last executing test programs:

9m9.061215623s ago: executing program 3 (id=1107):
openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00ffffffffffffff7f02000000380600fe8000000000000000000000000000000000000000aa00004e2200"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="e002000090780000131218badf75768914ae2df74f070b2b6403131236eb5601e338288be856bc4ceb464b"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r1 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000200)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x9, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r1, 0x7a9, &(0x7f0000000380)={{@my=0x0, 0xa}, 0xa, 0x5, 0xffffffffffffffd9, 0x10000, 0x9, 0x9, 0xfffffffffffffffe, 0x6})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00', 0x40})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
r2 = socket$inet6(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000500)={0x48, 0x2, r5})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000180)={0x28, 0x4, r5, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
accept4(r2, 0x0, &(0x7f00000002c0), 0x80800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getegid()
getgroups(0x2, &(0x7f00000005c0)=[0x0, 0xffffffffffffffff])
statx(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x400, 0x608, 0x0)

9m8.108199892s ago: executing program 3 (id=1109):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_rsp={{0x18, 0x4, 0x8}, {0x971d, 0x5, 0x400, 0x8001}}}}, 0x15)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_open_dev$dri(0x0, 0x0, 0x0)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f00000000c0)=ANY=[], 0x0)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r4, 0x8008330e, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000380)={0x0, 0xffffffca, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000440)={r7, 0xe, 0x7f, 0x0, 0x0, [<r8=>0x0], [0x0, 0x29, 0x2], [], [0x0, 0x0, 0xfffffffffffffffd]})
r9 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000280)={0x111000, 0x82, 0x32}, 0x18)
renameat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', r9, 0x0)
r10 = socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet6_int(r10, 0x10d, 0xb, &(0x7f0000000080)=0xa, 0x4)
connect$inet6(r10, &(0x7f0000000080)={0xa, 0x4e20, 0x8, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x20}, 0x1c)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0x83ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r8})

9m4.8396571s ago: executing program 3 (id=1118):
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) (async)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r2=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_SETGAMMA(r0, 0xc02064a5, &(0x7f00000001c0)={r2, 0x0, 0x0, 0x0, 0x0})
socket$unix(0x1, 0x5, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x0)
setresuid(0x0, r4, 0x0)
stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)) (async)
stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400))
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) (async)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
getuid()
getresgid(&(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000540))
getuid() (async)
getuid()
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@deltaction={0x14, 0x31, 0x20, 0x70bd25, 0x25dfdbfc}, 0x14}}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@deltaction={0x14, 0x31, 0x20, 0x70bd25, 0x25dfdbfc}, 0x14}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4a22, @loopback}, 0x10) (async)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4a22, @loopback}, 0x10)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10) (async)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10)
sendto$inet(r6, 0x0, 0x0, 0x20000844, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x42, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x64, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x4, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x100, 0x1}]}}}}}}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000580)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0xee00}}, './file0\x00'}) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000580)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0xee00}}, './file0\x00'})
r7 = open(&(0x7f0000000140)='./file1\x00', 0x515002, 0x10f)
mknodat$loop(r7, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) (async)
mknodat$loop(r7, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000600), 0x42, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000640)={0xbe5c669, 0xffffff10, {}, {0xee01}, 0x3, 0xe17})
getuid()

9m4.718164248s ago: executing program 3 (id=1121):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r2, 0x0)
setpgid(0x0, r2)
open(&(0x7f0000000000)='./file0\x00', 0x105000, 0x8)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
r3 = socket(0xa, 0x6, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @private=0xa010501, 0x4e23, 0x0, 'none\x00', 0x0, 0x80000}, 0x2c)
setsockopt$MRT6_ASSERT(r3, 0x29, 0xcf, &(0x7f00000001c0), 0x4)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4, 0x2}}}}}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) (async)
listen(r1, 0x3) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) (async)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
chdir(&(0x7f0000000080)='./file1\x00') (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
setpgid(r2, 0x0) (async)
setpgid(0x0, r2) (async)
open(&(0x7f0000000000)='./file0\x00', 0x105000, 0x8) (async)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) (async)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) (async)
socket(0xa, 0x6, 0x0) (async)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @private=0xa010501, 0x4e23, 0x0, 'none\x00', 0x0, 0x80000}, 0x2c) (async)
setsockopt$MRT6_ASSERT(r3, 0x29, 0xcf, &(0x7f00000001c0), 0x4) (async)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4, 0x2}}}}}}, 0x0) (async)

9m4.463724263s ago: executing program 3 (id=1123):
syz_io_uring_setup(0x10c, &(0x7f0000000140)={0x0, 0x0, 0x80, 0x0, 0x8}, &(0x7f0000000240), &(0x7f0000000280))
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x78)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x4, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x40884)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$join(0x1, &(0x7f0000000100)={'syz', 0x3})
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='mountinfo\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$media(&(0x7f0000000340), 0x20000000000001ff, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c0000000906010200000000000000000200ffff08000940000000390900020073797a310000000005000100070000005c0008801c0007801800018014000240"], 0x8c}, 0x1, 0x0, 0x0, 0x10000082}, 0x0)

9m2.752275549s ago: executing program 3 (id=1127):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000800)={@map=r0, 0x4, 0x0, 0x5, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)

9m2.556618769s ago: executing program 32 (id=1127):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000800)={@map=r0, 0x4, 0x0, 0x5, &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)

7m0.449010963s ago: executing program 4 (id=1617):
openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00ffffffffffffff7f02000000380600fe8000000000000000000000000000000000000000aa00004e2200"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="e002000090780000131218badf75768914ae2df74f070b2b6403131236eb5601e338288be856bc4ceb464b"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r1 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000200)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x9, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r1, 0x7a9, &(0x7f0000000380)={{@my=0x0, 0xa}, 0xa, 0x5, 0xffffffffffffffd9, 0x10000, 0x9, 0x9, 0xfffffffffffffffe, 0x6})
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00', 0x40})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
r2 = socket$inet6(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000500)={0x48, 0x2, r5})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000180)={0x28, 0x4, r5, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
accept4(r2, 0x0, &(0x7f00000002c0), 0x80800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getegid()
getgroups(0x2, &(0x7f00000005c0)=[0x0, 0xffffffffffffffff])
statx(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x400, 0x608, &(0x7f0000000740))

6m59.834403415s ago: executing program 4 (id=1619):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newsa={0x13c, 0x10, 0x413, 0x70bd26, 0x0, {{@in6=@loopback, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x20}, {@in=@loopback, 0x0, 0x32}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x81}, {0x0, 0x5, 0x80000000cc, 0x6}, {0x0, 0xfffffff9}, 0x0, 0x0, 0xa, 0x4, 0x1, 0x68}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

6m58.560225047s ago: executing program 4 (id=1623):
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)={0x0, 0x30, 0xc, "00004700000040f400bec073"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000840)={0x40, 0x1, 0x28, "701dbca1a5199b006d954e287b2d0ada3a2c58411ee3414013c97f91e7bd851187baea760edcaf25"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x88580, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$FS_IOC_FSGETXATTR(r2, 0x400455cb, 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000a40)={0x34, &(0x7f0000000880)={0x0, 0x1, 0x48, "8107e27413f6f10fac5ce84f02c2fa99041cf961a4223618b9942f573785f115ae983f5104dc6ab714c59268a83fbebfd4849b631c4be1c9558747ffcb0250a77228444f975a4d12"}, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0], 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0)
close(0x3)
socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000001680)={&(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000180)="c7", 0xff04}], 0x1, &(0x7f0000000040)=[@ip_retopts={{0x20, 0x84, 0x2}}], 0x20}, 0x0)

6m55.872226598s ago: executing program 4 (id=1636):
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x3, 0x0)
read$msr(r0, &(0x7f0000000300)=""/70, 0x46)
r1 = getpid()
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200))
r4 = openat(0xffffffffffffff9c, 0x0, 0x80800, 0x0)
flock(r4, 0x5)
ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000400)={{{0x3, 0x1}}, 0xfffffeea, 0x6, 0x0})

6m55.549244408s ago: executing program 4 (id=1637):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv6_newroute={0x24, 0x18, 0x309, 0xb00, 0x0, {0xa, 0x0, 0x80, 0x0, 0xfd, 0x0, 0xff}, [@RTA_OIF={0x8, 0x4, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x1000c840)

6m55.49167196s ago: executing program 4 (id=1638):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) (async, rerun: 32)
vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000140)="d9b1", 0x2}], 0x1, 0x4) (rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
syz_open_procfs(0x0, &(0x7f0000001080)='smaps_rollup\x00') (async, rerun: 32)
mlockall(0x3) (rerun: 32)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0x81204101, &(0x7f0000000440)) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (rerun: 32)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0) (async, rerun: 32)
setsockopt$sock_int(r4, 0x1, 0x2a, 0x0, 0x0) (rerun: 32)
recvmmsg(r4, &(0x7f0000001140), 0x700, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0218000002000000f7ffff1300000000"], 0x10}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0xd, &(0x7f00000003c0)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x3c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58) (async)
r8 = accept4(r7, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r8)

6m40.349380735s ago: executing program 33 (id=1638):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) (async, rerun: 32)
vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000140)="d9b1", 0x2}], 0x1, 0x4) (rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
syz_open_procfs(0x0, &(0x7f0000001080)='smaps_rollup\x00') (async, rerun: 32)
mlockall(0x3) (rerun: 32)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0x81204101, &(0x7f0000000440)) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (rerun: 32)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0) (async, rerun: 32)
setsockopt$sock_int(r4, 0x1, 0x2a, 0x0, 0x0) (rerun: 32)
recvmmsg(r4, &(0x7f0000001140), 0x700, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0218000002000000f7ffff1300000000"], 0x10}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0xd, &(0x7f00000003c0)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x3c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58) (async)
r8 = accept4(r7, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r8)

26.330366985s ago: executing program 0 (id=3031):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000062c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f000000050033000300000008000300", @ANYRES32=r2], 0x2c}}, 0x0)

26.215364541s ago: executing program 0 (id=3032):
r0 = socket$kcm(0xa, 0x3, 0x3a)
mount$bind(0x0, 0x0, 0x0, 0x81105a, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x900, 0x44)
open_tree(r2, &(0x7f0000000180)='\x00', 0x8000)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

26.154267498s ago: executing program 0 (id=3033):
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f0000000340)={0x4, 0x0, 0x400003, 0x0, 0x4, "636b55f67e02bfc6ba605ce19f5cd23d4c5ccb"})
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000a40))
readv(r2, &(0x7f0000000380)=[{&(0x7f0000000280)=""/79, 0x4f}], 0x1)

24.521251024s ago: executing program 0 (id=3038):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
syz_emit_ethernet(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

22.743851354s ago: executing program 0 (id=3042):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
syz_usb_connect$uac1(0x3, 0x91, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x3, 0x1, 0x5, 0x40, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@processing_unit={0x7, 0x24, 0x7, 0x1, 0x5, 0x5f}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x2, 0x9c, 0x1001}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x7f, 0x6, 0x5, {0x7, 0x25, 0x1, 0x2, 0x5, 0xfffe}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xe, 0x1, 0x4c, 0x1, '\x00\x00\x00'}, @as_header={0x7, 0x24, 0x1, 0xf7, 0x0, 0x1002}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x2, 0x9, 0x5, {0x7, 0x25, 0x1, 0x1, 0xf9, 0xffff}}}}}}}]}}, &(0x7f0000002740)={0x0, 0x0, 0x0, 0x0})
r1 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000380)={"37254072b4e7d8e69029b71b0709be0f21e9e4832c619ed053020d7c8c77a5bf8e3ebaaa02ea0f26228e65db8491213515b7d02890fd896e724711b8afb286304c8c1def1f0114409b9854bb44262e7bee9fccc1027413669111a886b7721d17517fedf34d7231fa43a415c67976ea39467a656edca72f30a74e54ecaa602f41fbf7f725d83b6bd9a639cf1e4937d611328a2990992adabc5622397374d63eb69d69c17357745462d07c4fdf71bcda74931f482af37784c8ff04e4d9d0b231ff557a21c510a3e91a2a532811c71ab9c91883fed710c229f2e388e7da4283f6ececb7380de393be053c147a6a659ef96f4d910db86dde66ad5b54db066e715c0c6698159ab4d0e9fb4fde9c9f0e12de9b39d94209e607ecf9e7f28a29f3559150f87ec8a670e162707e427abd2c8d8dbbd685f9a5908ff6fc85deff8257b0ddceb830db4fc6ad5e7a21e85e00f619362b1053b9fbcaec2a8d5476d0f77693b4db2a728add2260550ec610332cf5bcf5bdd2c2f68d4d357d3f304c484639d4be87cca1125217652d2991fdceec152eabdd1c4ee8ce1a5da632d740b192ad26b1871822ee62635da808b625c50963656a7b2b3dec08f211878de91b1c468a659a27771dacdb9ff427e24faeea1ff563cf34b713472001708756a6d282cf9d82dffe804d266735d39c195454ece75f4e231b1ee24c4d9c88e236e2303fabb687ceea94caf33bb6a4c61405c440ca1f63dc0c031c85a9461716a407c5280766ea398b8b7d32b255949a91fa7dcc1a53ebfe15b75c684520cef2ce2bbae66a460df76ad2993651c63ded96627fb67ada7946fc600d4dc61a67f2007d77ea9516b44a6d5050c66de2a2d3bbb60c92d80135a2d5c50ef6b73fc031a810d38dbfa39b7b84fc8d6cf8775d5ca0ce9627cdd85a0ad33f9ccaa24fa1d4a070a3b67d9f9b5ef76a3a3e07cf2f9d42cb2cfcf5b8dca19f26e5e3f1d776c439195fac7d7c817dbbfb19303a7b240bca32ffe195bc759ee0a1dd8c8882cf25ce30a39a947f24a4cb2baf39205b6d4a2e8f76f1cc0674931188a9ddc0920f8ff33c8dc761bd9e04c085df56a4c1f0eab3b2310fb06890fc610addf5e6b23b6dc619ea9e117d5062328625e2964c303241f72fd6f0211fb3520e8a5542747e867d19e2570f9e49d7eacdf0694bd9ded32fe3a5244c093f7d44fcdf51a42f2dea48eb3e8524ec3685ad9476a80297046241de1a16f8a8f54f8347935aac74cf9bbbae4036862d92869b548db56698a131afeb8a91ba4c3156520af533fd876e59e27ece187f7db529c2041aeb904fae1bf589cea3ac97d5c76e4a233508f4fabcf2b99b2472896db8cc12b0c306522c858a4a4c8ba239713e507df1a77d6ff8643c177a451a697afc6a82b42fa3edaff8b7ccff90b0c22a02c119147e547d029f216f40099ef2b8fbac"})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r5, 0x84, 0x84, &(0x7f0000000080)=""/4096, &(0x7f0000001200)=0x1000)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x0, 0x1, 0x0, 0x0, 0x8, 0xfc, 0x10, 0x0, 0xfc, 0xff, 0x9, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0xfb, 0xff, '\x00', 0x4})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
getsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000100), &(0x7f0000000140)=0x4)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@multiplanar_userptr={0x9, 0x1, 0x4, 0x0, 0x4, {0x0, 0x2710}, {0x0, 0xc, 0xf8, 0x7, 0x1, 0x0, "3b051c46"}, 0x10000, 0x2, {0x0}, 0x1})
r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0xd52, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f046})

19.460305612s ago: executing program 0 (id=3047):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
getpgid(0xffffffffffffffff)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000240))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280), 0x0)
setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0xffffffffffffffa9)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000800))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r2, 0x0, 0x0)
write$USERIO_CMD_REGISTER(r2, &(0x7f00000000c0), 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000180)=0x40)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
unlink(&(0x7f0000000000)='./file0\x00')
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102375, 0x18fe7)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

13.572610251s ago: executing program 5 (id=3062):
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000002c40)={0x28, 0x0, 0xffffffff, @host}, 0x10)
connect$vsock_stream(r1, &(0x7f0000002c80)={0x28, 0x0, 0xffffffff}, 0x10)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
flistxattr(0xffffffffffffffff, &(0x7f00000024c0)=""/65, 0x41)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r2, 0x18000000000002a0, 0x1c, 0x0, &(0x7f00000011c0)="b9ffddc1ddc8cdde75537d07007e0d0000bf2dfe443b1b5e2a088137", 0x0, 0x600, 0x60000009, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x6, &(0x7f0000006680))
syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_triestat\x00')
prlimit64(r0, 0xe, &(0x7f0000000140)={0x100000000000008, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_settime(0x0, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
getsockopt$netrom_NETROM_IDLE(r4, 0x103, 0x7, 0x0, 0x0)

9.746913957s ago: executing program 1 (id=3068):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x7d, 0xa, 0xa, 0x2000, 0x0, 0x71, 0x10, 0x1b}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

9.667845233s ago: executing program 5 (id=3069):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
eventfd(0x0)
syz_io_uring_setup(0x231, 0x0, 0x0, &(0x7f0000000100))
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x220000, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000380)={0x6, "6c551be2ad5943e891abad389d7de6ca537e0761319c82bf951e124e445fb0c4d46db9527ca82cbd8ed6b5f38296093d79d36391a369574016273419bf08108a118369706fbc47ddf2ce5378d3352b036e7c2f74f751ee22c3ff649c3fbc0a797123288439a3957a18ac6e87a7ddf30e4cb24246ba4660b1ca9c117b7b48660a935c577923b5c2f874240443742536aa2714809662ed52bbed7c229fb317915ef8dd97dce1b68f5ce181a9cfca87281620b42ee9debcbc572272cb5cc710e5dec76951702c6f5a3d75c2f607b4eca59232ce3959ce2dffeb597dd73a0d22ed7c384e356a71ba3987e578eb5cd9c3ace0dce959ac353e3d6eb948d32e4753c441b8c9cc121de0170126691541c881ede3401c91b9470b128fd7bf578869dc7f6d631205c1b0f06701f4b353c0a79e2f805c2c9df47ec1d77ee4608f03bc9420a9b7f7c36703a6e883dce20afe7d59984731e0e81ca96e3038f213e09e2e96db87ab7ea3ef02677bd58ac15beebbbec26cde4e72dbb65035aafb172fdda027e6bd00ae1915fd5295eb4bc6e45c69a8e130ba473a5ca2145f268dba4d4bfaab9606548474e4bfefcb47a6e260c7d12c086cc3322dc43b1e2eb8c14b1701411160cbacc3c764220acb6d1363cf28f3e76e6dd5cd3692f73bfa1549a96157515af5056c273f5f94b35dc8eb0d4ea5dac9c3686e4899ab197f2d64dcf0006edfc1bfb9"})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000000f14010029b97800fee6df25080001000000000009024500756d616400000000"], 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x48010)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000b40)=[{{&(0x7f0000000240)={0xa, 0x4e22, 0x3, @private1, 0x9}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000280)="693b46f7d77c1e046b73c5428d2baec9efc0d21da8ec0296df2246bdbf8c04eb7ce2cdfb86d83400560cda0381f105c63184b0e913a70175767644115d1a94f84aebab09258e7d3c1f37d3e449b9be48f2707c4feb1af2a0a7ace5b6048b87e00c499ac9a356c04bfd217d84000000", 0x6f}], 0x1}}, {{&(0x7f0000000200)={0xa, 0x4e22, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4618}, 0x1c, &(0x7f0000000840)=[{&(0x7f0000000300)="3c559e6f55a5a783c3fd66196e139e856816f423b55f93e3c9a6bd57f71b302500ea615872f6b7a708de6af3b07d932f413ac7e1adeefcf79b85b53b46c3f7b68fca77e5c5121f4bcf6665a1584ab06d8087cbf4d90160e4d99997b39c36247b67ee75f7b4fb2895e6b9946eabb1778ecb0a", 0x72}, {&(0x7f00000005c0)="ad557abce5ac7689b62abe790a7cbfcfeb9c95b876c58095d6b15e91ba2973d47fe1efc6bba4e00e8b87a93bdb2a128e62d741c058", 0x35}, {&(0x7f0000000600)="635844c23d3923bfd0b94f30f35d4cd3c2f6ec80f03114cdc0957569dd6cd8e353e9934834a6a2917d9e5e19a200be7d09f371022c47df45958c8f9da6bc889be0f6fd5a399f2865421e310f98a55e9f6c75533f39e36add0fde473d96fa5f935e40a4148907d9e6ec9518fa0cf882aff94a704f86244fb60b7ef049fbe9a1fbc8e919b78b4de0b139d69bcfb515f6519cb88eb87d163fe49dd412b3dfe0ad5c6322a5c743e0ccff459c00542d3b563877a5e15bf3d3dedfdddde2c3f9e797e2fa2003ae87b8f2d933368add1bd6eadd7b7676e9297f6b753ab6", 0xda}, {&(0x7f0000000700)="f516c383", 0x4}, {&(0x7f0000000740)="06e58d77a2878a5a7c75fc046b6f917ad135034c099191a37fcd40cf323e8d077a0fa74ed55aaebede5d22e19fa5e570700628e392ed613b32893d6e1980b67884dcaef69bbc1b4e9eddc3e4be576b854efbd7264267b1051b187634c21b508c962491caf09fb21e1be36ee89f002dd03f8358e6ad358fad5e83c05040142238f53d6ff2bd1c28e107395120df5b622299d0119bde8c63f1ff72aab85599c4dc2a8ddb07893686e0b8c97edf13140f2a2cfa395cd78c1d9f6a260871db5764a58ea6b8b7fb89e112819d", 0xca}], 0x5, &(0x7f0000000bc0)=[@hopopts={{0x18, 0x29, 0x36, {0x4}}}, @rthdr={{0x78, 0x29, 0x39, {0xff, 0xc, 0x2, 0x7, 0x0, [@empty, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}]}}}, @dstopts_2292={{0x88, 0x29, 0x4, {0x32, 0xd, '\x00', [@generic={0x88, 0x6b, "2a3b336976f4aea67b7d72c3a2766a4067524d09d4592d71ef1a223cd5390caa46e7a813f399d8f9c1f444ab9993307491141e729a951ce925afc1cf5708312e6daafc2602bc6c562cb6a8b3f4a132600bd589bdd141e4c26a0a6342299ffd65820bab5782472c95136a09"}]}}}, @rthdr_2292={{0x78, 0x29, 0x39, {0x33, 0xc, 0x2, 0x6, 0x0, [@loopback, @mcast2, @empty, @private1, @mcast1, @empty]}}}, @pktinfo={{0x24, 0x29, 0x32, {@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @tclass={{0x14, 0x29, 0x43, 0x9}}, @rthdrdstopts={{0x40, 0x29, 0x37, {0x1d, 0x4, '\x00', [@pad1, @ra={0x5, 0x2, 0x3}, @ra={0x5, 0x2, 0x4}, @jumbo={0xc2, 0x4, 0x2}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @pad1]}}}, @dstopts={{0x60, 0x29, 0x37, {0x2, 0x9, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @jumbo, @calipso={0x7, 0x20, {0x3, 0x6, 0x0, 0x5, [0x4, 0x4, 0x7]}}, @enc_lim={0x4, 0x1, 0x5a}, @hao={0xc9, 0x10, @empty}, @jumbo={0xc2, 0x4, 0x10001}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x80}}], 0x288}}], 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x40000, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

