0x10
[  758.230148][T10367]  do_syscall_64+0x106/0xf80
[  758.230165][T10367]  ? clear_bhb_loop+0x40/0x90
[  758.230183][T10367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  758.230195][T10367] RIP: 0033:0x7f62fa75c84e
[  758.230205][T10367] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  758.230215][T10367] RSP: 002b:00007f62fb667fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  758.230226][T10367] RAX: ffffffffffffffda RBX: 00007f62fb6686c0 RCX: 00007f62fa75c84e
[  758.230233][T10367] RDX: 0000000000000001 RSI: 00007f62fb6680a0 RDI: 0000000000000004
[  758.230239][T10367] RBP: 00007f62fb668090 R08: 0000000000000000 R09: 0000000000000000
[  758.230245][T10367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  758.230251][T10367] R13: 00007f62faa16038 R14: 00007f62faa15fa0 R15: 00007ffe0980a968
[  758.230265][T10367]  </TASK>
[  758.596309][T10355] vxcan1 speed is unknown, defaulting to 1000
[  758.857326][T10377] netlink: 64 bytes leftover after parsing attributes in process `syz.2.942'.
[  759.637107][T10021] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  759.637389][ T2617] block nbd0: Possible stuck request ffff888027db0000: control (read@0,1024B). Runtime 210 seconds
[  759.662398][ T2617] block nbd0: Possible stuck request ffff888027db0200: control (read@1024,1024B). Runtime 210 seconds
[  759.681526][ T2617] block nbd0: Possible stuck request ffff888027db0400: control (read@2048,1024B). Runtime 210 seconds
[  759.699232][ T2617] block nbd0: Possible stuck request ffff888027db0600: control (read@3072,1024B). Runtime 210 seconds
[  759.831753][T10021] usb 7-1: Using ep0 maxpacket: 8
[  759.886254][T10021] usb 7-1: config 0 has an invalid interface number: 31 but max is 0
[  759.996899][T10021] usb 7-1: config 0 has no interface number 0
[  760.032186][T10021] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  760.053784][T10021] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.076067][T10021] usb 7-1: Product: syz
[  760.080256][T10021] usb 7-1: Manufacturer: syz
[  760.101848][T10021] usb 7-1: SerialNumber: syz
[  760.113053][T10021] usb 7-1: config 0 descriptor??
[  760.176773][T10390] vxcan1 speed is unknown, defaulting to 1000
[  760.719954][T10021] uvcvideo 7-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  760.750041][T10021] uvcvideo 7-1:0.31: Entity type for entity Output 32774 was not initialized!
[  760.784736][T10021] usb 7-1: USB disconnect, device number 10
[  761.825313][T10422] can0: slcan on ttyS3.
[  761.964507][T10428] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  762.000823][T10428] SELinux: failed to load policy
[  762.313791][T10423] can0 (unregistered): slcan off ttyS3.
[  762.671920][T10435] efs: cannot read volume header
[  762.861707][T10446] random: crng reseeded on system resumption
[  762.866978][T10437] syzkaller1: entered promiscuous mode
[  762.908810][T10437] syzkaller1: entered allmulticast mode
[  763.051657][ T1208] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  763.971651][T10456] netlink: 'syz.6.955': attribute type 4 has an invalid length.
[  764.851523][ T1208] usb 8-1: Using ep0 maxpacket: 32
[  765.106781][ T1208] usb 8-1: unable to get BOS descriptor or descriptor too short
[  765.153940][ T1208] usb 8-1: config 128 has an invalid interface number: 127 but max is 3
[  765.218346][ T1208] usb 8-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  765.486135][ T1208] usb 8-1: config 128 has 1 interface, different from the descriptor's value: 4
[  765.563914][ T1208] usb 8-1: config 128 has no interface number 0
[  765.620329][ T1208] usb 8-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  765.727128][ T1208] usb 8-1: config 128 interface 127 has no altsetting 0
[  765.811561][T10453] vxcan1 speed is unknown, defaulting to 1000
[  765.937701][ T1208] usb 8-1: string descriptor 0 read error: -71
[  766.043121][ T1208] usb 8-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  766.062889][ T1208] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.230632][T10473] vxcan1 speed is unknown, defaulting to 1000
[  766.328074][ T1208] usb 8-1: can't set config #128, error -71
[  766.544454][ T1208] usb 8-1: USB disconnect, device number 2
[  767.021389][T10483] can0: slcan on ttyS3.
[  767.106145][T10483] can0 (unregistered): slcan off ttyS3.
[  767.146284][T10483] can0: slcan on ttyS3.
[  767.643086][T10479] can0 (unregistered): slcan off ttyS3.
[  768.761894][T10477] netlink: 'syz.6.962': attribute type 16 has an invalid length.
[  768.769785][T10477] netlink: 'syz.6.962': attribute type 17 has an invalid length.
[  768.796326][T10477] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  770.002890][T10512] netlink: 12 bytes leftover after parsing attributes in process `syz.2.967'.
[  770.041322][T10512] netlink: 40 bytes leftover after parsing attributes in process `syz.2.967'.
[  771.051786][  T793] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  771.188903][T10541] 8021q: adding VLAN 0 to HW filter on device batadv4
[  771.214547][T10541] team0: Port device batadv4 added
[  771.252012][  T793] usb 7-1: Using ep0 maxpacket: 32
[  771.278846][  T793] usb 7-1: unable to get BOS descriptor or descriptor too short
[  771.314461][  T793] usb 7-1: config 128 has an invalid interface number: 127 but max is 3
[  771.361754][  T793] usb 7-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  771.393594][  T793] usb 7-1: config 128 has 1 interface, different from the descriptor's value: 4
[  771.408727][T10543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.974'.
[  771.426203][  T793] usb 7-1: config 128 has no interface number 0
[  771.464100][  T793] usb 7-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  771.509108][  T793] usb 7-1: config 128 interface 127 has no altsetting 0
[  771.538056][  T793] usb 7-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  771.569823][  T793] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  771.590221][  T793] usb 7-1: Product: syz
[  771.597054][  T793] usb 7-1: Manufacturer: syz
[  771.607735][  T793] usb 7-1: SerialNumber: syz
[  772.060152][   T30] audit: type=1400 audit(2000000005.940:520): avc:  denied  { mount } for  pid=10565 comm="syz.3.976" name="/" dev="ramfs" ino=29091 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  772.250318][  T793] usb 7-1: USB disconnect, device number 11
[  772.827451][ T8425] udevd[8425]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  775.629861][T10587] netlink: 64 bytes leftover after parsing attributes in process `syz.1.981'.
[  776.503332][T10612] 8021q: adding VLAN 0 to HW filter on device batadv1
[  776.514899][T10612] team0: Port device batadv1 added
[  776.936304][T10623] syzkaller1: entered promiscuous mode
[  776.964114][T10623] syzkaller1: entered allmulticast mode
[  776.981287][T10626] efs: cannot read volume header
[  778.399104][   T29] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  778.551599][ T6005] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  778.666128][   T29] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  778.699186][   T29] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  778.725273][ T6005] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  778.736347][   T29] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  778.736396][   T29] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.752189][T10635] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  778.791588][ T6005] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  778.875671][T10642] netlink: 64 bytes leftover after parsing attributes in process `syz.7.995'.
[  779.130673][ T6005] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  779.151510][ T6005] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.210436][T10632] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  779.252719][ T6005] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  779.422558][   T29] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  779.947269][ T6005] usb 2-1: USB disconnect, device number 24
[  780.147841][   T29] usb 3-1: USB disconnect, device number 21
[  782.739451][T10677] can0: slcan on ttyS3.
[  783.101557][T10677] can0 (unregistered): slcan off ttyS3.
[  783.156623][T10678] can0: slcan on ttyS3.
[  783.372653][T10679] can0 (unregistered): slcan off ttyS3.
[  784.944527][T10682] vxcan1 speed is unknown, defaulting to 1000
[  785.221990][   T31] INFO: task syz.0.569:8658 blocked for more than 165 seconds.