9.588370346s ago: executing program 1 (id=3071):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r0, 0x10c, 0x1, &(0x7f0000000000)=0xfffffffc, 0x4)

8.952002761s ago: executing program 1 (id=3072):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32, @ANYBLOB="080043cfc0feac94bf3cb4aab89614daf2c4ca85c0597716863e8f55782702b027132dbe24d970932513915f4fa1f02ffa685da66298e920bfcd0ea190880b4f70bb2e8ad9a01192d8e8bec993993709000000000000deddf52d979c3321a08969ef92a26f0e8f3078eab932851cf4cc337fde36c3375267720d5dcc9c907761753b6199e4ed890b6d98debe9e384a93a7990437c7a6f31cf86f77454230edc20e4847f1b471cea5ab7f0ba648975f8e9a5950acb7f68f87bb5998a4b15cd746ee5b4b101deb085b24"], 0x24}}, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r2=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x6, "34e6498c25f58dad9987ffe93bbabd18cf504a2700", <r3=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f00000000c0)={"3c2413b9d44aec57f2e2ad238a7b448ed886910284ed923c31d4b8affbf514fd", r3, <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000040)={"130f2672af9ee0452321864922cd3bebd7f9cec5064e58445f1268334b4900", r4, <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r5, 0xc0383e04, &(0x7f00000002c0)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})

8.759368841s ago: executing program 2 (id=3074):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r0, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x335})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000000c0)={0xfffff800, 0x0, {0x3, 0x0, 0x7, 0x0, 0xfffffffd}, 0x7})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0xc05c5340, &(0x7f0000000440))

8.456215028s ago: executing program 1 (id=3075):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x800000, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)=0xffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
dup(0xffffffffffffffff)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x0, 0x2}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x40004}, @IFLA_BOND_USE_CARRIER={0x5}, @IFLA_BOND_RESEND_IGMP={0x8}]}}}]}, 0x4c}}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300))
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

8.452669844s ago: executing program 5 (id=3076):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r1 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000000dc0)={{0x1, 0x3, 0x9, 0x800, 0x105, 0x5}, 0x8d, [0x7, 0x93b, 0x6, 0x1, 0x1, 0xb8a, 0x2f, 0x100, 0x5, 0x7, 0x7, 0x5, 0x41d4, 0x83, 0x4, 0xffffffff, 0x9, 0x1000, 0x77e4, 0xffff0c56, 0x3, 0x1, 0x0, 0x40, 0x9, 0x200, 0x69, 0x4, 0x0, 0x6, 0x3, 0x7, 0x8, 0x8, 0xa522, 0x100, 0xfffffff8, 0x80000001, 0x0, 0x40, 0x1, 0x6, 0x1, 0x7fffffff, 0x5eb9, 0x5, 0x9c05, 0x800000c, 0x401, 0x4, 0x75, 0x817, 0xb, 0x3, 0xda90, 0x7, 0xf, 0xbc4b, 0x106, 0xfd, 0x81, 0x6, 0x101, 0x39, 0xffffff7f, 0x6, 0x5, 0x5, 0x77, 0xfffffffd, 0x0, 0x9, 0x73f, 0x5, 0x8, 0x4, 0x3, 0xffffffff, 0x5, 0x26be23d3, 0x7, 0x2, 0x9, 0x8, 0xdd2, 0xdd2, 0x3, 0x4, 0x2, 0xfff, 0x80000001, 0x9, 0x4, 0x0, 0x3, 0x2, 0x2, 0x5, 0x2, 0x1, 0x80000001, 0x7, 0x0, 0x40, 0x5, 0x101, 0x8, 0x9, 0x334c230c, 0x6, 0x4, 0xfffffff9, 0x8, 0x3, 0xffff0000, 0x7, 0x2, 0xffffffff, 0x4, 0x3, 0x4, 0x4, 0x3f, 0x81, 0x3, 0x400, 0x4, 0x984, 0x1, 0x6, 0x7, 0x8001, 0x1ff, 0x2a3, 0x6d, 0x1, 0x10000, 0x5, 0x80000000, 0x1d01e, 0x1, 0x3, 0xfffffffb, 0x8, 0x63, 0x400, 0x5, 0x401, 0x4, 0xfff, 0x0, 0x9, 0x3, 0x8, 0xfffffff9, 0x2, 0x80000000, 0x3, 0xc, 0x1, 0xad, 0x100, 0x144, 0x2, 0xfffffffc, 0x2, 0x5, 0x0, 0x5, 0x9, 0x1, 0x4, 0x1000, 0x974, 0x5, 0x6, 0x8, 0x5, 0x88, 0x1000, 0x0, 0x1, 0x2, 0x5, 0x9, 0x0, 0x57a, 0x1, 0x0, 0x6, 0x9, 0x5c, 0x6, 0x9, 0xd22, 0x2, 0x7, 0x10, 0x8, 0xffffffff, 0x2149, 0xf, 0x26a02622, 0x7fff, 0x8, 0x8, 0x7ff, 0x5, 0x8, 0x81, 0x8, 0xff, 0x5, 0xfffffffa, 0x2, 0x2, 0xffff, 0xf, 0x5, 0x7, 0x5, 0x100, 0x1e06, 0xf, 0xdf2, 0x0, 0xbb, 0xfff, 0x400, 0x2, 0x80000000, 0x7, 0x8, 0xf9b, 0x8, 0x7ff, 0x7, 0x3ff, 0x9, 0x5, 0xcff, 0x0, 0xb7, 0x1, 0xff, 0x4, 0x5, 0x10, 0x1, 0x92a, 0x3, 0x5, 0xd, 0x5, 0x101, 0x6, 0x7fff, 0x800, 0x3, 0x4, 0x0, 0x7f, 0x200, 0x20, 0x7, 0x1000000, 0x0, 0x7f, 0x53, 0x8, 0x8, 0x5, 0x2, 0xf, 0xd81c, 0x840, 0x1, 0x9, 0x2, 0x81, 0x9, 0x3, 0x5, 0x1000, 0x8, 0x7, 0x94, 0x7, 0x8, 0x8001, 0x56f71053, 0x1, 0x867, 0x3ff, 0x40, 0x6, 0x3, 0xfff, 0x5, 0x197, 0x9, 0x6, 0x5, 0x6, 0x7, 0x0, 0xffff, 0x3, 0x1ff, 0x400, 0x3, 0xd42, 0x9, 0x5, 0x1ff, 0x4, 0x9, 0xbec, 0x5, 0x7, 0x3, 0x5, 0x64000000, 0x2, 0x1e, 0x3a, 0x6, 0x5, 0x18000, 0x2, 0xffff, 0x9, 0x6, 0x9, 0x0, 0xe4f, 0x1fffc000, 0x27b7, 0xe, 0x9, 0x9, 0x5, 0xd, 0x5, 0x7f, 0x76, 0x9, 0xc4fe, 0x1ff, 0x3, 0x7, 0x8, 0x87, 0x1, 0x4, 0x6, 0x40, 0x9, 0x8, 0x1, 0x6, 0x8, 0xc75e, 0x4, 0x6, 0x1b, 0xfd3, 0x2, 0x3, 0x9, 0x10, 0x4, 0x5d2f, 0x5, 0x1b, 0x3ff, 0x5, 0x8, 0x6, 0xc000000, 0x5c, 0x9, 0x541b, 0xce, 0x6, 0x4, 0x69f, 0x3, 0x5, 0x7, 0x4, 0x200, 0x7, 0x8, 0x2323, 0xfffffff7, 0xffff, 0x7ff, 0x4, 0xd, 0xffffff42, 0x89, 0x80000001, 0x3ff, 0x3, 0x554, 0xde, 0x0, 0x400, 0x3, 0x9, 0x800, 0x7cb3aca3, 0x6, 0x6, 0x4, 0xf8000000, 0x1, 0xfffffff9, 0x9, 0xffffffff, 0x0, 0x3, 0x10000, 0x4, 0x3, 0x8001, 0x10, 0xbb, 0x5, 0xf548, 0x5e0, 0x36c, 0xffffffff, 0x10, 0x676, 0xe67, 0x88, 0x808, 0x560, 0x6db5, 0xa7b, 0x2, 0x4, 0x9, 0x3, 0x4, 0xffffffff, 0x6, 0xed2, 0x24bdaad2, 0x9, 0x4, 0x3, 0x1, 0xd599, 0x2, 0x6c51, 0x2, 0x0, 0x0, 0x2, 0xfce6, 0xf, 0xcd0, 0x4, 0xf, 0x0, 0x9, 0x5, 0x200, 0x6, 0x5, 0x2, 0x7, 0x17, 0xc36, 0x0, 0x8fbb, 0x3, 0x5, 0x0, 0x8, 0x8, 0x1, 0x8, 0x1000001, 0x45d8, 0x9, 0x0, 0x60000, 0x7, 0x2, 0xfffffff1, 0x6, 0x2, 0xfffffd67, 0x2, 0x4, 0x5, 0x3, 0x800, 0x10, 0xa, 0xb12c, 0x5ce, 0x1, 0xfffffffd, 0xf9c8, 0x0, 0x80f4, 0x10000, 0x3, 0x8, 0x2, 0x9, 0x5, 0x8, 0x401, 0x7, 0x10, 0x0, 0x6b, 0x100, 0x8, 0x2, 0x2, 0x5273, 0xe45f, 0x10, 0x0, 0x8, 0x4, 0x7, 0x7, 0x6, 0x4, 0x8e8b, 0x5, 0x3, 0x7, 0x3, 0xe535, 0x80, 0x5, 0x6, 0x0, 0x3, 0xff, 0x7fffffff, 0x5, 0x1, 0xa, 0x4, 0x1, 0x31, 0x0, 0xee1, 0x10001, 0x3, 0xfffffffc, 0x4, 0x1, 0x6f9, 0x7, 0x1, 0xb, 0x0, 0xfffffff3, 0x8, 0x5, 0x3, 0x6, 0xfd, 0x3, 0x3d, 0x100, 0x80000001, 0x5, 0x7, 0x1, 0xffffffff, 0x6, 0x3d29, 0x4, 0x7, 0x8, 0xb04, 0x3, 0xea6, 0x9, 0x101, 0x4, 0x1400, 0xfffffeff, 0x7, 0x2, 0x4, 0x8, 0x7, 0xe, 0x2, 0xc, 0x2, 0x2, 0x64c1, 0x80000000, 0x200, 0x2, 0xfffffffd, 0x1, 0x91, 0x8001, 0x401, 0x781d, 0x80, 0xfffff5b0, 0x8, 0x3, 0x8, 0xfff, 0xcd800000, 0x9, 0x6, 0x0, 0x5b5, 0x7, 0x10, 0xa, 0x5, 0x10001, 0xc, 0x9e9, 0x53, 0xfffffdd5, 0xc, 0xc00, 0x40, 0x401, 0xf2a6, 0x7, 0x3, 0xe4, 0x80000001, 0x3800000, 0x0, 0x3ff, 0x3, 0x7fffffff, 0x4, 0x0, 0x1, 0xf, 0x7, 0xa84d, 0x3, 0xaf, 0xaf72, 0x5f, 0x1, 0xe, 0x6, 0x9, 0x5, 0x7, 0x3, 0x5, 0x3, 0x40, 0x1000, 0x75f1, 0x4, 0x3, 0x1, 0xfffffffd, 0x4, 0x8, 0x10, 0x80, 0x2, 0x6, 0x6, 0xe, 0xc, 0x3, 0x2, 0xd, 0x5, 0xfffff3f2, 0x6, 0x8, 0x3, 0x6, 0x5, 0x3, 0x101, 0x8, 0xbd, 0xa, 0x8, 0xffffed34, 0x8000, 0x2, 0x7, 0x7, 0x55f4727b, 0xd, 0x3b, 0x5, 0x8, 0xffffffff, 0x4, 0x81, 0x6, 0xb, 0x2, 0xa53, 0xff, 0x0, 0x2, 0x5, 0x3233, 0xff, 0x6, 0x2, 0x9, 0x1, 0x0, 0x3ff, 0x5, 0x8, 0x40, 0x0, 0x40, 0x88, 0x5, 0x80, 0x4, 0xd0000000, 0x8, 0x4, 0x5, 0x5, 0x7, 0x0, 0x0, 0x76b, 0xbb, 0x2, 0x5, 0x7fff, 0x9, 0xa, 0x5, 0x80, 0x4, 0x8, 0x8, 0x1f, 0x1, 0x3, 0x4, 0xd126, 0x7, 0x5, 0x0, 0x0, 0x8, 0x4, 0x1, 0x5, 0xfffffffa, 0x8, 0x270b, 0x5, 0x7fff, 0x4, 0x5, 0x6, 0x3, 0x4, 0x13f, 0x0, 0xc906, 0x6, 0x100, 0x4, 0x3, 0x3, 0x7f, 0x2b, 0x4, 0x3, 0x3, 0x8001, 0x46f, 0x19f1, 0x6, 0x20, 0x2, 0x2, 0x6, 0x5, 0x5, 0x401, 0x5, 0x6, 0x5, 0x7, 0xb, 0x200, 0x6, 0x9, 0x7, 0x5, 0x1, 0x7f, 0x9, 0xc3b, 0xfdf5, 0x0, 0x3, 0x0, 0xf, 0x1, 0x800, 0x4f35, 0x1, 0x18, 0x9, 0x0, 0x6, 0xaa5, 0x800, 0x9, 0x7, 0x800, 0x8, 0xfffffffb, 0xff, 0x5, 0x1000, 0x8, 0x6, 0x6, 0x80, 0x9, 0x8, 0x5, 0x8, 0x8, 0x100, 0x8, 0x10, 0x3, 0x7, 0x82, 0x4, 0x40, 0xabde, 0x1, 0xb, 0x8, 0x4, 0x8, 0x7f, 0x100, 0x8, 0x9, 0x6, 0x80000001, 0x2, 0x8, 0x2, 0x7fff, 0x4, 0x6, 0x4, 0x5, 0x3, 0x0, 0x1, 0x8, 0x59, 0x1, 0x0, 0x48, 0xaa19, 0xc, 0x401, 0x1, 0x401, 0x8, 0xc11, 0x4, 0x0, 0x7, 0x2, 0x7f, 0x0, 0x0, 0xc0000, 0x7, 0x4, 0xef47, 0x3, 0x1, 0x0, 0x2, 0x1, 0x0, 0xe14f, 0x5, 0x7, 0x8, 0x7fffffff, 0x7f, 0xffffffff, 0xffffff88, 0x400, 0x7fffffff, 0x8010, 0x5, 0x9, 0x5, 0x0, 0xff, 0x0, 0x8, 0xffffffff, 0x5, 0xfffffffc, 0x9, 0x1, 0x9, 0xfffffffe, 0x40, 0x3, 0x7, 0x0, 0x6, 0x2, 0x6, 0x81, 0x4, 0x401, 0x6, 0x5, 0x3, 0x0, 0xd, 0x6, 0xc, 0x2, 0x1, 0xfffffe5c, 0x40, 0x0, 0x9, 0x24, 0x1ff, 0x4, 0xe92, 0x5, 0x6e3, 0x4, 0xff, 0x0, 0xdf, 0x5, 0x7, 0x100, 0x3ac9, 0x10001, 0xae27, 0x80, 0x5, 0x7, 0x7fff, 0x0, 0xb, 0x4, 0xffffff12, 0x1, 0x0, 0x9, 0x331d, 0x5, 0xb9, 0x7, 0x4, 0x4, 0x9, 0x6cf3, 0x8, 0x7, 0xf, 0x9, 0x9, 0xffff, 0x8000, 0x1, 0x2, 0x2, 0xdc0, 0x5, 0x100, 0x9, 0x1, 0xfffffff8, 0x800, 0x3, 0x0, 0x8, 0x644d, 0x93, 0xb0, 0x2, 0x3ff, 0x800, 0xfffffff7, 0x2, 0x0, 0xff]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000dc0)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000d40), 0x21800, r3}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r3}, 0x38)
mkdir(&(0x7f00000005c0)='./file0\x00', 0x15)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x400100)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/233, 0xe9}, {&(0x7f0000000140)=""/51, 0x33}, {&(0x7f0000000280)=""/211, 0xd3}], 0x3)

7.780894138s ago: executing program 2 (id=3078):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x5, 0x4)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa4}}, 0x4800)
sendto$inet(r1, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000bc0)="23004e4ee760d48ddc6b7a1ebfc6e0276028840fb20d5233e81c802684e8ac1dc195296ffaaeace75a07a653ee918f67beb970cd36769470f7acb5cd5becfa3839cec05a81f9488931e0a9ba9a246f45fee8b5240bd1e078539b56973bfbbee5a100668daf66ef25121ca65db1d172a489e35e43f2ced9183d48b5850b9e1de2c492604f7b27f030d82cf14d7b", 0x8d}, {&(0x7f0000000380)="08d69fe50cd7a79471d8419b0bb9ae9b86ca44a80d0bd986922f24a62dd8eec5a0b561b310cdaa32d1cf3a8aa7e804b357ae5dd9eeb92819", 0x38}], 0x2}}], 0x1, 0x4000001)
unshare(0x22020400)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sync()
sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x0, 0x0, 0x21)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001800010900000a000000000002180000008d25080000000008000100ac1414"], 0x24}}, 0x4)

7.360540586s ago: executing program 5 (id=3079):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000006c0)='~', 0x1}], 0x1, 0x0, 0x0, 0x20000000}, 0x80)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg$unix(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0xe5}], 0x1}, 0x2)

7.25623331s ago: executing program 5 (id=3081):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0xf6c, 0x30240)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = dup(r1)
write$UHID_INPUT(r2, 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102376, 0x18fe8)
ioctl$SNDCTL_TMR_STOP(0xffffffffffffffff, 0x5402)
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000300)="a3", 0x1}], 0x1)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(r4, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000040))

6.344559224s ago: executing program 5 (id=3082):
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000f1a000/0x2000)=nil, 0x2000, &(0x7f0000000000))
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000eb0000020000060900010073797a200000000028000000000a010800000000000000000a00000308000240000000010900010073797a300000000028000000000a030000000000000000000a00000008000240000000000900010073797a30"], 0x98}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0xa4}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102384, 0x18ff0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000))
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_ifreq(r7, 0x8931, &(0x7f0000000040)={'batadv0\x00', @ifru_names='veth0_to_batadv\x00'})
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000080)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0x7, 0x0, 0x700, 0x0, [@sadb_address={0x5, 0x7, 0x6c, 0xa0, 0x0, @in6={0xa, 0x4e22, 0xffffffff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}}]}, 0x38}, 0x1, 0x7}, 0x0)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r6, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
socket$igmp6(0xa, 0x3, 0x2)
rename(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='./file0\x00')
prctl$PR_MCE_KILL(0x35, 0x0, 0x2)
syz_usb_connect$uac1(0x2, 0xb8, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa6, 0x3, 0x1, 0x56, 0xc0, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x101, 0xbb}, [@feature_unit={0x11, 0x24, 0x6, 0x1, 0x4, 0x5, [0x7, 0xa, 0x8, 0x3, 0x2], 0x5}, @selector_unit={0x5, 0x24, 0x5, 0x6, 0xf}, @feature_unit={0xf, 0x24, 0x6, 0x2, 0x5, 0x4, [0x2, 0x2, 0xa, 0xa], 0x4}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x203, 0x2, 0x50, 0x80, 0x9, 0x1}, @feature_unit={0xd, 0x24, 0x6, 0x5, 0x2, 0x3, [0x7, 0xcd32e795acb4132e, 0xa]}, @output_terminal={0x9, 0x24, 0x3, 0x1, 0x202, 0x5, 0x5, 0xf5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x93, 0x1, 0x5, {0x7, 0x25, 0x1, 0x0, 0x3, 0xf48}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0xd, 0x2, 0x4, {0x7, 0x25, 0x1, 0x91e8570469aa5526, 0x8, 0x3}}}}}}}]}}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0xfffffffc, @empty}, 0x1c)

5.83750876s ago: executing program 2 (id=3083):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async, rerun: 64)
r1 = getpgrp(0x0) (rerun: 64)
syz_open_procfs(r1, &(0x7f0000000040)='net/ip6_tables_matches\x00') (async)
creat(&(0x7f0000000000)='./file0\x00', 0x0) (async)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
read$FUSE(r2, &(0x7f00000103c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000340)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0xffffffffb7040039, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}}, 0x50)
r4 = socket$netlink(0x10, 0x3, 0x2) (async, rerun: 64)
r5 = getpid() (rerun: 64)
capget(&(0x7f00000001c0)={0x20071026, r5}, &(0x7f0000000200)={0x4, 0x3, 0x5, 0xf7, 0x200, 0x7}) (async)
dup2(r4, 0xffffffffffffffff)

5.42594009s ago: executing program 2 (id=3085):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(0x0, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000080001"], 0x18}}, 0x0)

5.33162635s ago: executing program 1 (id=3086):
r0 = socket(0x10, 0x3, 0x0) (async, rerun: 64)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff}) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x44080) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x2, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4c, 0x2, [@TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0xf}, @TCA_FQ_FLOW_REFILL_DELAY={0x8, 0x9, 0x3ff}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x8000}, @TCA_FQ_FLOW_REFILL_DELAY={0x8, 0x9, 0x1ff}, @TCA_FQ_QUANTUM={0x8}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x1ff}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x3ff}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0xd}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0xb6}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x55}, 0x4000) (async)
syz_usb_connect(0x5, 0x2d, &(0x7f0000001dc0)={{0x12, 0x1, 0x200, 0xc4, 0xad, 0x6b, 0x40, 0x856, 0xac30, 0xd21d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x6, 0x2, 0x0, 0xf7, [{{0x9, 0x4, 0x6c, 0x9, 0x1, 0x96, 0x79, 0x5c, 0x7, [], [{{0x9, 0x5, 0x81, 0x3, 0x3ef, 0x6, 0xe, 0x7}}]}}]}}]}}, 0x0)