[  785.252439][   T31]       Not tainted syzkaller #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  785.497068][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  785.963654][   T31] task:syz.0.569       state:D stack:28792 pid:8658  tgid:8651  ppid:6770   task_flags:0x400040 flags:0x00080002
[  786.054690][T10701] vxcan1 speed is unknown, defaulting to 1000
[  786.381479][   T31] Call Trace:
[  786.385002][   T31]  <TASK>
[  786.391805][   T31]  __schedule+0xfee/0x60e0
[  786.422152][   T31]  ? __lock_acquire+0x4a5/0x2630
[  786.427159][   T31]  ? __pfx___schedule+0x10/0x10
[  786.440279][   T31]  ? find_held_lock+0x2b/0x80
[  786.479625][   T31]  ? schedule+0x2bf/0x390
[  786.489182][   T31]  schedule+0xdd/0x390
[  786.501699][   T31]  schedule_preempt_disabled+0x13/0x30
[  786.507183][   T31]  __mutex_lock+0xc9a/0x1b90
[  786.541470][   T31]  ? bdev_open+0x41a/0xe40
[  786.546128][   T31]  ? find_held_lock+0x2b/0x80
[  786.550815][   T31]  ? find_inode_fast+0x5e3/0x910
[  786.571648][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  786.576707][   T31]  ? find_inode_fast+0x1fa/0x910
[  786.582173][   T31]  ? bdev_open+0x41a/0xe40
[  786.589106][   T31]  bdev_open+0x41a/0xe40
[  786.594231][   T31]  ? iput+0x3a/0x40
[  786.598050][   T31]  blkdev_open+0x34e/0x4f0
[  786.622927][   T31]  do_dentry_open+0x6d8/0x1660
[  786.632318][   T31]  ? __pfx_blkdev_open+0x10/0x10
[  786.637261][   T31]  vfs_open+0x82/0x3f0
[  786.641314][   T31]  path_openat+0x208c/0x31a0
[  786.661475][   T31]  ? __pfx_path_openat+0x10/0x10
[  786.666458][   T31]  do_file_open+0x20e/0x430
[  786.670977][   T31]  ? __pfx_do_file_open+0x10/0x10
[  786.701477][   T31]  ? alloc_fd+0x476/0x790
[  786.706261][   T31]  ? do_getname+0x191/0x390
[  786.710741][   T31]  do_sys_openat2+0x10d/0x1e0
[  786.751567][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  786.771549][   T31]  __x64_sys_openat+0x12d/0x210
[  786.776408][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[  786.786896][   T31]  ? do_user_addr_fault+0x8d6/0x12f0
[  786.794054][   T31]  do_syscall_64+0x106/0xf80
[  786.800897][   T31]  ? clear_bhb_loop+0x40/0x90
[  786.821484][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.827411][   T31] RIP: 0033:0x7f6d6a15c84e
[  786.838833][   T31] RSP: 002b:00007f6d6b09cb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  786.871560][   T31] RAX: ffffffffffffffda RBX: 00007f6d6b09d6c0 RCX: 00007f6d6a15c84e
[  786.879553][   T31] RDX: 0000000000040400 RSI: 00007f6d6b09cc00 RDI: ffffffffffffff9c
[  786.907974][   T31] RBP: 00007f6d6b09cc00 R08: 0000000000000000 R09: 0000000000000000
[  786.921748][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  786.941119][   T31] R13: 00007f6d6a416128 R14: 00007f6d6a416090 R15: 00007ffff0233708
[  786.950511][   T31]  </TASK>
[  786.954186][   T31] 
[  786.954186][   T31] Showing all locks held in the system:
[  787.081535][   T31] 1 lock held by khungtaskd/31:
[  787.086412][   T31]  #0: ffffffff8e7e94a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  787.111521][   T31] 2 locks held by getty/5572:
[  787.116219][   T31]  #0: ffff8880388860a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  787.161370][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500
[  787.181461][   T31] 5 locks held by kworker/u8:6/5978:
[  787.186763][   T31]  #0: ffff88801cac9148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[  787.221480][   T31]  #1: ffffc90004cbfd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[  787.239390][   T31]  #2: ffffffff905f4430 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920
[  787.249170][   T31]  #3: ffffffff9060cd28 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7ec/0xab0
[  787.258493][   T31]  #4: ffffffff8e7f50b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[  787.268930][   T31] 3 locks held by kworker/0:6/6005:
[  787.274337][   T31]  #0: ffff88813fe63548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[  787.310693][   T31]  #1: ffffc90004e6fd08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[  787.341469][   T31]  #2: ffffffff8e7f50b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0
[  787.371655][   T31] 1 lock held by udevd/6009:
[  787.376254][   T31]  #0: ffff888027d16358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  787.408290][   T31] 1 lock held by syz.0.569/8658:
[  787.421447][   T31]  #0: ffff888027d16358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  787.430941][   T31] 2 locks held by syz.2.1001/10664:
[  787.438426][   T31]  #0: ffff88807892d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x256/0x2f0
[  787.448578][   T31]  #1: ffffffff9060cd28 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x146/0x360
[  787.458547][   T31] 3 locks held by syz.1.1008/10701:
[  787.464916][   T31]  #0: ffff8880614d4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0