4.845736044s ago: executing program 6 (id=3087):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x51cfa, 0x0, 0x8000008, 0x3, 0xfffffffe, 0x1, 0x0, 0x7cce8c743ee810df})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xc}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)

4.211895671s ago: executing program 1 (id=3088):
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x0)
r1 = dup(r0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r2}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(0x4)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x5000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r4, 0x4020aed2, &(0x7f0000000000)={0x8000000, 0x205000, 0x8})
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
symlinkat(&(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=ANY=[@ANYBLOB="2800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="80000200e180000008001b"], 0x28}}, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r10 = socket(0x200000100000011, 0x3, 0x4)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r11=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x28, r9, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5}, @ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000800}, 0x40)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000280)={'gre0\x00', &(0x7f0000000300)={'gretap0\x00', <r12=>0x0, 0x7, 0x8, 0x6, 0x9, {{0x29, 0x4, 0x0, 0xb, 0xa4, 0x64, 0x0, 0x78, 0x29, 0x0, @loopback, @loopback, {[@timestamp={0x44, 0x10, 0x8e, 0x0, 0x8, [0x3, 0x0, 0x1d]}, @cipso={0x86, 0xd, 0xfffffffffffffffd, [{0x1, 0x7, "c00f0f0a74"}]}, @timestamp={0x44, 0xc, 0x6f, 0x0, 0x9, [0x1, 0x7]}, @noop, @timestamp_addr={0x44, 0x34, 0xdd, 0x1, 0xf, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x5}, {@multicast1, 0xffffffff}, {@broadcast}, {@broadcast, 0x1ee7}, {@local, 0x5}, {@loopback, 0x6}]}, @timestamp_addr={0x44, 0x1c, 0x3e, 0x1, 0xf, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@remote, 0x2}, {@multicast2}]}, @rr={0x7, 0x13, 0xbf, [@local, @broadcast, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000004c0)={'syztnl0\x00', &(0x7f0000000440)={'syztnl0\x00', <r13=>0x0, 0x29, 0xf, 0x7, 0x8, 0x41, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, 0x59, 0x8, 0x3, 0x6}})
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000600)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="ac000000", @ANYRES16=r9, @ANYBLOB="000229bd7000fbdbdf2501000000040003002400018008000100", @ANYRES32=0x0, @ANYBLOB="08040100", @ANYRES32=r12, @ANYBLOB="080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="7000018008000100", @ANYRES32=r13, @ANYBLOB="080003000200000014000200766c616e3000000000000000000000000800030002000000080003000300000014000200626f6e645f736c6176655f31000000001400020073797a6b616c6c65723000000000000008000300000000000800030003000000"], 0xac}, 0x1, 0x0, 0x0, 0x20000000}, 0x8c0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="010000000000000008001b"], 0x28}}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)

4.079360592s ago: executing program 6 (id=3089):
syz_emit_ethernet(0x5eb, &(0x7f0000000500)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd60108f8405b53a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa80009078000000001921c5b5593d306fe829d57a2c0ff35e01b6fd4643ee7b22246f53616e80bc31be183648ba4bebcbe115bc693ffe8a2bea7f806079572dc37fdd5c1fa74c1174bf2d5bd623ced42b3a5d7f6384a9064864cd016d2da8a77aa57a8f6300c17b7e54ed1217f71f596808f597907085203374a07e045729d54cc02b34ae097a7854bb648aab9ec940e3c2a57b6ffff0e396d846bda548c83414c2daf86c6abedfe61d2c6b90e72d3fa090a971284756bf1e07fd760e286e4899819dd379d3813a4441e4bb27faf68dcb3401d5db544c15fce0772e72f9b434bf6cecaf0b4bd0d57914c7ff10e4009d977ab92b1a0795e7ed5a8ef8231ca9f10f120dcc8802c0fce0a5f57920911f0dbd4e41d0a5477fea2cdfaa078f59ac7373fb30e2ab297bd125f02659c1e90bcfcb063ed04b038a9d94e6cc9f969005a101327200715c868051fbb29ab00ebac358ba73b8e1df18da163577fefc0f5664aef688fd85b8a5c2496bffda93a5b1efaa86ccac98743a2eef9c68507219e679fa1899ac7766b7a277d924399256bd802f5918e4b0d0e7cf78ace287b65a9324ee13d94340a637093ab7916a8864a0a41547c699631f95ee2a68e2d37daedfd090e52a6e2986113c436b46a5661be323ce690143a6ff82427a4b8faf45d22d6dd5c2207017076660197d1d8ed8933995b232c6c02e5a0aada65159ab45e68c98151e075755e1117d85e7bbb17f587db0a2f961261e862c0f91f2ee8c2cd2ebee0eca797772abd721983d709d8dc792b055a12550785f4574088ed3e654d1feae48e46a9fae368d1dcfb63cd2f3dd47e04d52b821e012660bf3a3e0a5e2f459fce3a9bebac36a24dbf338fb2d583940c54dd7cc032a95ac04c4ff68461e8120d31319da2e1a19316bec07d2b00abe04b25b0fd502eb76f1e38df75984b3ea8481ff0db5388bfde15b8ea507b9aa852fbf5f4c923dc8e9ad7f6d08b9ff98310b1b4990d72a9a259a1443177bf9ca9c0748d9867dbbdeafa644b0e4ea4afc8ff030e4f99eb04c2178d6fdded53a4e0e1211307b3e8f7007ebfd39603bc2d7a0c84e588d2a322bed39f1cbd2bde99373262d29be8f309eaca12f85835ecad9eda017323fccdaf9a0c1715075ae16862360b722109f55cbbfc1d401106ce29642fb521c4251309b4934bf89cf8de3ca546f9628020f85a7441e7b775eaf5fee9ccf57f35b1e4024a10e47b1e81c00360201174a247a6402435450ba9e3f8a8704adb3c17dba772ca567d1f4eb592a302a51ecd951ea2531a5b6c651b9a668410f5f05e5ce0f475f71f643df3f920a936daddd3b72c59618a4d8f89106a403c800eadeb5e74918f56eacf7ea6ce34ca44920b5a1153d709fd5538ab0ab68ed13b11601607232f42296511e1ed41e7da0ba0f2089fddd4e8034f0f082e0658c95e23301240abe7e36a71125b4cacbc3267745de961f278e51c1db635aada53a987244b612542db9b7b0e8e49bcb28c4e6bd116e81338273d97ce23bbddf24f3e9b39135794281b65d321fdb521f9f4575d0d7ae84e3037f8aa6f6da11e37bd3ca57ed84b430596566b8c1a462330f2eb76c4d715154813cc651b19f399f7449d322f010e1c49ced10d964ed8e2a3bcc521ab40255e6ce32d6721a6f60c8d1aefc2ed899d144f1985cbfc2867d8e8b9a4689f0ad579df0f05ac57de9e6bfe574ffec6a9087f92c88013c80cc308c34fd3d09c637b682ea74aea27270f753b301cdc51d34cf7b445789d1404091835c73ab1764711136741e6a1379df157759d167243b0e2d3e35694c628f7f968a991011c5a1924db747876800277e2e6ec964f532938e6e6d4ac2b4ecd51f7bd5a670d79fba1e3d8f0f0c685df498c886152453d6edf5671fe3cf955152e01993197302fcc4c2b1b8d2f2be482f583c8de176e53e1f303baf152e6cc498c2adcfcd0e47f08417434460f71107e84627c1fde91b58847fb01d2e7bdd87c20115e7b6fa6c33d91220801a68acd1ae66fdfb0dd20e4d6cd145a7176a7b0b32a33fedab9b026bc5019ce1c998dd7a"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRESDEC=0x0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x3147504d, 0x0, 0xb}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="280000000306010200000000000000150500000005000100070000000900020073797a3100000000"], 0x28}}, 0x20000840)
bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0xc, &(0x7f00000013c0)=ANY=[@ANYBLOB="180200001000000000000000000000001801000020696c2500000000002020207b2af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000087000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r2, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000440))
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)

2.680429071s ago: executing program 2 (id=3090):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000003850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x16, 0x0, 0xb161, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3, <r4=>0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r4, 0x0, &(0x7f0000001780)=""/4096}, 0x20)
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r5 = getpid()
sched_setscheduler(r5, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bind$isdn(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x8c, 0x0, 0x1}, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a68000000060a01040000000000000000020000033c0004802c0001800a0001006d617463680000001c0002800800010074746c00060003007acc000008000240000000000c000180080001d3050000000000000073797a30"], 0x90}, 0x1, 0x0, 0x0, 0x24004001}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000001400), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

2.405808932s ago: executing program 6 (id=3091):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0xf6c, 0x30240)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = dup(r1)
write$UHID_INPUT(r2, 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102376, 0x18fe8)
ioctl$SNDCTL_TMR_STOP(0xffffffffffffffff, 0x5402)
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000300)="a3", 0x1}], 0x1)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(r4, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000040))

1.568313188s ago: executing program 2 (id=3092):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x5, 0x4)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa4}}, 0x4800)
sendto$inet(r1, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000bc0)="23004e4ee760d48ddc6b7a1ebfc6e0276028840fb20d5233e81c802684e8ac1dc195296ffaaeace75a07a653ee918f67beb970cd36769470f7acb5cd5becfa3839cec05a81f9488931e0a9ba9a246f45fee8b5240bd1e078539b56973bfbbee5a100668daf66ef25121ca65db1d172a489e35e43f2ced9183d48b5850b9e1de2c492604f7b27f030d82cf14d7b", 0x8d}, {&(0x7f0000000380)="08d69fe50cd7a79471d8419b0bb9ae9b86ca44a80d0bd986922f24a62dd8eec5a0b561b310cdaa32d1cf3a8aa7e804b357ae5dd9eeb92819", 0x38}], 0x2}}], 0x1, 0x4000001)
unshare(0x22020400)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sync()
sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x0, 0x0, 0x21)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001800010900000a000000000002180000008d25080000000008000100ac1414"], 0x24}}, 0x4)

904.873717ms ago: executing program 6 (id=3093):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4, 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x9, 0xfc, 0x2, '\x00', 0x8001})
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000f87000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x2, 0x0, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e24, 0x6, @loopback, 0x4}, 0x1c)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap$usbmon(&(0x7f0000f8b000/0x4000)=nil, 0x4000, 0x100000e, 0x50, r4, 0x5)
sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x9, 0x4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000195000/0x2000)=nil, 0x2000, 0x4000, &(0x7f0000000400)=0xfb, 0x9, 0x3)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x15, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000000000180000000000000000000000000000009500000000000000360a020000001000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, 0x0, 0x40d0)

272.616799ms ago: executing program 6 (id=3094):
r0 = socket$caif_seqpacket(0x25, 0x5, 0x0)
r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x8)
close(r1)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000200), 0x264045, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfvno=', @ANYRESOCT=r0])

0s ago: executing program 6 (id=3095):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0f00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000020b7ded1868c7dbe038beedd70782f48383cc7e49648fb36b01b34e50e673e3a4d6b89dbd32ff4c447c9f16ef530d9f47de1aa16ea62637072ff42dfe4a9e62ede765d0aec3761c0e0b47e05c5b98a79a9ea51696e53e9e415af61d0587c589bcc7f0948f489d54b98c90c0ec18b882fb465ea2362b56c02d16c2501e1ebf3403251bc3f19c8b6c1d584b64cf08fd7c3877ebf5f7deb4628d926777206f0ab3560eead5f9407c29257d258719b50195d7e0250d3687d14ed7a0d4114b35a05b67f924399d0507f7d94131a398977"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getdents(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
sendmsg$key(0xffffffffffffffff, 0x0, 0x2000c800)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x1239, 0x4b4a)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ptrace(0x10, r2)
io_uring_enter(0xffffffffffffffff, 0x740c, 0xa980, 0x70, &(0x7f0000000100)={[0x3d79e824]}, 0x8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x4001, 0xffffffff, 0x0, 0x5}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xf23}, 0x18}}, 0x0)
socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xe00, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newtaction={0x14, 0x1e, 0x109, 0x70bd29, 0x800000}, 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