[  787.474537][   T31]  #1: ffff8880614d40c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240
[  787.484292][   T31]  #2: ffffffff908a4ca8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280
[  787.494728][   T31] 
[  787.497066][   T31] =============================================
[  787.497066][   T31] 
[  787.521519][   T31] NMI backtrace for cpu 0
[  787.521534][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  787.521553][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  787.521562][   T31] Call Trace:
[  787.521567][   T31]  <TASK>
[  787.521573][   T31]  dump_stack_lvl+0x100/0x190
[  787.521601][   T31]  nmi_cpu_backtrace.cold+0x12d/0x151
[  787.521618][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  787.521643][   T31]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  787.521671][   T31]  sys_info+0x141/0x190
[  787.521693][   T31]  watchdog+0xd25/0x1050
[  787.521720][   T31]  ? __pfx_watchdog+0x10/0x10
[  787.521741][   T31]  ? __kthread_parkme+0x18c/0x230
[  787.521767][   T31]  ? kthread+0x13a/0x450
[  787.521785][   T31]  ? __pfx_watchdog+0x10/0x10
[  787.521804][   T31]  kthread+0x370/0x450
[  787.521818][   T31]  ? __pfx_kthread+0x10/0x10
[  787.521835][   T31]  ret_from_fork+0x754/0xd80
[  787.521852][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  787.521869][   T31]  ? __switch_to+0x7b4/0x1120
[  787.521888][   T31]  ? __pfx_kthread+0x10/0x10
[  787.521904][   T31]  ret_from_fork_asm+0x1a/0x30
[  787.521935][   T31]  </TASK>
[  787.521941][   T31] Sending NMI from CPU 0 to CPUs 1:
[  787.642657][    C1] NMI backtrace for cpu 1
[  787.642671][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  787.642686][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  787.642693][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  787.642714][    C1] Code: 98 83 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 2c 1d 00 fb f4 <e9> bc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  787.642726][    C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000242
[  787.642737][    C1] RAX: 00000000024d99ad RBX: ffff88801e6aa480 RCX: ffffffff8b8e5c75
[  787.642746][    C1] RDX: 0000000000000000 RSI: ffffffff8de6cf89 RDI: ffffffff8c1adf20
[  787.642755][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: ffffed10170a6795
[  787.642763][    C1] R10: ffff8880b8533cab R11: 0000000000000000 R12: ffffed1003cd5490
[  787.642771][    C1] R13: 0000000000000001 R14: ffffffff90d92f10 R15: 0000000000000000
[  787.642779][    C1] FS:  0000000000000000(0000) GS:ffff888124452000(0000) knlGS:0000000000000000
[  787.642793][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  787.642801][    C1] CR2: 000055d439ff6da8 CR3: 000000000e598000 CR4: 00000000003526f0
[  787.642810][    C1] Call Trace:
[  787.642815][    C1]  <TASK>
[  787.642819][    C1]  default_idle+0x9/0x10
[  787.642836][    C1]  default_idle_call+0x6c/0xb0
[  787.642854][    C1]  do_idle+0x35b/0x4b0
[  787.642872][    C1]  ? __pfx_do_idle+0x10/0x10
[  787.642890][    C1]  cpu_startup_entry+0x4f/0x60
[  787.642904][    C1]  start_secondary+0x21d/0x2d0
[  787.642923][    C1]  ? __pfx_start_secondary+0x10/0x10
[  787.642943][    C1]  common_startup_64+0x13e/0x148
[  787.642964][    C1]  </TASK>
[  787.815114][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  787.821967][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  787.831070][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  787.841101][   T31] Call Trace:
[  787.844362][   T31]  <TASK>
[  787.847273][   T31]  dump_stack_lvl+0x100/0x190
[  787.851945][   T31]  vpanic+0x552/0x970
[  787.855908][   T31]  ? __pfx_vpanic+0x10/0x10
[  787.860390][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  787.866534][   T31]  panic+0xd1/0xe0
[  787.870235][   T31]  ? __pfx_panic+0x10/0x10
[  787.874632][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  787.880775][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  787.886916][   T31]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  787.893056][   T31]  ? watchdog.cold+0x198/0x1ca
[  787.897808][   T31]  ? watchdog+0xd35/0x1050
[  787.902225][   T31]  watchdog.cold+0x1a9/0x1ca
[  787.906806][   T31]  ? __pfx_watchdog+0x10/0x10
[  787.911468][   T31]  ? __kthread_parkme+0x18c/0x230
[  787.916496][   T31]  ? kthread+0x13a/0x450
[  787.920718][   T31]  ? __pfx_watchdog+0x10/0x10
[  787.925386][   T31]  kthread+0x370/0x450
[  787.929435][   T31]  ? __pfx_kthread+0x10/0x10
[  787.934006][   T31]  ret_from_fork+0x754/0xd80
[  787.938576][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  787.943690][   T31]  ? __switch_to+0x7b4/0x1120
[  787.948349][   T31]  ? __pfx_kthread+0x10/0x10
[  787.952918][   T31]  ret_from_fork_asm+0x1a/0x30
[  787.957673][   T31]  </TASK>
[  787.960962][   T31] Kernel Offset: disabled
[  787.965260][   T31] Rebooting in 86400 seconds..