[T13337]  notifier_call_chain+0xb7/0x410
[  662.628966][T13337]  ? __pfx_addrconf_notify+0x10/0x10
[  662.628979][T13337]  call_netdevice_notifiers_info+0xbe/0x140
[  662.628994][T13337]  netdev_state_change+0x115/0x150
[  662.629009][T13337]  ? __pfx_netdev_state_change+0x10/0x10
[  662.629024][T13337]  ? ip_tunnel_update+0x73e/0x960
[  662.629039][T13337]  ip_tunnel_changelink+0x174/0x330
[  662.629051][T13337]  ipgre_changelink+0x172/0x260
[  662.629067][T13337]  ? __pfx_ipgre_changelink+0x10/0x10
[  662.629086][T13337]  ? rtnl_link_get_net_capable.constprop.0+0x12d/0x370
[  662.629101][T13337]  ? __pfx_ipgre_changelink+0x10/0x10
[  662.629117][T13337]  rtnl_newlink+0x115a/0x1d60
[  662.629132][T13337]  ? __pfx_rtnl_newlink+0x10/0x10
[  662.629145][T13337]  ? find_held_lock+0x2d/0x110
[  662.629158][T13337]  ? rcu_preempt_deferred_qs_irqrestore+0x502/0xbd0
[  662.629173][T13337]  ? __pfx_lock_release+0x10/0x10
[  662.629191][T13337]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  662.629207][T13337]  ? lockdep_hardirqs_on+0x7c/0x110
[  662.629217][T13337]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  662.629233][T13337]  ? rcu_preempt_deferred_qs_irqrestore+0x502/0xbd0
[  662.629249][T13337]  ? rcu_is_watching+0x12/0xc0
[  662.629261][T13337]  ? __pfx_rtnl_newlink+0x10/0x10
[  662.629272][T13337]  rtnetlink_rcv_msg+0x95b/0xea0
[  662.629286][T13337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  662.629304][T13337]  netlink_rcv_skb+0x16b/0x440
[  662.629317][T13337]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  662.629329][T13337]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  662.629348][T13337]  ? rcu_is_watching+0x12/0xc0
[  662.629361][T13337]  netlink_unicast+0x53c/0x7f0
[  662.629375][T13337]  ? __pfx_netlink_unicast+0x10/0x10
[  662.629390][T13337]  netlink_sendmsg+0x8b8/0xd70
[  662.629404][T13337]  ? __pfx_netlink_sendmsg+0x10/0x10
[  662.629420][T13337]  ____sys_sendmsg+0xaaf/0xc90
[  662.629436][T13337]  ? copy_msghdr_from_user+0x10b/0x160
[  662.629448][T13337]  ? __pfx_____sys_sendmsg+0x10/0x10
[  662.629470][T13337]  ___sys_sendmsg+0x135/0x1e0
[  662.629483][T13337]  ? __pfx____sys_sendmsg+0x10/0x10
[  662.629501][T13337]  ? __pfx_lock_release+0x10/0x10
[  662.629514][T13337]  ? trace_lock_acquire+0x14e/0x1f0
[  662.629529][T13337]  ? __fget_files+0x206/0x3a0
[  662.629542][T13337]  __sys_sendmsg+0x16e/0x220
[  662.629555][T13337]  ? __pfx___sys_sendmsg+0x10/0x10
[  662.629576][T13337]  do_syscall_64+0xcd/0x250
[  662.629588][T13337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.629602][T13337] RIP: 0033:0x7f8439b8cde9
[  662.629610][T13337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  662.629620][T13337] RSP: 002b:00007f843aa13038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  662.629629][T13337] RAX: ffffffffffffffda RBX: 00007f8439da6080 RCX: 00007f8439b8cde9
[  662.629635][T13337] RDX: 0000000000000000 RSI: 0000400000000080 RDI: 0000000000000007
[  662.629641][T13337] RBP: 00007f843aa13090 R08: 0000000000000000 R09: 0000000000000000
[  662.629647][T13337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  662.629652][T13337] R13: 0000000000000000 R14: 00007f8439da6080 R15: 00007fffdc8aabd8
[  662.629664][T13337]  </TASK>
[  663.348190][T13346] virtio-fs: tag <(null)> not found
[  664.130366][T13360] random: crng reseeded on system resumption
[  664.787016][T13365] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2048'.
[  665.690410][  T117] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  665.861082][  T117] usb 6-1: Using ep0 maxpacket: 32
[  665.892850][  T117] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  665.952521][  T117] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  665.983936][  T117] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  665.996445][  T117] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  666.013970][  T117] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  666.025209][  T117] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  666.042382][  T117] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  666.056488][  T117] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  666.067953][  T117] usb 6-1: config 0 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  666.083661][  T117] usb 6-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01
[  666.094737][  T117] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.103454][  T117] usb 6-1: Product: syz
[  666.108272][  T117] usb 6-1: Manufacturer: syz
[  666.131061][  T117] usb 6-1: SerialNumber: syz
[  666.137602][  T117] usb 6-1: config 0 descriptor??
[  666.148032][T13380] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  666.391116][T13380] nbd: nbd5 already in use
[  666.560118][T13389] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2053'.
[  666.880644][  T117] cxacru_cm: 7 callbacks suppressed
[  666.880665][  T117] cxacru 6-1:0.0: submit of read urb for cm 0x90 failed (-8)
[  666.901209][  T117] cxacru 6-1:0.0: usbatm_usb_probe: invalid endpoint 02!
[  666.908332][  T117] cxacru 6-1:0.0: probe with driver cxacru failed with error -22
[  666.926781][  T117] usb 6-1: USB disconnect, device number 23
[  668.227888][T13421] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  668.842748][T13437] random: crng reseeded on system resumption
[  668.849954][T13440] block nbd6: NBD_DISCONNECT
[  668.939547][T13440] block nbd6: Disconnected due to user request.
[  668.952498][T13440] block nbd6: shutting down sockets
[  669.058557][T13441] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.2066'.
[  669.068491][T13441] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.2066'.
[  669.515518][T13449] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  670.324323][T13464] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.2070'.
[  672.429924][   T29] audit: type=1400 audit(1739702333.159:835): avc:  denied  { read } for  pid=13470 comm="syz.2.2074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  673.089131][T13486] netlink: 'syz.2.2078': attribute type 7 has an invalid length.
[  673.181206][T13488] block nbd1: NBD_DISCONNECT
[  673.219755][T13488] block nbd1: Disconnected due to user request.
[  673.246911][T13488] block nbd1: shutting down sockets
[  673.368438][T13497] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  673.410560][   T29] audit: type=1804 audit(1739702334.919:836): pid=13499 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.2082" name="/newroot/433/file0" dev="tmpfs" ino=2286 res=1 errno=0
[  673.870117][ T5826] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  674.242289][T13520] tmpfs: Bad value for 'usrquota_inode_hardlimit'
[  674.319085][T13521] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2088'.
[  674.430793][T13521] lo speed is unknown, defaulting to 1000
[  674.737017][ T5826] usb 3-1: config 0 has an invalid interface number: 217 but max is 0
[  674.759013][ T5826] usb 3-1: config 0 has no interface number 0
[  674.787687][ T5826] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  674.812495][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.851368][ T5826] usb 3-1: Product: syz
[  674.870099][ T5826] usb 3-1: Manufacturer: syz
[  674.883493][ T5826] usb 3-1: SerialNumber: syz
[  674.897626][ T5826] usb 3-1: config 0 descriptor??
[  674.910918][ T5826] hub 3-1:0.217: bad descriptor, ignoring hub
[  674.926402][ T5826] hub 3-1:0.217: probe with driver hub failed with error -5
[  675.192922][T13532] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  675.201120][T13532] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  675.210147][T13532] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  675.217924][T13532] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  675.632706][ T5826] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  675.672553][ T5826] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  675.680787][ T5826] dib0700: firmware download failed at 7 with -22
[  675.803383][ T5826] usb 3-1: USB disconnect, device number 61
[  675.873225][T13535] FAULT_INJECTION: forcing a failure.
[  675.873225][T13535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.903377][T13535] CPU: 1 UID: 0 PID: 13535 Comm: syz.0.2092 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  675.903400][T13535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  675.903410][T13535] Call Trace:
[  675.903415][T13535]  <TASK>
[  675.903422][T13535]  dump_stack_lvl+0x16c/0x1f0
[  675.903445][T13535]  should_fail_ex+0x50a/0x650
[  675.903471][T13535]  _copy_to_user+0x32/0xd0
[  675.903489][T13535]  simple_read_from_buffer+0xd0/0x160
[  675.903514][T13535]  proc_fail_nth_read+0x198/0x270
[  675.903538][T13535]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  675.903562][T13535]  ? rw_verify_area+0xcf/0x680
[  675.903585][T13535]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  675.903607][T13535]  vfs_read+0x1df/0xbf0
[  675.903632][T13535]  ? __fget_files+0x1fc/0x3a0
[  675.903647][T13535]  ? __pfx___mutex_lock+0x10/0x10
[  675.903666][T13535]  ? __pfx_vfs_read+0x10/0x10
[  675.903698][T13535]  ? __fget_files+0x206/0x3a0
[  675.903721][T13535]  ksys_read+0x12b/0x250
[  675.903745][T13535]  ? __pfx_ksys_read+0x10/0x10
[  675.903778][T13535]  do_syscall_64+0xcd/0x250
[  675.903798][T13535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.903821][T13535] RIP: 0033:0x7f72d678b7fc
[  675.903835][T13535] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  675.903851][T13535] RSP: 002b:00007f72d7531030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  675.903868][T13535] RAX: ffffffffffffffda RBX: 00007f72d69a5fa0 RCX: 00007f72d678b7fc
[  675.903879][T13535] RDX: 000000000000000f RSI: 00007f72d75310a0 RDI: 0000000000000005
[  675.903889][T13535] RBP: 00007f72d7531090 R08: 0000000000000000 R09: 0000000000000000
[  675.903899][T13535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.903908][T13535] R13: 0000000000000000 R14: 00007f72d69a5fa0 R15: 00007ffe7ba0b008
[  675.903930][T13535]  </TASK>
[  676.088346][    C1] vkms_vblank_simulate: vblank timer overrun
[  676.573471][T12775] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  676.641716][   T29] audit: type=1400 audit(1739702338.139:837): avc:  denied  { bind } for  pid=13543 comm="syz.2.2095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  676.661021][    C1] vkms_vblank_simulate: vblank timer overrun
[  676.930795][   T29] audit: type=1400 audit(1739702338.139:838): avc:  denied  { node_bind } for  pid=13543 comm="syz.2.2095" saddr=fe88::3 src=52772 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  677.146052][T12775] usb 6-1: unable to get BOS descriptor or descriptor too short
[  677.156202][T12775] usb 6-1: config 1 has an invalid interface number: 68 but max is 1
[  677.166298][T12775] usb 6-1: config 1 has no interface number 1
[  677.173567][T12775] usb 6-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  677.189679][T12775] usb 6-1: config 1 interface 0 has no altsetting 0
[  677.199326][T12775] usb 6-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  677.220324][T12775] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.237182][T12775] usb 6-1: Product: syz
[  677.242234][T12775] usb 6-1: Manufacturer: syz
[  677.984515][T12775] usb 6-1: SerialNumber: syz
[  678.389610][T12775] smsusb:smsusb_probe: board id=8, interface number 0
[  678.427984][T12775] smsusb:smsusb_probe: board id=8, interface number 68
[  678.476829][T12775] usb 6-1: USB disconnect, device number 24
[  680.040520][T13588] FAULT_INJECTION: forcing a failure.
[  680.040520][T13588] name failslab, interval 1, probability 0, space 0, times 0
[  680.121987][T13590] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2108'.
[  680.188594][T13588] CPU: 0 UID: 0 PID: 13588 Comm: syz.1.2110 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  680.188621][T13588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  680.188630][T13588] Call Trace:
[  680.188635][T13588]  <TASK>
[  680.188642][T13588]  dump_stack_lvl+0x16c/0x1f0
[  680.188666][T13588]  should_fail_ex+0x50a/0x650
[  680.188691][T13588]  ? fs_reclaim_acquire+0xae/0x150
[  680.188717][T13588]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  680.188741][T13588]  should_failslab+0xc2/0x120
[  680.188759][T13588]  __kmalloc_noprof+0xcb/0x510
[  680.188775][T13588]  ? __pfx___mutex_lock+0x10/0x10
[  680.188798][T13588]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  680.188827][T13588]  genl_start+0x18e/0x960
[  680.188851][T13588]  __netlink_dump_start+0x607/0x970
[  680.188874][T13588]  genl_family_rcv_msg_dumpit+0x1e1/0x2e0
[  680.188899][T13588]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  680.188928][T13588]  ? __pfx_genl_get_cmd+0x10/0x10
[  680.188946][T13588]  ? __pfx_genl_start+0x10/0x10
[  680.188965][T13588]  ? __pfx_genl_dumpit+0x10/0x10
[  680.188985][T13588]  ? __pfx_genl_done+0x10/0x10
[  680.189010][T13588]  ? __radix_tree_lookup+0x21f/0x2c0
[  680.189041][T13588]  genl_rcv_msg+0x470/0x800
[  680.189065][T13588]  ? __pfx_genl_rcv_msg+0x10/0x10
[  680.189085][T13588]  ? __pfx_ethnl_default_start+0x10/0x10
[  680.189100][T13588]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  680.189114][T13588]  ? __pfx_ethnl_default_done+0x10/0x10
[  680.189149][T13588]  netlink_rcv_skb+0x16b/0x440
[  680.189168][T13588]  ? __pfx_genl_rcv_msg+0x10/0x10
[  680.189197][T13588]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  680.189227][T13588]  ? down_read+0xc9/0x330
[  680.189246][T13588]  ? __pfx_down_read+0x10/0x10
[  680.189265][T13588]  ? netlink_deliver_tap+0x1ae/0xd30
[  680.189288][T13588]  genl_rcv+0x28/0x40
[  680.189307][T13588]  netlink_unicast+0x53c/0x7f0
[  680.189329][T13588]  ? __pfx_netlink_unicast+0x10/0x10
[  680.189356][T13588]  netlink_sendmsg+0x8b8/0xd70
[  680.189380][T13588]  ? __pfx_netlink_sendmsg+0x10/0x10
[  680.189409][T13588]  ____sys_sendmsg+0xaaf/0xc90
[  680.189436][T13588]  ? copy_msghdr_from_user+0x10b/0x160
[  680.189456][T13588]  ? __pfx_____sys_sendmsg+0x10/0x10
[  680.189490][T13588]  ___sys_sendmsg+0x135/0x1e0
[  680.189513][T13588]  ? __pfx____sys_sendmsg+0x10/0x10
[  680.189541][T13588]  ? __pfx_lock_release+0x10/0x10
[  680.189563][T13588]  ? trace_lock_acquire+0x14e/0x1f0
[  680.189590][T13588]  ? __fget_files+0x206/0x3a0
[  680.189612][T13588]  __sys_sendmsg+0x16e/0x220
[  680.189634][T13588]  ? __pfx___sys_sendmsg+0x10/0x10
[  680.189672][T13588]  do_syscall_64+0xcd/0x250
[  680.189692][T13588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.189714][T13588] RIP: 0033:0x7f3f8cf8cde9
[  680.189728][T13588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.189743][T13588] RSP: 002b:00007f3f8de15038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  680.189759][T13588] RAX: ffffffffffffffda RBX: 00007f3f8d1a5fa0 RCX: 00007f3f8cf8cde9
[  680.189773][T13588] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000003
[  680.189783][T13588] RBP: 00007f3f8de15090 R08: 0000000000000000 R09: 0000000000000000
[  680.189792][T13588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.189801][T13588] R13: 0000000000000000 R14: 00007f3f8d1a5fa0 R15: 00007ffdaea687b8
[  680.189824][T13588]  </TASK>
[  681.014577][T13606] netlink: 'syz.0.2112': attribute type 7 has an invalid length.
[  682.120398][T12775] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  682.291279][T12775] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  682.318271][T12775] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  682.348507][T12775] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  682.388878][T12775] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  682.397055][   T29] audit: type=1400 audit(1739702343.909:839): avc:  denied  { append } for  pid=13621 comm="syz.2.2119" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  682.422668][T13617] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  682.432289][T12775] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  683.334538][ T5826] usb 7-1: USB disconnect, device number 7
[  683.665942][T13644] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2124'.
[  683.779686][T13644] lo speed is unknown, defaulting to 1000
[  684.124260][T13647] sp0: Synchronizing with TNC
[  685.563014][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  685.945197][   T29] audit: type=1400 audit(1739702347.479:840): avc:  denied  { link } for  pid=13684 comm="syz.2.2141" name="#24" dev="tmpfs" ino=2253 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  686.062743][   T29] audit: type=1400 audit(1739702347.599:841): avc:  denied  { map } for  pid=13690 comm="syz.2.2144" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  686.480603][T13704] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2150'.
[  686.557746][T13708] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2152'.
[  686.587708][T13708] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2152'.
[  687.891297][   T29] audit: type=1326 audit(1739702349.419:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  687.905254][T13737] Non-string source
[  687.960030][   T29] audit: type=1326 audit(1739702349.419:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  688.017664][   T29] audit: type=1326 audit(1739702349.419:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  688.054179][   T29] audit: type=1326 audit(1739702349.449:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  688.119151][   T29] audit: type=1326 audit(1739702349.449:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  688.212940][   T29] audit: type=1326 audit(1739702349.449:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  689.751266][   T29] audit: type=1326 audit(1739702349.449:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  690.635160][   T29] audit: type=1326 audit(1739702349.449:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  690.672617][   T29] audit: type=1326 audit(1739702349.449:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  690.748174][   T29] audit: type=1326 audit(1739702349.449:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13729 comm="syz.6.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  692.989816][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  692.989832][   T29] audit: type=1400 audit(1739702354.509:857): avc:  denied  { lock } for  pid=13785 comm="syz.0.2180" path="/dev/dlm-monitor" dev="devtmpfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  695.346099][T13831] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2193'.
[  696.259445][T13834] netlink: 'syz.6.2194': attribute type 16 has an invalid length.
[  696.267373][T13834] netlink: 'syz.6.2194': attribute type 17 has an invalid length.
[  696.463328][T13834] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  697.107644][T13861] cgroup: Unknown subsys name 'cpuset'
[  698.458123][T13879] netlink: 'syz.0.2215': attribute type 1 has an invalid length.
[  698.502070][T13881] netlink: 'syz.1.2216': attribute type 7 has an invalid length.
[  698.539986][T12775] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  698.546250][T13881] netlink: 'syz.1.2216': attribute type 8 has an invalid length.
[  698.556507][   T29] audit: type=1400 audit(1739702360.089:858): avc:  denied  { listen } for  pid=13882 comm="syz.0.2217" path=2F3434312FE91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  698.558119][T13881] netlink: 'syz.1.2216': attribute type 13 has an invalid length.
[  698.650838][T13060] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  698.709917][T12775] usb 3-1: Using ep0 maxpacket: 16
[  698.716319][T12775] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  698.730146][T12775] usb 3-1: New USB device found, idVendor=056a, idProduct=0044, bcdDevice= 0.00
[  698.739194][T12775] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.771398][T12775] usb 3-1: config 0 descriptor??
[  698.812155][T13060] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  698.839319][T13060] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  698.855572][T13060] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  698.875784][T13060] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  698.885308][T13060] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.900724][T13060] usb 7-1: config 0 descriptor??
[  699.269708][T13900] No such timeout policy "syz0"
[  699.824547][T12775] wacom 0003:056A:0044.0008: item fetching failed at offset 6/7
[  699.833290][T12775] wacom 0003:056A:0044.0008: parse failed
[  699.839089][T12775] wacom 0003:056A:0044.0008: probe with driver wacom failed with error -22
[  699.893584][T13060] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  699.916274][T13060] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  700.060673][T13060] usb 3-1: USB disconnect, device number 62
[  701.094572][   T29] audit: type=1400 audit(1739702362.629:859): avc:  denied  { accept } for  pid=13926 comm="syz.5.2230" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  702.039965][ T5908] usb 7-1: reset high-speed USB device number 8 using dummy_hcd
[  702.220431][ T5908] usb 7-1: device firmware changed
[  702.775561][T13060] usb 7-1: USB disconnect, device number 8
[  703.103680][T11579] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  703.259842][T13060] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  703.266290][T11579] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  703.277780][T11579] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  703.308031][T11579] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  703.317556][T11579] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.343632][T11579] usb 6-1: Product: syz
[  703.347912][T11579] usb 6-1: Manufacturer: syz
[  703.354397][T11579] usb 6-1: SerialNumber: syz
[  703.431439][T13060] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  703.464271][T13060] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  703.475982][T13060] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.500027][T13060] usb 7-1: Product: syz
[  703.504213][T13060] usb 7-1: Manufacturer: syz
[  703.519008][T13060] usb 7-1: SerialNumber: syz
[  703.657114][   T29] audit: type=1400 audit(1739702365.179:860): avc:  denied  { shutdown } for  pid=13970 comm="syz.1.2249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  703.849429][T13976] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2251'.
[  704.379812][T11579] cdc_ncm 6-1:1.0: bind() failure
[  704.389902][T11579] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71
[  704.398181][T11579] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  704.408711][T11579] usbtest 6-1:1.1: probe with driver usbtest failed with error -71
[  704.419242][T11579] usb 6-1: USB disconnect, device number 25
[  704.545035][T13060] cdc_ncm 7-1:1.0: bind() failure
[  704.562029][T13060] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71
[  704.594168][T13060] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71
[  704.618982][T13060] usbtest 7-1:1.1: probe with driver usbtest failed with error -71
[  704.986723][T13060] usb 7-1: USB disconnect, device number 9
[  705.916125][T14031] snd_dummy snd_dummy.0: control 0:0:-4:syz0:0 is already present
[  707.526688][T14040] input: syz0 as /devices/virtual/input/input19
[  708.152649][T14049] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1547 sclass=netlink_route_socket pid=14049 comm=syz.0.2283
[  715.189920][T14112] snd_dummy snd_dummy.0: control 6:0:-4:syz0:0 is already present
[  717.559059][   T29] audit: type=1400 audit(1739702378.979:861): avc:  denied  { remount } for  pid=14135 comm="syz.6.2314" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  717.841481][   T29] audit: type=1400 audit(1739702379.379:862): avc:  denied  { unmount } for  pid=12035 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  719.037682][   T29] audit: type=1400 audit(1739702380.079:863): avc:  denied  { mount } for  pid=14140 comm="syz.5.2316" name="/" dev="configfs" ino=145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  719.104710][   T29] audit: type=1400 audit(1739702380.079:864): avc:  denied  { read } for  pid=14140 comm="syz.5.2316" name="/" dev="configfs" ino=145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  719.141031][   T29] audit: type=1400 audit(1739702380.079:865): avc:  denied  { open } for  pid=14140 comm="syz.5.2316" path="/237/file0" dev="configfs" ino=145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  719.408177][   T29] audit: type=1400 audit(1739702380.939:866): avc:  denied  { unmount } for  pid=10044 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  721.014770][T14178] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1547 sclass=netlink_route_socket pid=14178 comm=syz.0.2328
[  721.137143][T14186] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14186 comm=syz.0.2331
[  721.214967][   T29] audit: type=1400 audit(1739702382.749:867): avc:  denied  { write } for  pid=14193 comm="syz.0.2335" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  721.249151][   T29] audit: type=1400 audit(1739702382.749:868): avc:  denied  { ioctl } for  pid=14193 comm="syz.0.2335" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  721.538914][T14202] netlink: 'syz.0.2337': attribute type 4 has an invalid length.
[  723.307053][   T29] audit: type=1400 audit(1739702384.839:869): avc:  denied  { setopt } for  pid=14211 comm="syz.6.2340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  724.531444][T14227] overlayfs: overlapping lowerdir path
[  724.560713][   T29] audit: type=1400 audit(1739702386.089:870): avc:  denied  { mounton } for  pid=14208 comm="syz.1.2341" path="/proc/1668/cgroup" dev="proc" ino=45788 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  726.850973][   T29] audit: type=1326 audit(1739702388.389:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14257 comm="syz.1.2357" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f8cf8cde9 code=0x0
[  727.289129][T14262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  727.480053][T14262] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  733.507252][T14315] overlayfs: overlapping lowerdir path
[  735.500091][  T117] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  736.661789][T14332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  736.680175][T14332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  736.750451][  T117] usb 7-1: unable to get BOS descriptor or descriptor too short
[  736.821890][  T117] usb 7-1: unable to read config index 0 descriptor/start: -71
[  736.849923][  T117] usb 7-1: can't read configurations, error -71
[  737.460027][T14360] xt_CT: You must specify a L4 protocol and not use inversions on it
[  738.290355][T14364] batadv_slave_1: entered promiscuous mode
[  738.296718][T14363] batadv_slave_1: left promiscuous mode
[  738.972495][T14375] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2396'.
[  740.302953][   T29] audit: type=1400 audit(1739702401.829:872): avc:  denied  { lock } for  pid=14383 comm="syz.6.2399" path="/dev/loop8" dev="devtmpfs" ino=655 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  740.503317][   T29] audit: type=1326 audit(1739702402.039:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14392 comm="syz.5.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  740.588854][   T29] audit: type=1326 audit(1739702402.039:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14392 comm="syz.5.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  740.619879][ T7331] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  740.643737][   T29] audit: type=1326 audit(1739702402.079:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14392 comm="syz.5.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  740.669328][   T29] audit: type=1326 audit(1739702402.149:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14392 comm="syz.5.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  740.694199][   T29] audit: type=1326 audit(1739702402.149:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14392 comm="syz.5.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  740.809850][ T7331] usb 3-1: Using ep0 maxpacket: 16
[  740.831275][ T7331] usb 3-1: config index 0 descriptor too short (expected 1051, got 27)
[  740.839589][ T7331] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  740.872092][   T29] audit: type=1326 audit(1739702402.149:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14397 comm="syz.5.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f3b131bf6a5 code=0x7ffc0000
[  740.902293][ T7331] usb 3-1: config 0 has no interfaces?
[  740.921721][ T7331] usb 3-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9
[  740.939875][ T7331] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.969210][ T7331] usb 3-1: Product: syz
[  740.974600][   T29] audit: type=1326 audit(1739702402.269:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14392 comm="syz.5.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=247 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  741.085969][ T7331] usb 3-1: Manufacturer: syz
[  741.091112][ T7331] usb 3-1: SerialNumber: syz
[  741.096525][   T29] audit: type=1400 audit(1739702402.279:880): avc:  denied  { watch watch_reads } for  pid=14398 comm="syz.6.2405" path="/proc/sys/net" dev="proc" ino=47251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_net_t tclass=dir permissive=1
[  741.122830][ T7331] usb 3-1: config 0 descriptor??
[  741.129281][   T29] audit: type=1326 audit(1739702402.299:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14397 comm="syz.5.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  742.504397][  T117] usb 3-1: USB disconnect, device number 63
[  746.993129][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  754.174364][T14510] x_tables: ip_tables: udp match: only valid for protocol 17
[  754.939246][T14508] fuse: Bad value for 'rootmode'
[  756.579914][  T117] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  756.726315][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  756.726329][   T29] audit: type=1400 audit(1739702418.239:886): avc:  denied  { map } for  pid=14523 comm="syz.2.2446" path="socket:[46713]" dev="sockfs" ino=46713 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  756.786917][  T117] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  756.796526][  T117] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.809225][  T117] usb 7-1: config 0 descriptor??
[  757.883203][  T117] pegasus 7-1:0.0: probe with driver pegasus failed with error -32
[  758.050018][ T7331] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  758.199917][ T7331] usb 6-1: Using ep0 maxpacket: 16
[  758.214517][ T7331] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  758.236755][ T7331] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  758.246656][ T7331] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  758.265379][ T7331] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  758.275700][ T7331] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  758.301864][ T7331] usb 6-1: config 0 descriptor??
[  759.457125][ T5867] usb 7-1: USB disconnect, device number 12
[  759.886684][ T7331] microsoft 0003:045E:07DA.000A: ignoring exceeding usage max
[  759.928578][ T7331] microsoft 0003:045E:07DA.000A: unknown main item tag 0x1
[  759.960115][ T7331] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.000A/input/input20
[  760.041864][ T7331] microsoft 0003:045E:07DA.000A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  760.129913][T12775] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  760.408621][T14577] tmpfs: Bad value for 'size'
[  760.475002][T14579] Invalid ELF header type: 3 != 1
[  760.482785][T14579] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14579 comm=syz.1.2463
[  761.210757][T14581] IPv6: syztnl0: Disabled Multicast RS
[  761.240423][T12775] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  761.256053][T12775] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.288637][T12775] usb 3-1: config 0 descriptor??
[  761.306071][T12775] cp210x 3-1:0.0: cp210x converter detected
[  761.421599][   T29] audit: type=1400 audit(1739702422.959:887): avc:  denied  { search } for  pid=14589 comm="syz.0.2469" name="/" dev="configfs" ino=145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  761.464804][   T29] audit: type=1400 audit(1739702422.959:888): avc:  denied  { read } for  pid=14588 comm="syz.5.2468" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  761.552323][   T29] audit: type=1400 audit(1739702422.959:889): avc:  denied  { open } for  pid=14588 comm="syz.5.2468" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  761.577517][   T29] audit: type=1400 audit(1739702422.979:890): avc:  denied  { ioctl } for  pid=14588 comm="syz.5.2468" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x5820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  761.799549][T12775] usb 3-1: cp210x converter now attached to ttyUSB0
[  761.966102][ T5867] usb 3-1: USB disconnect, device number 64
[  762.093211][ T5867] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  762.368719][  T117] usb 6-1: USB disconnect, device number 26
[  762.421662][ T5867] cp210x 3-1:0.0: device disconnected
[  762.608812][T14615] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1547 sclass=netlink_route_socket pid=14615 comm=syz.1.2476
[  762.802978][T14626] lo: entered allmulticast mode
[  762.820205][ T5908] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  762.884918][   T29] audit: type=1400 audit(1739702424.419:891): avc:  denied  { module_load } for  pid=14630 comm="syz.0.2483" path="/newroot/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=system permissive=1
[  762.885501][T14631] kernel read not supported for file /policy (pid: 14631 comm: syz.0.2483)
[  762.999870][ T5908] usb 7-1: Using ep0 maxpacket: 32
[  763.011149][ T5908] usb 7-1: config 0 has an invalid interface number: 184 but max is 0
[  763.027024][ T5908] usb 7-1: config 0 has no interface number 0
[  763.040943][ T5908] usb 7-1: config 0 interface 184 has no altsetting 0
[  763.057080][ T5908] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  763.074239][ T5908] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  763.096326][ T5908] usb 7-1: Product: syz
[  763.103884][ T5908] usb 7-1: Manufacturer: syz
[  763.110800][ T5908] usb 7-1: SerialNumber: syz
[  763.117309][ T5908] usb 7-1: config 0 descriptor??
[  763.124314][ T5908] smsc75xx v1.0.0
[  763.128096][ T5908] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  763.139220][ T5908] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -22
[  763.159079][T14644] overlayfs: overlapping lowerdir path
[  763.592916][  T117] usb 7-1: USB disconnect, device number 13
[  763.686163][   T29] audit: type=1800 audit(1739702425.219:892): pid=14632 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.2482" name="/" dev="fuse" ino=0 res=0 errno=0
[  764.897372][T14672] overlayfs: overlapping lowerdir path
[  764.968320][   T29] audit: type=1326 audit(1739702426.499:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14673 comm="syz.6.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  765.036328][T14678] overlayfs: overlapping lowerdir path
[  765.047664][   T29] audit: type=1326 audit(1739702426.499:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14673 comm="syz.6.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  765.082236][   T29] audit: type=1326 audit(1739702426.499:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14673 comm="syz.6.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  765.117687][   T29] audit: type=1326 audit(1739702426.499:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14673 comm="syz.6.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  766.199212][   T29] audit: type=1326 audit(1739702426.499:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14673 comm="syz.6.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  766.223338][   T29] audit: type=1326 audit(1739702426.529:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14673 comm="syz.6.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  766.247003][   T29] audit: type=1326 audit(1739702426.529:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14673 comm="syz.6.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  766.350874][   T29] audit: type=1326 audit(1739702426.529:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14673 comm="syz.6.2501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16dfb8cde9 code=0x7ffc0000
[  766.778112][T14708] overlayfs: overlapping lowerdir path
[  766.959586][T14711] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING
[  770.351400][T14772] SELinux: syz.2.2537 (14772) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  770.380783][  T117] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  770.455010][T14771] sch_tbf: burst 7 is lower than device lo mtu (81) !
[  770.724384][  T117] usb 7-1: Using ep0 maxpacket: 16
[  772.293159][T14786] kvm: kvm [14783]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  772.305839][T14786] kvm: kvm [14783]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  772.316584][T14786] kvm: kvm [14783]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000
[  773.077253][T14801] netlink: 'syz.2.2547': attribute type 4 has an invalid length.
[  773.413248][  T117] usb 7-1: unable to get BOS descriptor or descriptor too short
[  773.425861][T14803] pim6reg1: entered allmulticast mode
[  773.439855][  T117] usb 7-1: unable to read config index 0 descriptor/start: -71
[  773.492790][  T117] usb 7-1: can't read configurations, error -71
[  773.508709][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  773.508722][   T29] audit: type=1400 audit(1739702435.039:906): avc:  denied  { create } for  pid=14808 comm="syz.6.2550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  773.573845][   T29] audit: type=1400 audit(1739702435.079:907): avc:  denied  { write } for  pid=14808 comm="syz.6.2550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  775.435466][T14831] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2558'.
[  775.479830][ T5826] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  775.649853][ T5826] usb 6-1: Using ep0 maxpacket: 16
[  775.656472][ T5826] usb 6-1: config 1 interface 0 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  775.697770][ T5826] usb 6-1: config 1 interface 0 has no altsetting 0
[  775.719718][ T5826] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  775.796022][ T5826] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  776.949793][ T5826] usb 6-1: SerialNumber: syz
[  778.110934][ T5826] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[  778.134610][ T5826] usb 6-1: USB disconnect, device number 27
[  778.143372][T14855] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2568'.
[  778.199818][T14855] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2568'.
[  781.078486][   T29] audit: type=1326 audit(1739702442.609:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14888 comm="syz.5.2581" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x0
[  781.279886][  T117] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  781.457481][  T117] usb 3-1: unable to get BOS descriptor or descriptor too short
[  781.472611][  T117] usb 3-1: config 8 has an invalid interface number: 22 but max is 0
[  781.486202][  T117] usb 3-1: config 8 has no interface number 0
[  782.038018][  T117] usb 3-1: config 8 interface 22 has no altsetting 0
[  782.048682][  T117] usb 3-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=c9.a7
[  782.067575][  T117] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  782.075662][  T117] usb 3-1: Product: syz
[  782.080769][  T117] usb 3-1: Manufacturer: syz
[  782.085776][  T117] usb 3-1: SerialNumber: syz
[  782.312087][  T117] usb 3-1: Found UVC 0.00 device syz (1bcf:0b40)
[  782.318454][  T117] usb 3-1: Forcing UVC version to 1.0a
[  782.344258][  T117] usb 3-1: No valid video chain found.
[  782.364535][  T117] usb 3-1: USB disconnect, device number 65
[  784.256341][T14935] kernel read not supported for file /policy (pid: 14935 comm: syz.2.2595)
[  784.553517][T14940] No such timeout policy "syz0"
[  785.480488][   T11] af_packet: tpacket_rcv: packet too big, clamped from 66 to 4294967286. macoff=82
[  785.817565][   T29] audit: type=1400 audit(1739702447.349:909): avc:  denied  { write } for  pid=14944 comm="syz.0.2598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  786.705161][T14959] futex_wake_op: syz.1.2603 tries to shift op by -1; fix this program
[  787.980776][T12775] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  788.027098][T14978] kernel read not supported for file /policy (pid: 14978 comm: syz.1.2610)
[  788.290841][T12775] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  788.305951][T12775] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.060810][T12775] usb 7-1: config 0 descriptor??
[  789.067324][T12775] cp210x 7-1:0.0: cp210x converter detected
[  790.895721][T12775] cp210x 7-1:0.0: failed to get vendor val 0x370c size 73: -71
[  790.945304][T12775] cp210x 7-1:0.0: GPIO initialisation failed: -71
[  791.101495][T12775] usb 7-1: cp210x converter now attached to ttyUSB0
[  791.724210][T12775] usb 7-1: USB disconnect, device number 16
[  791.743866][T12775] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  791.763291][T12775] cp210x 7-1:0.0: device disconnected
[  792.980177][ T5908] usb 7-1: new low-speed USB device number 17 using dummy_hcd
[  793.194897][ T5908] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  793.249913][   T29] audit: type=1400 audit(1739702454.779:910): avc:  denied  { execute } for  pid=15015 comm="syz.5.2623" path="/311/file0/bus" dev="ramfs" ino=49420 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  793.490014][ T5908] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32, setting to 8
[  793.573563][ T5908] usb 7-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice= 0.00
[  793.606738][ T5908] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.616542][ T5908] usb 7-1: config 0 descriptor??
[  793.630660][T15008] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  793.642264][ T5908] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input21
[  794.879911][T12775] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  795.059926][T12775] usb 6-1: Using ep0 maxpacket: 32
[  795.826028][T11579] usb 7-1: USB disconnect, device number 17
[  796.543163][T15058] netlink: 6 bytes leftover after parsing attributes in process `syz.6.2637'.
[  796.570200][T15058] bridge_slave_0: default FDB implementation only supports local addresses
[  796.592667][T15058] netlink: 6 bytes leftover after parsing attributes in process `syz.6.2637'.
[  796.602182][T15058] bridge_slave_0: default FDB implementation only supports local addresses
[  796.732161][T12775] usb 6-1: unable to get BOS descriptor or descriptor too short
[  796.740745][T12775] usb 6-1: unable to read config index 0 descriptor/start: -71
[  796.748356][T12775] usb 6-1: can't read configurations, error -71
[  796.862937][  T117] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  797.725509][  T117] usb 7-1: Using ep0 maxpacket: 8
[  797.853346][  T117] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  797.874916][  T117] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  797.894780][  T117] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  797.914678][  T117] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  797.936082][  T117] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  797.956371][  T117] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  797.979782][  T117] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  797.989269][  T117] usb 7-1: config 0 descriptor??
[  798.000513][T15058] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  798.168969][   T29] audit: type=1326 audit(1739702459.699:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15087 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8439b8cde9 code=0x7ffc0000
[  798.199795][   T29] audit: type=1326 audit(1739702459.699:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15087 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8439b8cde9 code=0x7ffc0000
[  798.230073][   T29] audit: type=1326 audit(1739702459.699:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15087 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7f8439b8cde9 code=0x7ffc0000
[  798.277589][   T29] audit: type=1326 audit(1739702459.699:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15087 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8439b8cde9 code=0x7ffc0000
[  798.306698][   T29] audit: type=1326 audit(1739702459.699:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15087 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f8439b8cde9 code=0x7ffc0000
[  798.335484][   T29] audit: type=1326 audit(1739702459.699:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15087 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8439b8cde9 code=0x7ffc0000
[  798.340776][T12775] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  798.365648][   T29] audit: type=1326 audit(1739702459.699:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15087 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8439b8cde9 code=0x7ffc0000
[  798.390101][   T29] audit: type=1326 audit(1739702459.699:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15087 comm="syz.2.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8439b8cde9 code=0x7ffc0000
[  798.502167][ T7331] usb 7-1: USB disconnect, device number 18
[  798.503329][ T5834] Bluetooth: hci6: Opcode 0x0c03 failed: -19
[  798.527301][T12775] usb 6-1: Using ep0 maxpacket: 16
[  798.535979][T12775] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  798.544812][T12775] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  798.555692][T12775] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  798.566007][T12775] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  798.575675][T12775] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.583733][T12775] usb 6-1: Product: syz
[  798.587880][T12775] usb 6-1: Manufacturer: syz
[  798.592645][ T5908] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  798.600269][T12775] usb 6-1: SerialNumber: syz
[  798.761674][ T5908] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  798.770944][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.783102][ T5908] usb 3-1: config 0 descriptor??
[  798.790831][ T5908] cp210x 3-1:0.0: cp210x converter detected
[  799.009389][T12775] usb 6-1: 0:2 : does not exist
[  799.030607][T12775] usb 6-1: USB disconnect, device number 29
[  799.194375][ T5908] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  799.204337][ T5908] usb 3-1: cp210x converter now attached to ttyUSB0
[  799.437271][  T117] usb 3-1: USB disconnect, device number 66
[  799.447434][  T117] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  799.511948][  T117] cp210x 3-1:0.0: device disconnected
[  802.022494][T15161] netlink: 'syz.1.2677': attribute type 3 has an invalid length.
[  804.214030][T15182] hub 6-0:1.0: USB hub found
[  804.218820][T15182] hub 6-0:1.0: 1 port detected
[  804.362349][T15192] kernel read not supported for file /policy (pid: 15192 comm: syz.6.2679)
[  804.902827][  T117] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  805.299238][  T117] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  805.430085][  T117] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  805.438305][  T117] usb 6-1: Product: syz
[  805.443238][  T117] usb 6-1: Manufacturer: syz
[  805.447845][  T117] usb 6-1: SerialNumber: syz
[  805.455520][  T117] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  805.476608][ T5867] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  805.630046][ T5908] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  805.631188][T15214] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  805.843213][ T5908] usb 3-1: config 0 has an invalid interface number: 217 but max is 0
[  805.891169][ T5908] usb 3-1: config 0 has no interface number 0
[  805.905191][ T5908] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  805.966192][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  805.999843][ T5908] usb 3-1: Product: syz
[  806.007078][ T5908] usb 3-1: Manufacturer: syz
[  806.026417][ T5908] usb 3-1: SerialNumber: syz
[  806.033918][ T5908] usb 3-1: config 0 descriptor??
[  806.072570][ T5908] hub 3-1:0.217: bad descriptor, ignoring hub
[  806.078732][ T5908] hub 3-1:0.217: probe with driver hub failed with error -5
[  806.225800][T11579] usb 6-1: USB disconnect, device number 30
[  807.120363][ T5867] usb 6-1: Service connection timeout for: 256
[  807.126577][ T5867] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[  807.135124][ T5867] ath9k_htc: Failed to initialize the device
[  807.469786][T11579] usb 6-1: ath9k_htc: USB layer deinitialized
[  807.479877][ T5908] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  807.498017][ T5908] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  807.506259][ T5908] dib0700: firmware download failed at 7 with -22
[  807.536930][ T5908] usb 3-1: USB disconnect, device number 67
[  808.801644][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  809.290349][T15241] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2704'.
[  809.388802][T15241] lo speed is unknown, defaulting to 1000
[  809.815959][T15243] netdevsim netdevsim1 netdevsim0: set [1, 2] type 2 family 0 port 44261 - 0
[  809.824984][T15243] netdevsim netdevsim1 netdevsim1: set [1, 2] type 2 family 0 port 44261 - 0
[  809.834157][T15243] netdevsim netdevsim1 netdevsim2: set [1, 2] type 2 family 0 port 44261 - 0
[  809.843276][T15243] netdevsim netdevsim1 netdevsim3: set [1, 2] type 2 family 0 port 44261 - 0
[  809.852845][T15243] geneve3: entered promiscuous mode
[  812.421715][T15267] netlink: 'syz.2.2711': attribute type 7 has an invalid length.
[  812.635292][ T5908] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  812.866076][ T5908] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  812.958856][ T5908] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  812.988433][ T5908] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  813.020039][ T5908] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  813.045597][ T5908] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.123475][ T5908] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  813.130937][ T5908] usb 7-1: invalid MIDI out EP 0
[  813.149644][ T5908] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22
[  813.235908][T15275] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.2714'.
[  813.246100][T15275] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.2714'.
[  813.369969][ T5867] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  813.820778][  T117] usb 7-1: USB disconnect, device number 19
[  813.839859][ T5867] usb 3-1: Using ep0 maxpacket: 32
[  813.846762][ T5867] usb 3-1: unable to get BOS descriptor or descriptor too short
[  813.865492][ T5867] usb 3-1: config 6 has an invalid interface number: 3 but max is 2
[  813.877161][ T5867] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  813.893233][ T5867] usb 3-1: config 6 has 2 interfaces, different from the descriptor's value: 3
[  813.916053][ T5867] usb 3-1: config 6 has no interface number 0
[  813.989805][ T5867] usb 3-1: config 6 has no interface number 1
[  813.998929][ T5867] usb 3-1: config 6 interface 2 has no altsetting 0
[  814.008885][ T5867] usb 3-1: New USB device found, idVendor=1410, idProduct=a001, bcdDevice=ec.5b
[  814.019696][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  814.032967][ T5867] usb 3-1: Product: syz
[  814.037839][ T5867] usb 3-1: Manufacturer: syz
[  814.044367][ T5867] usb 3-1: SerialNumber: syz
[  815.194744][ T5867] usb 3-1: unknown number of interfaces: 2
[  815.219966][ T5867] usb 3-1: USB disconnect, device number 68
[  816.200131][T15300] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2721'.
[  816.219913][T15300] lo speed is unknown, defaulting to 1000
[  817.538465][T15314] hub 6-0:1.0: USB hub found
[  817.544059][T15314] hub 6-0:1.0: 1 port detected
[  818.224944][T15319] netlink: 4280 bytes leftover after parsing attributes in process `syz.5.2726'.
[  818.235219][T15319] netlink: 4280 bytes leftover after parsing attributes in process `syz.5.2726'.
[  818.550216][T15316] hub 6-0:1.0: USB hub found
[  818.554976][T15316] hub 6-0:1.0: 1 port detected
[  818.964099][T15325] kernel read not supported for file /policy (pid: 15325 comm: syz.0.2728)
[  819.539652][T15333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2731'.
[  820.432481][T15348] overlay: Unknown parameter '/'
[  820.850305][T15358] hub 6-0:1.0: USB hub found
[  820.861974][T15358] hub 6-0:1.0: 1 port detected
[  821.103677][T15365] overlay: ./file0 is not a directory
[  824.049844][  T117] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  824.489812][  T117] usb 7-1: Using ep0 maxpacket: 16
[  824.496735][  T117] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[  824.505280][  T117] usb 7-1: config 0 has no interface number 0
[  824.514446][  T117] usb 7-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  824.524930][  T117] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  824.533436][  T117] usb 7-1: Product: syz
[  824.537661][  T117] usb 7-1: Manufacturer: syz
[  824.550970][  T117] usb 7-1: SerialNumber: syz
[  824.813706][  T117] usb 7-1: config 0 descriptor??
[  824.819504][  T117] hub 7-1:0.132: bad descriptor, ignoring hub
[  824.825666][  T117] hub 7-1:0.132: probe with driver hub failed with error -5
[  824.835203][  T117] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.132/input/input22
[  824.874893][T15398] hub 6-0:1.0: USB hub found
[  824.879571][T15398] hub 6-0:1.0: 1 port detected
[  826.000857][   T29] audit: type=1326 audit(1739702486.909:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.078593][   T29] audit: type=1326 audit(1739702486.909:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.146006][   T29] audit: type=1326 audit(1739702486.919:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.185414][   T29] audit: type=1326 audit(1739702486.919:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.291155][   T29] audit: type=1326 audit(1739702486.919:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.322854][   T29] audit: type=1326 audit(1739702486.929:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.394609][   T29] audit: type=1326 audit(1739702486.929:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.428388][   T29] audit: type=1326 audit(1739702486.929:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.700979][ T5867] usb 7-1: USB disconnect, device number 20
[  826.857876][   T29] audit: type=1326 audit(1739702487.049:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.886528][   T29] audit: type=1326 audit(1739702487.049:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15409 comm="syz.5.2752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  826.921937][T15425] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2755'.
[  827.539301][T15442] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  829.696112][ T5834] Bluetooth: hci0: command tx timeout
[  834.544802][T15483] random: crng reseeded on system resumption
[  835.179952][ T5867] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  835.445931][ T5867] usb 7-1: config 0 has an invalid interface number: 217 but max is 0
[  835.519824][ T5867] usb 7-1: config 0 has no interface number 0
[  835.638918][ T5867] usb 7-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  835.648176][ T5867] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.658482][ T5867] usb 7-1: Product: syz
[  835.665296][ T5867] usb 7-1: Manufacturer: syz
[  835.670577][ T5867] usb 7-1: SerialNumber: syz
[  835.671135][T15492] hub 6-0:1.0: USB hub found
[  835.680501][T15492] hub 6-0:1.0: 1 port detected
[  835.941822][ T5867] usb 7-1: config 0 descriptor??
[  836.086408][ T5867] hub 7-1:0.217: bad descriptor, ignoring hub
[  836.092676][ T5867] hub 7-1:0.217: probe with driver hub failed with error -5
[  837.290613][ T5867] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  837.324038][ T5867] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  837.342894][ T5867] dib0700: firmware download failed at 7 with -22
[  838.045890][ T5867] usb 7-1: USB disconnect, device number 21
[  843.284271][   T29] kauditd_printk_skb: 24 callbacks suppressed
[  843.284286][   T29] audit: type=1400 audit(1739702504.819:953): avc:  denied  { ioctl } for  pid=15535 comm="syz.0.2779" path="socket:[50712]" dev="sockfs" ino=50712 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  843.619168][T15551] hub 6-0:1.0: USB hub found
[  843.624796][T15551] hub 6-0:1.0: 1 port detected
[  843.650837][T15552] random: crng reseeded on system resumption
[  851.307939][T15632] random: crng reseeded on system resumption
[  857.241594][T15670] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2820'.
[  861.562346][T15713] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2833'.
[  865.298554][T15755] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.2840'.
[  866.371430][T15750] hub 6-0:1.0: USB hub found
[  866.376216][T15750] hub 6-0:1.0: 1 port detected
[  868.577090][T15770] IPv6: syztnl0: Disabled Multicast RS
[  869.873120][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  870.560347][ T7331] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  871.133457][ T7331] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  871.205400][ T7331] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  871.469512][ T7331] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  871.539868][ T7331] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  871.585688][T15793] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  871.604948][ T7331] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  872.538092][ T7331] usb 6-1: USB disconnect, device number 31
[  873.449455][T15823] IPv6: syztnl0: Disabled Multicast RS
[  874.186211][T15833] lo speed is unknown, defaulting to 1000
[  878.522884][T15873] netlink: 4768 bytes leftover after parsing attributes in process `syz.5.2872'.
[  881.000153][ T7331] usb 3-1: new full-speed USB device number 69 using dummy_hcd
[  881.204815][   T29] audit: type=1400 audit(1739702542.739:954): avc:  denied  { read } for  pid=15879 comm="syz.0.2875" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  881.261699][ T7331] usb 3-1: device descriptor read/64, error -71
[  881.702262][T15900] netlink: 'syz.5.2881': attribute type 7 has an invalid length.
[  881.723863][ T7331] usb 3-1: new full-speed USB device number 70 using dummy_hcd
[  881.881104][ T7331] usb 3-1: device descriptor read/64, error -71
[  882.001182][ T7331] usb usb3-port1: attempt power cycle
[  882.244116][T15906] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2883'.
[  882.448225][ T7331] usb 3-1: new full-speed USB device number 71 using dummy_hcd
[  882.480208][ T7331] usb 3-1: device descriptor read/8, error -71
[  882.729832][ T7331] usb 3-1: new full-speed USB device number 72 using dummy_hcd
[  882.828341][T15916] netlink: 4768 bytes leftover after parsing attributes in process `syz.5.2885'.
[  883.303800][ T7331] usb 3-1: device descriptor read/8, error -71
[  883.431801][ T7331] usb usb3-port1: unable to enumerate USB device
[  883.729608][   T29] audit: type=1400 audit(1739702545.259:955): avc:  denied  { read } for  pid=15915 comm="syz.2.2886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  884.025877][T15929] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  885.070176][ T7331] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  885.291676][ T7331] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  885.397164][T15943] hub 6-0:1.0: USB hub found
[  885.401948][T15943] hub 6-0:1.0: 1 port detected
[  885.428392][ T7331] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  885.494865][T15947] syz.1.2894: attempt to access beyond end of device
[  885.494865][T15947] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0
[  886.054379][ T7331] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  886.081294][ T7331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  886.091784][T15932] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  886.101415][ T7331] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  886.912932][ T7331] usb 3-1: USB disconnect, device number 73
[  887.939570][T15968] hub 6-0:1.0: USB hub found
[  887.944405][T15968] hub 6-0:1.0: 1 port detected
[  888.314296][T15981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2903'.
[  888.323223][T15981] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2903'.
[  889.246338][T15994] pimreg: entered allmulticast mode
[  889.259327][T15993] pimreg: left allmulticast mode
[  889.472236][T15991] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=45547520 (91095040 ns) > initial count (19529728 ns). Using initial count to start timer.
[  890.261763][ T7331] usb 6-1: new full-speed USB device number 32 using dummy_hcd
[  890.441017][ T7331] usb 6-1: config 7 has an invalid interface number: 101 but max is 0
[  890.449208][ T7331] usb 6-1: config 7 has no interface number 0
[  890.492613][ T7331] usb 6-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b
[  890.502171][ T7331] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  890.519762][ T7331] usb 6-1: Product: syz
[  890.524418][ T7331] usb 6-1: Manufacturer: syz
[  890.529016][ T7331] usb 6-1: SerialNumber: syz
[  891.041437][ T7331] as10x_usb: device has been detected
[  891.049117][ T7331] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[  891.076562][ T7331] usb 6-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)...
[  891.247503][ T7331] as10x_usb: error during firmware upload part1
[  891.257534][ T7331] Registered device Elgato EyeTV DTT Deluxe
[  891.259297][ T7331] usb 6-1: USB disconnect, device number 32
[  891.279653][ T7331] Unregistered device Elgato EyeTV DTT Deluxe
[  891.283393][ T7331] as10x_usb: device has been disconnected
[  891.968261][T16028] FAULT_INJECTION: forcing a failure.
[  891.968261][T16028] name failslab, interval 1, probability 0, space 0, times 0
[  891.980928][T16028] CPU: 1 UID: 0 PID: 16028 Comm: syz.0.2917 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  891.980947][T16028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  891.980957][T16028] Call Trace:
[  891.980962][T16028]  <TASK>
[  891.980969][T16028]  dump_stack_lvl+0x16c/0x1f0
[  891.980992][T16028]  should_fail_ex+0x50a/0x650
[  891.981016][T16028]  ? fs_reclaim_acquire+0xae/0x150
[  891.981042][T16028]  ? tomoyo_realpath_from_path+0xb9/0x720
[  891.981071][T16028]  should_failslab+0xc2/0x120
[  891.981090][T16028]  __kmalloc_noprof+0xcb/0x510
[  891.981107][T16028]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  891.981135][T16028]  tomoyo_realpath_from_path+0xb9/0x720
[  891.981157][T16028]  ? tomoyo_path_number_perm+0x235/0x590
[  891.981178][T16028]  ? tomoyo_path_number_perm+0x235/0x590
[  891.981201][T16028]  tomoyo_path_number_perm+0x248/0x590
[  891.981219][T16028]  ? tomoyo_path_number_perm+0x235/0x590
[  891.981241][T16028]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  891.981271][T16028]  ? __pfx___schedule+0x10/0x10
[  891.981309][T16028]  ? irqentry_exit+0x3b/0x90
[  891.981325][T16028]  ? lockdep_hardirqs_on+0x7c/0x110
[  891.981350][T16028]  ? security_file_ioctl+0x21c/0x240
[  891.981377][T16028]  security_file_ioctl+0x9b/0x240
[  891.981401][T16028]  __x64_sys_ioctl+0xb7/0x200
[  891.981426][T16028]  do_syscall_64+0xcd/0x250
[  891.981446][T16028]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.981469][T16028] RIP: 0033:0x7f72d678cde9
[  891.981483][T16028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  891.981498][T16028] RSP: 002b:00007f72d45f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  891.981514][T16028] RAX: ffffffffffffffda RBX: 00007f72d69a6160 RCX: 00007f72d678cde9
[  891.981524][T16028] RDX: 0000400000000400 RSI: 0000000000008982 RDI: 000000000000000b
[  891.981534][T16028] RBP: 00007f72d45f6090 R08: 0000000000000000 R09: 0000000000000000
[  891.981543][T16028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  891.981552][T16028] R13: 0000000000000000 R14: 00007f72d69a6160 R15: 00007ffe7ba0b008
[  891.981575][T16028]  </TASK>
[  891.981598][T16028] ERROR: Out of memory at tomoyo_realpath_from_path.
[  892.107745][T16027] netlink: 'syz.0.2917': attribute type 10 has an invalid length.
[  892.210875][T16027] batadv0: mtu greater than device maximum
[  892.216681][T16027] bond0: (slave batadv0): Error -22 calling dev_set_mtu
[  892.231376][ T7331] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  892.421761][   T29] audit: type=1400 audit(1739702553.959:956): avc:  denied  { map } for  pid=16029 comm="syz.5.2918" path="socket:[52010]" dev="sockfs" ino=52010 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  892.451982][   T29] audit: type=1400 audit(1739702553.959:957): avc:  denied  { accept } for  pid=16029 comm="syz.5.2918" path="socket:[52010]" dev="sockfs" ino=52010 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  892.734511][T16036] input: syz0 as /devices/virtual/input/input23
[  893.016281][ T7331] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  893.027305][ T7331] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  893.037146][ T7331] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  893.047233][ T7331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  893.109328][T16024] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  893.144004][ T7331] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  893.987529][T11579] usb 3-1: USB disconnect, device number 74
[  894.329803][ T5867] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  894.480821][ T5867] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  894.491081][ T5867] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  894.507361][ T5867] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.523207][ T5867] usb 7-1: config 0 descriptor??
[  894.536813][ T5867] pwc: Askey VC010 type 2 USB webcam detected.
[  894.731843][T11579] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  894.971283][ T5867] pwc: recv_control_msg error -32 req 02 val 2b00
[  895.019305][ T5867] pwc: recv_control_msg error -32 req 02 val 2700
[  895.073403][ T5867] pwc: recv_control_msg error -32 req 02 val 2c00
[  895.119523][ T5867] pwc: recv_control_msg error -32 req 04 val 1000
[  895.178093][ T5867] pwc: recv_control_msg error -32 req 04 val 1300
[  895.240218][ T5867] pwc: recv_control_msg error -32 req 04 val 1400
[  895.247239][ T5867] pwc: recv_control_msg error -32 req 02 val 2000
[  895.254785][ T5867] pwc: recv_control_msg error -32 req 02 val 2100
[  895.293243][T11579] usb 6-1: device descriptor read/64, error -71
[  895.620689][T11579] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[  895.769883][T11579] usb 6-1: device descriptor read/64, error -71
[  895.890700][T11579] usb usb6-port1: attempt power cycle
[  896.249913][T11579] usb 6-1: new full-speed USB device number 35 using dummy_hcd
[  896.280444][T11579] usb 6-1: device descriptor read/8, error -71
[  896.639940][T11579] usb 6-1: new full-speed USB device number 36 using dummy_hcd
[  896.786344][T11579] usb 6-1: device descriptor read/8, error -71
[  896.935544][T11579] usb usb6-port1: unable to enumerate USB device
[  897.241379][ T5867] pwc: recv_control_msg error -71 req 02 val 2500
[  897.259757][ T5867] pwc: recv_control_msg error -71 req 02 val 2400
[  897.318565][ T5867] pwc: recv_control_msg error -71 req 02 val 2600
[  897.341217][ T5867] pwc: recv_control_msg error -71 req 02 val 2900
[  897.359777][ T5867] pwc: recv_control_msg error -71 req 02 val 2800
[  897.366511][ T5867] pwc: recv_control_msg error -71 req 04 val 1100
[  897.379186][ T5867] pwc: recv_control_msg error -71 req 04 val 1200
[  897.406879][ T5867] pwc: Registered as video103.
[  897.419353][ T5867] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input24
[  897.464887][ T5867] usb 7-1: USB disconnect, device number 22
[  898.632569][T16092] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2934'.
[  901.471904][T16122] netlink: 'syz.6.2943': attribute type 8 has an invalid length.
[  902.879843][ T7331] usb 6-1: new full-speed USB device number 37 using dummy_hcd
[  903.020096][ T7331] usb 6-1: device descriptor read/64, error -71
[  903.469871][ T7331] usb 6-1: new full-speed USB device number 38 using dummy_hcd
[  903.619833][ T7331] usb 6-1: device descriptor read/64, error -71
[  904.331329][T11094] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  904.350376][T11094] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 40630 - 0
[  904.361937][ T7331] usb usb6-port1: attempt power cycle
[  904.370412][T11094] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 44261 - 0
[  904.787973][T11094] bridge0: port 3(netdevsim2) entered disabled state
[  904.820709][T11094] netdevsim netdevsim1 netdevsim2 (unregistering): left allmulticast mode
[  904.838262][T11094] netdevsim netdevsim1 netdevsim2 (unregistering): left promiscuous mode
[  904.848225][T16153] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  904.856464][T11094] bridge0: port 3(netdevsim2) entered disabled state
[  904.864155][T16153] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  904.871808][T16153] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  904.884368][T16153] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  904.891690][T16153] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  904.899652][T16153] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  904.921469][T11094] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  904.939787][T11094] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 40630 - 0
[  904.959091][T11094] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 44261 - 0
[  905.471233][T16151] lo speed is unknown, defaulting to 1000
[  905.816129][ T7331] usb usb6-port1: Cannot enable. Maybe the USB cable is bad?
[  905.844947][T11094] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  905.862577][T11094] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 40630 - 0
[  905.881048][T11094] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 44261 - 0
[  905.959084][T11094] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  905.972819][T11094] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 40630 - 0
[  905.972824][ T7331] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  905.994471][T11094] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 44261 - 0
[  906.000239][ T7331] usb 6-1: device descriptor read/8, error -71
[  906.102230][T16151] chnl_net:caif_netlink_parms(): no params data found
[  906.125191][T11094] bridge_slave_1: left allmulticast mode
[  906.131040][T11094] bridge_slave_1: left promiscuous mode
[  906.137832][T11094] bridge0: port 2(bridge_slave_1) entered disabled state
[  906.146776][ T7331] usb usb6-port1: unable to enumerate USB device
[  906.154223][T11094] bridge_slave_0: left allmulticast mode
[  906.168848][T11094] bridge_slave_0: left promiscuous mode
[  906.188936][T11094] bridge0: port 1(bridge_slave_0) entered disabled state
[  906.991270][ T5834] Bluetooth: hci2: command tx timeout
[  908.352404][T11094] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[  909.069874][ T5834] Bluetooth: hci2: command tx timeout
[  909.282059][T11094] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[  909.310214][T16188] overlayfs: missing 'lowerdir'
[  909.315261][T11094] 
 (unregistering): Released all slaves
[  909.329203][T11094] bond1 (unregistering): Released all slaves
[  909.353936][T11094] bond2 (unregistering): Released all slaves
[  909.598978][T11094] bond3 (unregistering): Released all slaves
[  909.736249][T11094] bond0 (unregistering): Released all slaves
[  909.845898][T11094] bond4 (unregistering): Released all slaves
[  909.862395][T11094] bond5 (unregistering): Released all slaves
[  909.983184][T11094] tipc: Left network mode
[  909.987835][T16151] bridge0: port 1(bridge_slave_0) entered blocking state
[  909.995181][T16151] bridge0: port 1(bridge_slave_0) entered disabled state
[  910.002898][T16151] bridge_slave_0: entered allmulticast mode
[  910.010011][T16151] bridge_slave_0: entered promiscuous mode
[  910.017483][T16151] bridge0: port 2(bridge_slave_1) entered blocking state
[  910.025030][T16151] bridge0: port 2(bridge_slave_1) entered disabled state
[  910.032596][T16151] bridge_slave_1: entered allmulticast mode
[  910.039389][T16151] bridge_slave_1: entered promiscuous mode
[  910.099875][ T7331] usb 3-1: new full-speed USB device number 75 using dummy_hcd
[  910.116110][T16151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  910.154457][T16151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  910.196861][T16151] team0: Port device team_slave_0 added
[  910.219456][T16151] team0: Port device team_slave_1 added
[  910.225524][T13060] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  910.250753][ T7331] usb 3-1: device descriptor read/64, error -71
[  910.261984][T11094] hsr_slave_0: left promiscuous mode
[  910.279150][T11094] hsr_slave_1: left promiscuous mode
[  910.292871][T11094] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  910.310341][T11094] batman_adv: batadv0: Removing interface: batadv_slave_0
[  910.349157][T11094] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  910.369946][T11094] batman_adv: batadv0: Removing interface: batadv_slave_1
[  910.400413][T13060] usb 7-1: Using ep0 maxpacket: 32
[  910.407029][T13060] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  910.419223][T13060] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  910.432583][T13060] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  910.468415][T13060] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  910.494215][T11094] veth1_macvtap: left promiscuous mode
[  910.502245][T13060] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  910.512472][T11094] veth0_macvtap: left promiscuous mode
[  910.518080][T11094] veth1_vlan: left promiscuous mode
[  910.519832][ T7331] usb 3-1: new full-speed USB device number 76 using dummy_hcd
[  910.529510][T13060] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  910.549537][T11094] veth0_vlan: left promiscuous mode
[  910.555344][T13060] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  910.565562][T13060] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  910.575635][T13060] usb 7-1: config 0 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  910.634567][T13060] usb 7-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01
[  910.709891][T13060] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.720062][ T7331] usb 3-1: device descriptor read/64, error -71
[  910.739245][T13060] usb 7-1: Product: syz
[  910.767384][T13060] usb 7-1: Manufacturer: syz
[  910.790004][T13060] usb 7-1: SerialNumber: syz
[  910.800634][T13060] usb 7-1: config 0 descriptor??
[  910.806264][T16216] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  910.840865][ T7331] usb usb3-port1: attempt power cycle
[  911.107084][T16216] nbd: nbd6 already in use
[  911.219834][ T5834] Bluetooth: hci2: command tx timeout
[  911.310435][ T7331] usb 3-1: new full-speed USB device number 77 using dummy_hcd
[  911.839775][ T7331] usb 3-1: device descriptor read/8, error -71
[  911.958881][T13060] cxacru 7-1:0.0: submit of read urb for cm 0x90 failed (-8)
[  911.987016][T13060] cxacru 7-1:0.0: usbatm_usb_probe: invalid endpoint 02!
[  911.994362][T13060] cxacru 7-1:0.0: probe with driver cxacru failed with error -22
[  912.013878][T13060] usb 7-1: USB disconnect, device number 23
[  913.109258][ T7331] usb 3-1: new full-speed USB device number 78 using dummy_hcd
[  913.363525][ T7331] usb 3-1: device descriptor read/8, error -71
[  913.647619][ T5834] Bluetooth: hci2: command tx timeout
[  913.803207][ T7331] usb usb3-port1: unable to enumerate USB device
[  914.082734][T16250] FAULT_INJECTION: forcing a failure.
[  914.082734][T16250] name failslab, interval 1, probability 0, space 0, times 0
[  914.095641][T16250] CPU: 1 UID: 0 PID: 16250 Comm: syz.5.2969 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  914.095661][T16250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  914.095671][T16250] Call Trace:
[  914.095677][T16250]  <TASK>
[  914.095683][T16250]  dump_stack_lvl+0x16c/0x1f0
[  914.095706][T16250]  should_fail_ex+0x50a/0x650
[  914.095730][T16250]  ? fs_reclaim_acquire+0xae/0x150
[  914.095757][T16250]  should_failslab+0xc2/0x120
[  914.095775][T16250]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  914.095793][T16250]  ? security_file_alloc+0x34/0x2b0
[  914.095821][T16250]  security_file_alloc+0x34/0x2b0
[  914.095844][T16250]  init_file+0x93/0x4c0
[  914.095865][T16250]  alloc_empty_file+0x91/0x1e0
[  914.095886][T16250]  alloc_file_pseudo+0x13b/0x230
[  914.095908][T16250]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  914.095936][T16250]  dma_buf_export+0x3a9/0xb30
[  914.095965][T16250]  vb2_vmalloc_get_dmabuf+0x106/0x220
[  914.095987][T16250]  ? __pfx_vb2_vmalloc_get_dmabuf+0x10/0x10
[  914.096019][T16250]  ? __pfx___mutex_lock+0x10/0x10
[  914.096037][T16250]  ? __pfx___lock_acquire+0x10/0x10
[  914.096066][T16250]  vb2_core_expbuf+0x26e/0x6c0
[  914.096083][T16250]  ? __pfx_vb2_vmalloc_get_dmabuf+0x10/0x10
[  914.096107][T16250]  vb2_expbuf+0x21c/0x300
[  914.096129][T16250]  __video_do_ioctl+0xaf0/0xf00
[  914.096159][T16250]  ? __pfx___video_do_ioctl+0x10/0x10
[  914.096182][T16250]  ? __might_fault+0xe3/0x190
[  914.096211][T16250]  video_usercopy+0x4d2/0x1620
[  914.096229][T16250]  ? __pfx___video_do_ioctl+0x10/0x10
[  914.096254][T16250]  ? __pfx_video_usercopy+0x10/0x10
[  914.096288][T16250]  v4l2_ioctl+0x1ba/0x250
[  914.096312][T16250]  ? __pfx_v4l2_ioctl+0x10/0x10
[  914.096338][T16250]  __x64_sys_ioctl+0x190/0x200
[  914.096362][T16250]  do_syscall_64+0xcd/0x250
[  914.096383][T16250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  914.096406][T16250] RIP: 0033:0x7f3b1318cde9
[  914.096419][T16250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  914.096435][T16250] RSP: 002b:00007f3b13fb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  914.096451][T16250] RAX: ffffffffffffffda RBX: 00007f3b133a6160 RCX: 00007f3b1318cde9
[  914.096461][T16250] RDX: 0000400000000080 RSI: 00000000c0405610 RDI: 0000000000000007
[  914.096471][T16250] RBP: 00007f3b13fb8090 R08: 0000000000000000 R09: 0000000000000000
[  914.096480][T16250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  914.096489][T16250] R13: 0000000000000000 R14: 00007f3b133a6160 R15: 00007ffff53218f8
[  914.096512][T16250]  </TASK>
[  917.123841][  T117] lo speed is unknown, defaulting to 1000
[  917.135412][  T117] infiniband syz2: ib_query_port failed (-19)
[  917.168030][T16151] batman_adv: batadv0: Adding interface: batadv_slave_0
[  917.182546][T16151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  917.214830][T16151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  917.227856][T16151] batman_adv: batadv0: Adding interface: batadv_slave_1
[  917.273238][T16151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  917.324712][T16151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  917.519663][T16151] hsr_slave_0: entered promiscuous mode
[  917.526364][T16151] hsr_slave_1: entered promiscuous mode
[  917.643645][T16151] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  917.644589][T16287] netlink: 'syz.6.2979': attribute type 9 has an invalid length.
[  917.653485][T16151] Cannot create hsr debugfs directory
[  918.270632][T16287] netlink: 201384 bytes leftover after parsing attributes in process `syz.6.2979'.
[  918.302262][T16287] openvswitch: netlink: Message has 6 unknown bytes.
[  918.379797][  T117] usb 3-1: new full-speed USB device number 79 using dummy_hcd
[  918.749820][  T117] usb 3-1: device descriptor read/64, error -71
[  919.195146][  T117] usb 3-1: new full-speed USB device number 80 using dummy_hcd
[  919.229628][T11094] IPVS: stop unused estimator thread 0...
[  919.344852][  T117] usb 3-1: device descriptor read/64, error -71
[  919.406363][T16304] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2983'.
[  919.467671][  T117] usb usb3-port1: attempt power cycle
[  919.474738][T16305] netlink: 'syz.5.2983': attribute type 2 has an invalid length.
[  919.505790][T16304] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2983'.
[  919.577762][T16304] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2983'.
[  919.947471][T16309] netlink: 4280 bytes leftover after parsing attributes in process `syz.6.2984'.
[  919.957183][T16309] netlink: 4280 bytes leftover after parsing attributes in process `syz.6.2984'.
[  919.967265][  T117] usb 3-1: new full-speed USB device number 81 using dummy_hcd
[  920.217572][  T117] usb 3-1: device descriptor read/8, error -71
[  920.307546][T16151] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  920.342845][T16151] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  920.364331][T16151] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  920.374254][T16310] vxcan1: tx address claim with dlc 1
[  920.419218][T16151] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  920.528102][  T117] usb 3-1: new full-speed USB device number 82 using dummy_hcd
[  920.572181][  T117] usb 3-1: device descriptor read/8, error -71
[  920.669577][T16317] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2987'.
[  920.682347][  T117] usb usb3-port1: unable to enumerate USB device
[  920.696087][T16151] 8021q: adding VLAN 0 to HW filter on device bond0
[  920.743444][T16151] 8021q: adding VLAN 0 to HW filter on device team0
[  920.767883][T13117] bridge0: port 1(bridge_slave_0) entered blocking state
[  920.774976][T13117] bridge0: port 1(bridge_slave_0) entered forwarding state
[  920.863988][T13117] bridge0: port 2(bridge_slave_1) entered blocking state
[  920.872445][T13117] bridge0: port 2(bridge_slave_1) entered forwarding state
[  921.148147][T16151] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  921.158872][T16151] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  921.543945][T16151] 8021q: adding VLAN 0 to HW filter on device batadv0
[  921.707787][T16151] veth0_vlan: entered promiscuous mode
[  921.717194][T16151] veth1_vlan: entered promiscuous mode
[  921.767685][T16151] veth0_macvtap: entered promiscuous mode
[  921.794215][T16151] veth1_macvtap: entered promiscuous mode
[  921.858873][T16151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  921.927693][T16151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  921.939613][T16151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  921.953712][T16151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  921.964018][T16151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  922.534335][T16151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  922.562625][T16151] batman_adv: batadv0: Interface activated: batadv_slave_0
[  922.602542][T16151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  922.656577][T16151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  922.673599][T16151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  922.689312][T16151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  922.702143][T16151] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  922.714750][T16151] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  922.734799][T16151] batman_adv: batadv0: Interface activated: batadv_slave_1
[  922.749416][T16151] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  923.195273][T16352] netlink: 4280 bytes leftover after parsing attributes in process `syz.6.2994'.
[  923.205224][T16352] netlink: 4280 bytes leftover after parsing attributes in process `syz.6.2994'.
[  923.436188][T16151] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  923.445461][T16151] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  923.463738][T16151] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  924.397241][T11094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  924.439034][T11094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  924.482143][ T9315] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  924.495526][ T9315] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  925.573656][ T5908] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  925.749980][ T5908] usb 3-1: Using ep0 maxpacket: 32
[  926.214607][ T5908] usb 3-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  926.234006][ T5908] usb 3-1: config 0 interface 0 has no altsetting 0
[  926.240906][ T5908] usb 3-1: New USB device found, idVendor=05ac, idProduct=0215, bcdDevice= 0.00
[  926.250247][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  926.274969][ T5908] usb 3-1: config 0 descriptor??
[  926.801847][T16386] md2: using deprecated bitmap file support
[  926.808600][T16386] md2: error: bitmap file must be a regular file
[  927.066618][ T5908] usbhid 3-1:0.0: can't add hid device: -71
[  927.092979][ T5908] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  927.110376][ T5908] usb 3-1: USB disconnect, device number 83
[  927.473888][T16412] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3009'.
[  927.827263][T16412] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  927.834006][T16412] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  927.854151][T16412] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  928.380039][T16153] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  928.397983][T16153] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  928.407028][T16153] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  928.419677][T16153] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  928.428373][T16153] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  928.430209][T16430] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3015'.
[  928.444778][T16153] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  929.142226][T16433] Invalid ELF header type: 0 != 1
[  929.629874][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout
[  929.762431][ T3015] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.799879][ T3015] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 60498 - 0
[  930.193160][T16449] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3020'.
[  930.520765][ T5834] Bluetooth: hci4: command tx timeout
[  930.702959][ T3015] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.715971][ T3015] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 60498 - 0
[  930.772576][T16425] chnl_net:caif_netlink_parms(): no params data found
[  931.044867][ T3015] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  931.086192][ T3015] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 60498 - 0
[  931.155914][ T3015] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  931.177975][ T3015] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 60498 - 0
[  931.207532][T16425] bridge0: port 1(bridge_slave_0) entered blocking state
[  931.221772][T16425] bridge0: port 1(bridge_slave_0) entered disabled state
[  931.229668][T16425] bridge_slave_0: entered allmulticast mode
[  931.247959][T16425] bridge_slave_0: entered promiscuous mode
[  931.274647][T16425] bridge0: port 2(bridge_slave_1) entered blocking state
[  931.296846][T16425] bridge0: port 2(bridge_slave_1) entered disabled state
[  931.311900][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  931.319785][ T5908] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  931.332298][T16425] bridge_slave_1: entered allmulticast mode
[  931.358500][T16425] bridge_slave_1: entered promiscuous mode
[  931.474953][T16425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  931.511867][ T5908] usb 7-1: config index 0 descriptor too short (expected 65069, got 45)
[  931.534755][ T5908] usb 7-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  931.574825][T16425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  931.600226][ T5908] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  931.624550][ T5908] usb 7-1: config 0 has no interfaces?
[  931.634555][ T5908] usb 7-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  931.649478][ T5908] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.704213][ T5908] usb 7-1: config 0 descriptor??
[  931.709950][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout
[  931.812669][T16425] team0: Port device team_slave_0 added
[  931.862752][T16425] team0: Port device team_slave_1 added
[  931.864209][T16466] SELinux:  policydb version 0 does not match my version range 15-34
[  931.887354][T16466] SELinux: failed to load policy
[  931.888657][   T29] audit: type=1400 audit(1739702593.399:958): avc:  denied  { load_policy } for  pid=16465 comm="syz.1.3024" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  931.984255][ T3015] bridge_slave_1: left allmulticast mode
[  932.007357][T16459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  932.025962][ T3015] bridge_slave_1: left promiscuous mode
[  932.035513][T16459] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  932.162675][ T3015] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.251591][T16459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  932.343099][T16459] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  932.534902][ T3015] bridge_slave_0: left allmulticast mode
[  932.589839][ T5834] Bluetooth: hci4: command tx timeout
[  932.612089][ T3015] bridge_slave_0: left promiscuous mode
[  932.619937][  T117] usb 7-1: USB disconnect, device number 24
[  932.849916][ T3015] bridge0: port 1(bridge_slave_0) entered disabled state
[  933.074333][   T29] audit: type=1400 audit(1739702594.609:959): avc:  denied  { map } for  pid=16476 comm="syz.1.3027" path="socket:[54231]" dev="sockfs" ino=54231 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  933.761674][T16480] hub 6-0:1.0: USB hub found
[  933.766424][T16480] hub 6-0:1.0: 1 port detected
[  933.790093][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout
[  933.965714][T16496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3031'.
[  934.011916][ T3015] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  934.028834][ T3015] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  934.040050][ T3015] bond0 (unregistering): Released all slaves
[  934.052468][ T3015] bond1 (unregistering): Released all slaves
[  934.066698][ T3015] bond2 (unregistering): Released all slaves
[  934.078913][ T3015] bond3 (unregistering): Released all slaves
[  934.094195][ T3015] bond4 (unregistering): Released all slaves
[  934.105659][ T3015] bond5 (unregistering): Released all slaves
[  934.223997][T16473] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[  934.310487][T16425] batman_adv: batadv0: Adding interface: batadv_slave_0
[  934.378520][T16425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  934.743363][ T5834] Bluetooth: hci4: command tx timeout
[  934.743364][T16425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  935.025439][ T3015] : left promiscuous mode
[  935.411512][T16425] batman_adv: batadv0: Adding interface: batadv_slave_1
[  935.428868][T16425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  935.731929][   T29] audit: type=1400 audit(1739702597.129:960): avc:  denied  { create } for  pid=16510 comm="syz.1.3035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  935.796373][T16425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  936.812336][T16425] hsr_slave_0: entered promiscuous mode
[  936.856704][ T5834] Bluetooth: hci4: command tx timeout
[  936.905417][T16425] hsr_slave_1: entered promiscuous mode
[  936.947144][T16425] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  936.955904][T16425] Cannot create hsr debugfs directory
[  937.399429][ T3015] hsr_slave_0: left promiscuous mode
[  937.508606][ T3015] hsr_slave_1: left promiscuous mode
[  937.528343][ T3015] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  937.572480][ T3015] batman_adv: batadv0: Removing interface: batadv_slave_0
[  937.597120][ T3015] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  937.607744][ T3015] batman_adv: batadv0: Removing interface: batadv_slave_1
[  937.706480][ T3015] veth1_macvtap: left promiscuous mode
[  937.743943][ T3015] veth0_macvtap: left promiscuous mode
[  937.780514][ T3015] veth1_vlan: left promiscuous mode
[  937.800527][ T3015] veth0_vlan: left promiscuous mode
[  939.214308][ T3015] team0 (unregistering): Port device team_slave_1 removed
[  939.856821][ T3015] team0 (unregistering): Port device team_slave_0 removed
[  940.487787][T16557] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  941.038570][T16564] misc userio: Invalid payload size
[  941.072762][T16564] misc userio: No port type given on /dev/userio
[  942.938450][T16425] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  942.961943][T16425] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  942.970356][T16425] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  942.978414][T16425] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  943.080137][T16425] 8021q: adding VLAN 0 to HW filter on device bond0
[  943.107050][T16425] 8021q: adding VLAN 0 to HW filter on device team0
[  943.121870][   T56] bridge0: port 1(bridge_slave_0) entered blocking state
[  943.129777][   T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[  943.153621][   T56] bridge0: port 2(bridge_slave_1) entered blocking state
[  943.160813][   T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[  943.328489][T16425] 8021q: adding VLAN 0 to HW filter on device batadv0
[  943.366994][T16425] veth0_vlan: entered promiscuous mode
[  943.384302][T16425] veth1_vlan: entered promiscuous mode
[  943.418568][T16425] veth0_macvtap: entered promiscuous mode
[  943.436055][T16425] veth1_macvtap: entered promiscuous mode
[  943.456280][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  943.468914][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  943.519297][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  943.537493][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  943.556198][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  943.575586][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  943.619471][T16425] batman_adv: batadv0: Interface activated: batadv_slave_0
[  943.645336][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  943.659803][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  943.699798][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  943.719504][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  943.759757][T16425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  943.773070][T16425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  943.827171][T16425] batman_adv: batadv0: Interface activated: batadv_slave_1
[  943.859179][T16425] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  943.879866][T16425] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  943.907754][T16425] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  943.928069][T16425] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  944.147455][ T9315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  944.158255][ T9315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  944.226270][ T9315] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  944.236655][ T9315] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  946.140189][T16602] ALSA: mixer_oss: invalid OSS volume 'SPEAKER'
[  946.255731][T16605] netlink: 4280 bytes leftover after parsing attributes in process `syz.2.3058'.
[  946.265840][T16605] netlink: 4280 bytes leftover after parsing attributes in process `syz.2.3058'.
[  946.637341][   T29] audit: type=1326 audit(1739702608.169:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16604 comm="syz.5.3060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  946.721633][T16153] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  946.729191][   T29] audit: type=1326 audit(1739702608.169:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16604 comm="syz.5.3060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  946.759083][T16153] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  946.771268][T16153] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  946.787737][   T29] audit: type=1326 audit(1739702608.169:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16604 comm="syz.5.3060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  946.819009][   T29] audit: type=1326 audit(1739702608.169:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16604 comm="syz.5.3060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  946.852266][   T29] audit: type=1326 audit(1739702608.169:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16604 comm="syz.5.3060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  946.879487][T16153] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  946.887358][T16153] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  946.894993][T16153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  947.069980][   T29] audit: type=1326 audit(1739702608.169:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16604 comm="syz.5.3060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  947.096623][   T29] audit: type=1326 audit(1739702608.169:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16604 comm="syz.5.3060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3b1318cde9 code=0x7ffc0000
[  947.221464][T16615] hub 6-0:1.0: USB hub found
[  947.227465][T16615] hub 6-0:1.0: 1 port detected
[  947.411559][   T29] audit: type=1400 audit(1739702608.939:968): avc:  denied  { getopt } for  pid=16610 comm="syz.5.3062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  947.739173][ T4290] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  947.760181][ T4290] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 43247 - 0
[  947.801529][T16620] netlink: 165 bytes leftover after parsing attributes in process `syz.6.3064'.
[  947.813187][ T5865] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  947.891234][ T4290] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  947.908337][ T4290] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 43247 - 0
[  948.975291][ T5865] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  948.990022][T16153] Bluetooth: hci0: command tx timeout
[  949.220507][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  949.231778][ T5865] usb 3-1: Product: syz
[  949.235996][ T5865] usb 3-1: Manufacturer: syz
[  949.242218][ T5865] usb 3-1: SerialNumber: syz
[  949.268661][ T5865] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  949.287272][ T4290] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.307205][ T4290] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 43247 - 0
[  949.338759][ T5867] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  949.472528][ T4290] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.499005][ T4290] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 43247 - 0
[  950.501525][T16607] chnl_net:caif_netlink_parms(): no params data found
[  950.522799][T16429] usb 3-1: USB disconnect, device number 84
[  950.590228][ T5867] usb 3-1: Service connection timeout for: 256
[  950.610303][ T5867] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[  950.638869][ T5867] ath9k_htc: Failed to initialize the device
[  950.653960][T16429] usb 3-1: ath9k_htc: USB layer deinitialized
[  950.668338][T16645] Bluetooth: MGMT ver 1.23
[  950.673178][T16645] FAULT_INJECTION: forcing a failure.
[  950.673178][T16645] name failslab, interval 1, probability 0, space 0, times 0
[  950.721302][T16645] CPU: 0 UID: 0 PID: 16645 Comm: syz.6.3070 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  950.721330][T16645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  950.721341][T16645] Call Trace:
[  950.721346][T16645]  <TASK>
[  950.721353][T16645]  dump_stack_lvl+0x16c/0x1f0
[  950.721378][T16645]  should_fail_ex+0x50a/0x650
[  950.721401][T16645]  ? fs_reclaim_acquire+0xae/0x150
[  950.721425][T16645]  ? hci_cmd_sync_submit+0xc3/0x340
[  950.721448][T16645]  should_failslab+0xc2/0x120
[  950.721466][T16645]  __kmalloc_cache_noprof+0x68/0x410
[  950.721495][T16645]  ? __pfx_set_powered_sync+0x10/0x10
[  950.721510][T16645]  ? __pfx_set_powered_sync+0x10/0x10
[  950.721524][T16645]  ? __pfx_mgmt_set_powered_complete+0x10/0x10
[  950.721546][T16645]  hci_cmd_sync_submit+0xc3/0x340
[  950.721568][T16645]  ? __pfx_set_powered_sync+0x10/0x10
[  950.721582][T16645]  ? __pfx_mgmt_set_powered_complete+0x10/0x10
[  950.721604][T16645]  hci_cmd_sync_queue+0x79/0xa0
[  950.721625][T16645]  set_powered+0x303/0x5c0
[  950.721646][T16645]  ? __pfx_set_powered+0x10/0x10
[  950.721667][T16645]  ? do_init_timer+0xc9/0x110
[  950.721686][T16645]  ? __pfx_mgmt_init_hdev+0x10/0x10
[  950.721710][T16645]  hci_sock_sendmsg+0x1528/0x25e0
[  950.721739][T16645]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  950.721770][T16645]  sock_write_iter+0x4fe/0x5b0
[  950.721798][T16645]  ? __pfx_sock_write_iter+0x10/0x10
[  950.721834][T16645]  ? bpf_lsm_file_permission+0x9/0x10
[  950.721851][T16645]  ? security_file_permission+0x71/0x210
[  950.721876][T16645]  ? rw_verify_area+0xcf/0x680
[  950.721903][T16645]  vfs_write+0x5ae/0x1150
[  950.721929][T16645]  ? __pfx_sock_write_iter+0x10/0x10
[  950.721958][T16645]  ? __pfx_vfs_write+0x10/0x10
[  950.721985][T16645]  ? __fget_files+0x40/0x3a0
[  950.722016][T16645]  ksys_write+0x207/0x250
[  950.722049][T16645]  ? __pfx_ksys_write+0x10/0x10
[  950.722085][T16645]  do_syscall_64+0xcd/0x250
[  950.722107][T16645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  950.722132][T16645] RIP: 0033:0x7f16dfb8cde9
[  950.722146][T16645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  950.722163][T16645] RSP: 002b:00007f16e0a78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  950.722180][T16645] RAX: ffffffffffffffda RBX: 00007f16dfda5fa0 RCX: 00007f16dfb8cde9
[  950.722191][T16645] RDX: 0000000000000007 RSI: 0000400000000040 RDI: 0000000000000004
[  950.722202][T16645] RBP: 00007f16e0a78090 R08: 0000000000000000 R09: 0000000000000000
[  950.722212][T16645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  950.722222][T16645] R13: 0000000000000000 R14: 00007f16dfda5fa0 R15: 00007ffe5f029988
[  950.722248][T16645]  </TASK>
[  951.028534][T16649] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3069'.
[  951.231777][T16153] Bluetooth: hci0: command tx timeout
[  951.472836][T16657] FAULT_INJECTION: forcing a failure.
[  951.472836][T16657] name failslab, interval 1, probability 0, space 0, times 0
[  951.532115][T16657] CPU: 0 UID: 0 PID: 16657 Comm: syz.6.3073 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  951.532140][T16657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  951.532150][T16657] Call Trace:
[  951.532154][T16657]  <TASK>
[  951.532160][T16657]  dump_stack_lvl+0x16c/0x1f0
[  951.532183][T16657]  should_fail_ex+0x50a/0x650
[  951.532207][T16657]  ? fs_reclaim_acquire+0xae/0x150
[  951.532233][T16657]  should_failslab+0xc2/0x120
[  951.532253][T16657]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  951.532272][T16657]  ? __alloc_skb+0x2b1/0x380
[  951.532304][T16657]  __alloc_skb+0x2b1/0x380
[  951.532324][T16657]  ? __pfx___alloc_skb+0x10/0x10
[  951.532346][T16657]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  951.532372][T16657]  netlink_alloc_large_skb+0x69/0x130
[  951.532394][T16657]  netlink_sendmsg+0x689/0xd70
[  951.532418][T16657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  951.532447][T16657]  ____sys_sendmsg+0xaaf/0xc90
[  951.532474][T16657]  ? copy_msghdr_from_user+0x10b/0x160
[  951.532496][T16657]  ? __pfx_____sys_sendmsg+0x10/0x10
[  951.532534][T16657]  ___sys_sendmsg+0x135/0x1e0
[  951.532558][T16657]  ? __pfx____sys_sendmsg+0x10/0x10
[  951.532589][T16657]  ? __pfx_lock_release+0x10/0x10
[  951.532613][T16657]  ? trace_lock_acquire+0x14e/0x1f0
[  951.532640][T16657]  ? __fget_files+0x206/0x3a0
[  951.532664][T16657]  __sys_sendmsg+0x16e/0x220
[  951.532685][T16657]  ? __pfx___sys_sendmsg+0x10/0x10
[  951.532723][T16657]  do_syscall_64+0xcd/0x250
[  951.532744][T16657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.532769][T16657] RIP: 0033:0x7f16dfb8cde9
[  951.532783][T16657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  951.532799][T16657] RSP: 002b:00007f16e0a78038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  951.532817][T16657] RAX: ffffffffffffffda RBX: 00007f16dfda5fa0 RCX: 00007f16dfb8cde9
[  951.532828][T16657] RDX: 0000000000000000 RSI: 0000400000000140 RDI: 0000000000000003
[  951.532838][T16657] RBP: 00007f16e0a78090 R08: 0000000000000000 R09: 0000000000000000
[  951.532848][T16657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  951.532858][T16657] R13: 0000000000000000 R14: 00007f16dfda5fa0 R15: 00007ffe5f029988
[  951.532882][T16657]  </TASK>
[  952.345970][T16675] netlink: 'syz.1.3075': attribute type 10 has an invalid length.
[  952.499364][T16679] netlink: 'syz.1.3075': attribute type 4 has an invalid length.
[  953.329653][T16153] Bluetooth: hci0: command tx timeout
[  953.659084][ T4290] bond0 (unregistering): Released all slaves
[  953.671973][ T4290] bond1 (unregistering): Released all slaves
[  953.682472][ T4290] bond2 (unregistering): Released all slaves
[  953.693909][ T4290] bond3 (unregistering): Released all slaves
[  953.705392][ T4290] bond4 (unregistering): Released all slaves
[  953.716646][ T4290] bond5 (unregistering): Released all slaves
[  953.728181][ T4290] bond6 (unregistering): Released all slaves
[  953.737859][T16607] bridge0: port 1(bridge_slave_0) entered blocking state
[  953.747122][T16607] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.768493][T16607] bridge_slave_0: entered allmulticast mode
[  953.785928][T16607] bridge_slave_0: entered promiscuous mode
[  953.802875][T16607] bridge0: port 2(bridge_slave_1) entered blocking state
[  953.811649][T16607] bridge0: port 2(bridge_slave_1) entered disabled state
[  953.829158][T16607] bridge_slave_1: entered allmulticast mode
[  953.845333][T16607] bridge_slave_1: entered promiscuous mode
[  953.881405][T16675] bridge0: port 2(bridge_slave_1) entered disabled state
[  953.891265][T16675] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.939229][T16675] bridge0: port 2(bridge_slave_1) entered blocking state
[  953.947124][T16675] bridge0: port 2(bridge_slave_1) entered forwarding state
[  953.954579][T16675] bridge0: port 1(bridge_slave_0) entered blocking state
[  953.961643][T16675] bridge0: port 1(bridge_slave_0) entered forwarding state
[  953.975120][T16675] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  954.226389][T16695] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  954.476049][T16607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  954.586782][T16701] fuse: Bad value for 'fd'
[  954.923131][T16607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  955.044863][T16607] team0: Port device team_slave_0 added
[  955.072273][T16607] team0: Port device team_slave_1 added
[  955.139866][T12775] usb 6-1: new full-speed USB device number 41 using dummy_hcd
[  955.177722][T16607] batman_adv: batadv0: Adding interface: batadv_slave_0
[  955.191715][T16607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  955.269095][T16607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  955.361963][T12775] usb 6-1: unable to get BOS descriptor or descriptor too short
[  955.380731][T12775] usb 6-1: not running at top speed; connect to a high speed hub
[  955.390582][T12775] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  955.400542][T16153] Bluetooth: hci0: command tx timeout
[  955.414099][ T4290] hsr_slave_0: left promiscuous mode
[  955.549968][T12775] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  955.560426][T12775] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.563053][ T4290] hsr_slave_1: left promiscuous mode
[  955.584178][T12775] usb 6-1: Product: syz
[  955.588610][T12775] usb 6-1: Manufacturer: syz
[  955.910759][T12775] usb 6-1: SerialNumber: syz
[  955.920681][ T4290] veth1_macvtap: left promiscuous mode
[  955.926247][ T4290] veth0_macvtap: left promiscuous mode
[  955.949974][ T4290] veth1_vlan: left allmulticast mode
[  955.959136][ T4290] veth1_vlan: left promiscuous mode
[  955.976918][ T4290] veth0_vlan: left promiscuous mode
[  957.074424][ T4290] macvlan0 (unregistering): left allmulticast mode
[  957.222650][T12775] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  957.430111][T12775] usb 6-1: 5:0: failed to get current value for ch 1 (-22)
[  957.439102][T16710] syz.2.3085 (16710): drop_caches: 2
[  957.540986][T12775] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  957.565616][T12775] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  957.616432][T12775] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  957.642662][T12775] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  957.660723][T12775] usb 6-1: 5:0: cannot get min/max values for control 5 (id 5)
[  957.674723][T12775] usb 6-1: 5:0: failed to get current value for ch 1 (-22)
[  957.779855][T12775] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  957.796551][T12775] usb 6-1: 5:0: cannot get min/max values for control 5 (id 5)
[  957.808729][T12775] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  957.847343][T12775] usb 6-1: USB disconnect, device number 41
[  957.853584][T16727] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3090'.
[  960.742266][T16607] batman_adv: batadv0: Adding interface: batadv_slave_1
[  960.764223][T16607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  960.812868][T16607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  960.911138][T16718] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.918558][T16718] bridge0: port 1(bridge_slave_0) entered disabled state
[  961.044039][T16718] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  961.062559][T16718] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  961.202891][T16718] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  961.213213][T16718] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  961.226746][T16718] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  961.238185][T16718] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  961.327503][ T9315] 
[  961.328399][T16720] 8021q: adding VLAN 0 to HW filter on device bond0
[  961.330653][ T9315] =============================
[  961.330688][ T9315] WARNING: suspicious RCU usage
[  961.340933][T16720] 8021q: adding VLAN 0 to HW filter on device team0
[  961.343247][ T9315] 6.14.0-rc2-syzkaller-00281-g496659003dac #0 Not tainted
[  961.354590][ T9315] -----------------------------
[  961.366776][ T9315] net/sched/sch_generic.c:1285 suspicious rcu_dereference_protected() usage!
[  961.366793][ T9315] 
[  961.366793][ T9315] other info that might help us debug this:
[  961.366793][ T9315] 
[  961.386667][ T9315] 
[  961.386667][ T9315] rcu_scheduler_active = 2, debug_locks = 1
[  961.395450][ T9315] 3 locks held by kworker/u8:11/9315:
[  961.402172][ T9315]  #0: ffff888049861148 ((wq_completion)bond0#7){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  961.412881][ T9315]  #1: ffffc900048cfd18 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  961.425582][ T9315]  #2: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x140/0x2d90
[  961.435332][ T9315] 
[  961.435332][ T9315] stack backtrace:
[  961.443893][ T9315] CPU: 0 UID: 0 PID: 9315 Comm: kworker/u8:11 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  961.443915][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  961.443925][ T9315] Workqueue: bond0 bond_mii_monitor
[  961.443952][ T9315] Call Trace:
[  961.443957][ T9315]  <TASK>
[  961.443963][ T9315]  dump_stack_lvl+0x16c/0x1f0
[  961.443982][ T9315]  lockdep_rcu_suspicious+0x210/0x3c0
[  961.444010][ T9315]  dev_deactivate_queue+0x1c0/0x210
[  961.444037][ T9315]  dev_deactivate_many+0x145/0xc30
[  961.444053][ T9315]  ? __pfx_dev_deactivate_many+0x10/0x10
[  961.444071][ T9315]  ? irqentry_exit+0x3b/0x90
[  961.444096][ T9315]  dev_deactivate+0xf9/0x1c0
[  961.444109][ T9315]  ? __pfx_dev_deactivate+0x10/0x10
[  961.444120][ T9315]  ? preempt_schedule_common+0x44/0xc0
[  961.444137][ T9315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  961.444157][ T9315]  linkwatch_do_dev+0x11e/0x160
[  961.444174][ T9315]  linkwatch_sync_dev+0x181/0x210
[  961.444189][ T9315]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  961.444203][ T9315]  ethtool_op_get_link+0x1d/0x70
[  961.444215][ T9315]  bond_check_dev_link+0x197/0x490
[  961.444227][ T9315]  ? __pfx_bond_check_dev_link+0x10/0x10
[  961.444250][ T9315]  bond_mii_monitor+0x3c1/0x2d90
[  961.444267][ T9315]  ? __pfx_bond_mii_monitor+0x10/0x10
[  961.444281][ T9315]  ? rcu_is_watching+0x12/0xc0
[  961.444295][ T9315]  ? lock_acquire+0x2f/0xb0
[  961.444308][ T9315]  ? process_one_work+0x921/0x1ba0
[  961.444324][ T9315]  process_one_work+0x9c5/0x1ba0
[  961.444341][ T9315]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  961.444355][ T9315]  ? __pfx_process_one_work+0x10/0x10
[  961.444372][ T9315]  ? assign_work+0x1a0/0x250
[  961.444386][ T9315]  worker_thread+0x6c8/0xf00
[  961.444402][ T9315]  ? __kthread_parkme+0x148/0x220
[  961.444414][ T9315]  ? __pfx_worker_thread+0x10/0x10
[  961.444427][ T9315]  kthread+0x3af/0x750
[  961.444440][ T9315]  ? __pfx_kthread+0x10/0x10
[  961.444451][ T9315]  ? lock_acquire+0x2f/0xb0
[  961.444466][ T9315]  ? __pfx_kthread+0x10/0x10
[  961.444478][ T9315]  ret_from_fork+0x45/0x80
[  961.444494][ T9315]  ? __pfx_kthread+0x10/0x10
[  961.444507][ T9315]  ret_from_fork_asm+0x1a/0x30
[  961.444527][ T9315]  </TASK>
[  961.444976][ T9315] 
[  961.666695][ T9315] =============================
[  961.672381][ T9315] WARNING: suspicious RCU usage
[  961.677246][ T9315] 6.14.0-rc2-syzkaller-00281-g496659003dac #0 Not tainted
[  961.684490][ T9315] -----------------------------
[  961.689331][ T9315] ./include/linux/rtnetlink.h:162 suspicious rcu_dereference_protected() usage!
[  961.698993][ T9315] 
[  961.698993][ T9315] other info that might help us debug this:
[  961.698993][ T9315] 
[  961.709975][ T9315] 
[  961.709975][ T9315] rcu_scheduler_active = 2, debug_locks = 1
[  961.718423][ T9315] 3 locks held by kworker/u8:11/9315:
[  961.724851][ T9315]  #0: ffff888049861148 ((wq_completion)bond0#7){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  961.736601][ T9315]  #1: ffffc900048cfd18 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  961.751134][ T9315]  #2: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x140/0x2d90
[  961.760904][ T9315] 
[  961.760904][ T9315] stack backtrace:
[  961.766809][ T9315] CPU: 0 UID: 0 PID: 9315 Comm: kworker/u8:11 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  961.766828][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  961.766840][ T9315] Workqueue: bond0 bond_mii_monitor
[  961.766868][ T9315] Call Trace:
[  961.766875][ T9315]  <TASK>
[  961.766882][ T9315]  dump_stack_lvl+0x16c/0x1f0
[  961.766904][ T9315]  lockdep_rcu_suspicious+0x210/0x3c0
[  961.766927][ T9315]  dev_deactivate_many+0x980/0xc30
[  961.766942][ T9315]  ? __pfx_dev_deactivate_many+0x10/0x10
[  961.766954][ T9315]  ? irqentry_exit+0x3b/0x90
[  961.766968][ T9315]  dev_deactivate+0xf9/0x1c0
[  961.766979][ T9315]  ? __pfx_dev_deactivate+0x10/0x10
[  961.766988][ T9315]  ? preempt_schedule_common+0x44/0xc0
[  961.767006][ T9315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  961.767026][ T9315]  linkwatch_do_dev+0x11e/0x160
[  961.767044][ T9315]  linkwatch_sync_dev+0x181/0x210
[  961.767063][ T9315]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  961.767077][ T9315]  ethtool_op_get_link+0x1d/0x70
[  961.767091][ T9315]  bond_check_dev_link+0x197/0x490
[  961.767104][ T9315]  ? __pfx_bond_check_dev_link+0x10/0x10
[  961.767124][ T9315]  bond_mii_monitor+0x3c1/0x2d90
[  961.767143][ T9315]  ? __pfx_bond_mii_monitor+0x10/0x10
[  961.767158][ T9315]  ? rcu_is_watching+0x12/0xc0
[  961.767173][ T9315]  ? lock_acquire+0x2f/0xb0
[  961.767187][ T9315]  ? process_one_work+0x921/0x1ba0
[  961.767204][ T9315]  process_one_work+0x9c5/0x1ba0
[  961.767224][ T9315]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  961.767240][ T9315]  ? __pfx_process_one_work+0x10/0x10
[  961.767259][ T9315]  ? assign_work+0x1a0/0x250
[  961.767274][ T9315]  worker_thread+0x6c8/0xf00
[  961.767293][ T9315]  ? __kthread_parkme+0x148/0x220
[  961.767311][ T9315]  ? __pfx_worker_thread+0x10/0x10
[  961.767326][ T9315]  kthread+0x3af/0x750
[  961.767341][ T9315]  ? __pfx_kthread+0x10/0x10
[  961.767353][ T9315]  ? lock_acquire+0x2f/0xb0
[  961.767370][ T9315]  ? __pfx_kthread+0x10/0x10
[  961.767384][ T9315]  ret_from_fork+0x45/0x80
[  961.767400][ T9315]  ? __pfx_kthread+0x10/0x10
[  961.767413][ T9315]  ret_from_fork_asm+0x1a/0x30
[  961.767434][ T9315]  </TASK>
[  961.767665][ T9315] BUG: sleeping function called from invalid context at net/core/dev.c:11677
[  961.993108][ T9315] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9315, name: kworker/u8:11
[  962.003981][ T9315] preempt_count: 0, expected: 0
[  962.009872][ T9315] RCU nest depth: 1, expected: 0
[  962.015376][ T9315] 3 locks held by kworker/u8:11/9315:
[  962.022529][ T9315]  #0: ffff888049861148 ((wq_completion)bond0#7){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  962.035245][ T9315]  #1: ffffc900048cfd18 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  962.050749][ T9315]  #2: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x140/0x2d90
[  962.060873][ T9315] CPU: 1 UID: 0 PID: 9315 Comm: kworker/u8:11 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  962.060896][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  962.060908][ T9315] Workqueue: bond0 bond_mii_monitor
[  962.060935][ T9315] Call Trace:
[  962.060940][ T9315]  <TASK>
[  962.060947][ T9315]  dump_stack_lvl+0x16c/0x1f0
[  962.060968][ T9315]  __might_resched+0x3c0/0x5e0
[  962.060998][ T9315]  ? __pfx___might_resched+0x10/0x10
[  962.061029][ T9315]  synchronize_net+0x1b/0xa0
[  962.061053][ T9315]  dev_deactivate_many+0xac0/0xc30
[  962.061076][ T9315]  ? __pfx_dev_deactivate_many+0x10/0x10
[  962.061097][ T9315]  ? irqentry_exit+0x3b/0x90
[  962.061118][ T9315]  dev_deactivate+0xf9/0x1c0
[  962.061135][ T9315]  ? __pfx_dev_deactivate+0x10/0x10
[  962.061150][ T9315]  ? preempt_schedule_common+0x44/0xc0
[  962.061178][ T9315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  962.061210][ T9315]  linkwatch_do_dev+0x11e/0x160
[  962.061234][ T9315]  linkwatch_sync_dev+0x181/0x210
[  962.061260][ T9315]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  962.061279][ T9315]  ethtool_op_get_link+0x1d/0x70
[  962.061305][ T9315]  bond_check_dev_link+0x197/0x490
[  962.061325][ T9315]  ? __pfx_bond_check_dev_link+0x10/0x10
[  962.061358][ T9315]  bond_mii_monitor+0x3c1/0x2d90
[  962.061389][ T9315]  ? __pfx_bond_mii_monitor+0x10/0x10
[  962.061411][ T9315]  ? rcu_is_watching+0x12/0xc0
[  962.061435][ T9315]  ? lock_acquire+0x2f/0xb0
[  962.061457][ T9315]  ? process_one_work+0x921/0x1ba0
[  962.061483][ T9315]  process_one_work+0x9c5/0x1ba0
[  962.061514][ T9315]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  962.061539][ T9315]  ? __pfx_process_one_work+0x10/0x10
[  962.061570][ T9315]  ? assign_work+0x1a0/0x250
[  962.061594][ T9315]  worker_thread+0x6c8/0xf00
[  962.061625][ T9315]  ? __kthread_parkme+0x148/0x220
[  962.061644][ T9315]  ? __pfx_worker_thread+0x10/0x10
[  962.061668][ T9315]  kthread+0x3af/0x750
[  962.061690][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.061710][ T9315]  ? lock_acquire+0x2f/0xb0
[  962.061737][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.061758][ T9315]  ret_from_fork+0x45/0x80
[  962.061780][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.061801][ T9315]  ret_from_fork_asm+0x1a/0x30
[  962.061835][ T9315]  </TASK>
[  962.061843][ T9315] 
[  962.288602][ T9315] =============================
[  962.293501][ T9315] WARNING: suspicious RCU usage
[  962.298347][ T9315] 6.14.0-rc2-syzkaller-00281-g496659003dac #0 Tainted: G        W         
[  962.307193][ T9315] -----------------------------
[  962.312344][ T9315] kernel/rcu/tree_exp.h:966 Illegal synchronize_rcu_expedited() in RCU read-side critical section!
[  962.323096][ T9315] 
[  962.323096][ T9315] other info that might help us debug this:
[  962.323096][ T9315] 
[  962.333421][ T9315] 
[  962.333421][ T9315] rcu_scheduler_active = 2, debug_locks = 1
[  962.341644][ T9315] 3 locks held by kworker/u8:11/9315:
[  962.347224][ T9315]  #0: ffff888049861148 ((wq_completion)bond0#7){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  962.357968][ T9315]  #1: ffffc900048cfd18 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  962.371835][ T9315]  #2: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x140/0x2d90
[  962.381611][ T9315] 
[  962.381611][ T9315] stack backtrace:
[  962.387500][ T9315] CPU: 1 UID: 0 PID: 9315 Comm: kworker/u8:11 Tainted: G        W          6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  962.387517][ T9315] Tainted: [W]=WARN
[  962.387521][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  962.387528][ T9315] Workqueue: bond0 bond_mii_monitor
[  962.387547][ T9315] Call Trace:
[  962.387551][ T9315]  <TASK>
[  962.387557][ T9315]  dump_stack_lvl+0x16c/0x1f0
[  962.387571][ T9315]  lockdep_rcu_suspicious+0x210/0x3c0
[  962.387589][ T9315]  synchronize_rcu_expedited+0x1e5/0x450
[  962.387605][ T9315]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  962.387621][ T9315]  ? dump_stack_lvl+0x185/0x1f0
[  962.387631][ T9315]  ? lockdep_hardirqs_on+0x7c/0x110
[  962.387643][ T9315]  ? add_taint+0x5f/0xd0
[  962.387656][ T9315]  ? __pfx___might_resched+0x10/0x10
[  962.387676][ T9315]  synchronize_net+0x6f/0xa0
[  962.387692][ T9315]  dev_deactivate_many+0xac0/0xc30
[  962.387707][ T9315]  ? __pfx_dev_deactivate_many+0x10/0x10
[  962.387719][ T9315]  ? irqentry_exit+0x3b/0x90
[  962.387732][ T9315]  dev_deactivate+0xf9/0x1c0
[  962.387742][ T9315]  ? __pfx_dev_deactivate+0x10/0x10
[  962.387752][ T9315]  ? preempt_schedule_common+0x44/0xc0
[  962.387769][ T9315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  962.387789][ T9315]  linkwatch_do_dev+0x11e/0x160
[  962.387805][ T9315]  linkwatch_sync_dev+0x181/0x210
[  962.387822][ T9315]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  962.387835][ T9315]  ethtool_op_get_link+0x1d/0x70
[  962.387847][ T9315]  bond_check_dev_link+0x197/0x490
[  962.387860][ T9315]  ? __pfx_bond_check_dev_link+0x10/0x10
[  962.387879][ T9315]  bond_mii_monitor+0x3c1/0x2d90
[  962.387897][ T9315]  ? __pfx_bond_mii_monitor+0x10/0x10
[  962.387911][ T9315]  ? rcu_is_watching+0x12/0xc0
[  962.387925][ T9315]  ? lock_acquire+0x2f/0xb0
[  962.387938][ T9315]  ? process_one_work+0x921/0x1ba0
[  962.387954][ T9315]  process_one_work+0x9c5/0x1ba0
[  962.387973][ T9315]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  962.387988][ T9315]  ? __pfx_process_one_work+0x10/0x10
[  962.388006][ T9315]  ? assign_work+0x1a0/0x250
[  962.388020][ T9315]  worker_thread+0x6c8/0xf00
[  962.388038][ T9315]  ? __kthread_parkme+0x148/0x220
[  962.388049][ T9315]  ? __pfx_worker_thread+0x10/0x10
[  962.388064][ T9315]  kthread+0x3af/0x750
[  962.388077][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.388089][ T9315]  ? lock_acquire+0x2f/0xb0
[  962.388107][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.388120][ T9315]  ret_from_fork+0x45/0x80
[  962.388135][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.388148][ T9315]  ret_from_fork_asm+0x1a/0x30
[  962.388167][ T9315]  </TASK>
[  962.650131][ T9315] 
[  962.652482][ T9315] =============================
[  962.657374][ T9315] [ BUG: Invalid wait context ]
[  962.662210][ T9315] 6.14.0-rc2-syzkaller-00281-g496659003dac #0 Tainted: G        W         
[  962.670781][ T9315] -----------------------------
[  962.675606][ T9315] kworker/u8:11/9315 is trying to lock:
[  962.681151][ T9315] ffffffff8e1c80f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a4/0x3b0
[  962.690719][ T9315] other info that might help us debug this:
[  962.696606][ T9315] context-{5:5}
[  962.700098][ T9315] 3 locks held by kworker/u8:11/9315:
[  962.705474][ T9315]  #0: ffff888049861148 ((wq_completion)bond0#7){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  962.715998][ T9315]  #1: ffffc900048cfd18 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  962.728251][ T9315]  #2: ffffffff8e1bcc80 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x140/0x2d90
[  962.737921][ T9315] stack backtrace:
[  962.741618][ T9315] CPU: 1 UID: 0 PID: 9315 Comm: kworker/u8:11 Tainted: G        W          6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  962.741634][ T9315] Tainted: [W]=WARN
[  962.741637][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  962.741646][ T9315] Workqueue: bond0 bond_mii_monitor
[  962.741665][ T9315] Call Trace:
[  962.741668][ T9315]  <TASK>
[  962.741673][ T9315]  dump_stack_lvl+0x116/0x1f0
[  962.741686][ T9315]  __lock_acquire+0x878/0x3c40
[  962.741703][ T9315]  ? __pfx___lock_acquire+0x10/0x10
[  962.741716][ T9315]  ? save_trace+0x53/0xb60
[  962.741729][ T9315]  lock_acquire.part.0+0x11b/0x380
[  962.741743][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  962.741757][ T9315]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  962.741772][ T9315]  ? rcu_is_watching+0x12/0xc0
[  962.741781][ T9315]  ? trace_lock_acquire+0x14e/0x1f0
[  962.741792][ T9315]  ? __might_resched+0x4ca/0x5e0
[  962.741807][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  962.741820][ T9315]  ? lock_acquire+0x2f/0xb0
[  962.741832][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  962.741845][ T9315]  __mutex_lock+0x19b/0xb10
[  962.741856][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  962.741869][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  962.741881][ T9315]  ? find_held_lock+0x2d/0x110
[  962.741891][ T9315]  ? __pfx___mutex_lock+0x10/0x10
[  962.741903][ T9315]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  962.741912][ T9315]  ? lock_acquire+0x2f/0xb0
[  962.741924][ T9315]  ? exp_funnel_lock+0x13c/0x3b0
[  962.741938][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  962.741950][ T9315]  exp_funnel_lock+0x1a4/0x3b0
[  962.741963][ T9315]  ? __pfx_exp_funnel_lock+0x10/0x10
[  962.741982][ T9315]  ? __might_resched+0x4ca/0x5e0
[  962.742003][ T9315]  ? __pfx___might_resched+0x10/0x10
[  962.742025][ T9315]  ? lockdep_rcu_suspicious+0x2ee/0x3c0
[  962.742044][ T9315]  synchronize_rcu_expedited+0x290/0x450
[  962.742058][ T9315]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  962.742073][ T9315]  ? dump_stack_lvl+0x185/0x1f0
[  962.742082][ T9315]  ? lockdep_hardirqs_on+0x7c/0x110
[  962.742092][ T9315]  ? add_taint+0x5f/0xd0
[  962.742103][ T9315]  ? __pfx___might_resched+0x10/0x10
[  962.742119][ T9315]  synchronize_net+0x6f/0xa0
[  962.742135][ T9315]  dev_deactivate_many+0xac0/0xc30
[  962.742147][ T9315]  ? __pfx_dev_deactivate_many+0x10/0x10
[  962.742157][ T9315]  ? irqentry_exit+0x3b/0x90
[  962.742168][ T9315]  dev_deactivate+0xf9/0x1c0
[  962.742177][ T9315]  ? __pfx_dev_deactivate+0x10/0x10
[  962.742187][ T9315]  ? preempt_schedule_common+0x44/0xc0
[  962.742202][ T9315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  962.742218][ T9315]  linkwatch_do_dev+0x11e/0x160
[  962.742233][ T9315]  linkwatch_sync_dev+0x181/0x210
[  962.742247][ T9315]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  962.742260][ T9315]  ethtool_op_get_link+0x1d/0x70
[  962.742271][ T9315]  bond_check_dev_link+0x197/0x490
[  962.742284][ T9315]  ? __pfx_bond_check_dev_link+0x10/0x10
[  962.742297][ T9315]  bond_mii_monitor+0x3c1/0x2d90
[  962.742311][ T9315]  ? __pfx_bond_mii_monitor+0x10/0x10
[  962.742324][ T9315]  ? rcu_is_watching+0x12/0xc0
[  962.742335][ T9315]  ? lock_acquire+0x2f/0xb0
[  962.742347][ T9315]  ? process_one_work+0x921/0x1ba0
[  962.742361][ T9315]  process_one_work+0x9c5/0x1ba0
[  962.742375][ T9315]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  962.742389][ T9315]  ? __pfx_process_one_work+0x10/0x10
[  962.742403][ T9315]  ? assign_work+0x1a0/0x250
[  962.742415][ T9315]  worker_thread+0x6c8/0xf00
[  962.742429][ T9315]  ? __kthread_parkme+0x148/0x220
[  962.742439][ T9315]  ? __pfx_worker_thread+0x10/0x10
[  962.742452][ T9315]  kthread+0x3af/0x750
[  962.742464][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.742475][ T9315]  ? lock_acquire+0x2f/0xb0
[  962.742489][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.742501][ T9315]  ret_from_fork+0x45/0x80
[  962.742514][ T9315]  ? __pfx_kthread+0x10/0x10
[  962.742525][ T9315]  ret_from_fork_asm+0x1a/0x30
[  962.742539][ T9315]  </TASK>
[  963.114431][ T9315] ------------[ cut here ]------------
[  963.119892][ T9315] Voluntary context switch within RCU read-side critical section!
[  963.119968][ T9315] WARNING: CPU: 1 PID: 9315 at kernel/rcu/tree_plugin.h:332 rcu_note_context_switch+0xcc6/0x1b70
[  963.138935][ T9315] Modules linked in:
[  963.143095][ T9315] CPU: 1 UID: 0 PID: 9315 Comm: kworker/u8:11 Tainted: G        W          6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  963.155545][ T9315] Tainted: [W]=WARN
[  963.159774][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  963.169825][ T9315] Workqueue: bond0 bond_mii_monitor
[  963.175012][ T9315] RIP: 0010:rcu_note_context_switch+0xcc6/0x1b70
[  963.181410][ T9315] Code: 7b 00 4c 8b 54 24 30 48 8b 44 24 28 8b 4c 24 10 e9 c6 03 00 00 c6 05 97 b4 a9 0e 01 90 48 c7 c7 a0 c2 6e 8b e8 0b fc d8 ff 90 <0f> 0b 90 90 e9 3e f4 ff ff 38 d0 7f 08 84 c0 0f 85 54 08 00 00 80
[  963.201195][ T9315] RSP: 0018:ffffc900048cf2c0 EFLAGS: 00010086
[  963.207596][ T9315] RAX: 0000000000000000 RBX: ffff8880b873fbc0 RCX: ffffffff817a1229
[  963.215549][ T9315] RDX: ffff88801f78a440 RSI: ffffffff817a1236 RDI: 0000000000000001
[  963.223524][ T9315] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  963.231500][ T9315] R10: 0000000000000000 R11: fffffffffffc30e0 R12: ffff88801f78a440
[  963.239462][ T9315] R13: ffff88801f78a440 R14: ffff88801f78a440 R15: ffff8880b873ec00
[  963.247441][ T9315] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  963.256457][ T9315] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  963.263051][ T9315] CR2: 00007f16e0a78990 CR3: 0000000048df4000 CR4: 00000000003526f0
[  963.271015][ T9315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  963.279059][ T9315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  963.287052][ T9315] Call Trace:
[  963.290319][ T9315]  <TASK>
[  963.293234][ T9315]  ? __warn+0xea/0x3c0
[  963.297288][ T9315]  ? bpf_ksym_find+0x127/0x1c0
[  963.302036][ T9315]  ? rcu_note_context_switch+0xcc6/0x1b70
[  963.307737][ T9315]  ? report_bug+0x3c0/0x580
[  963.312223][ T9315]  ? handle_bug+0x54/0xa0
[  963.316537][ T9315]  ? exc_invalid_op+0x17/0x50
[  963.321213][ T9315]  ? asm_exc_invalid_op+0x1a/0x20
[  963.326227][ T9315]  ? __warn_printk+0x199/0x350
[  963.330974][ T9315]  ? __warn_printk+0x1a6/0x350
[  963.335721][ T9315]  ? rcu_note_context_switch+0xcc6/0x1b70
[  963.341581][ T9315]  ? lockdep_unlock+0x11a/0x290
[  963.346429][ T9315]  ? __lock_acquire+0x20f9/0x3c40
[  963.351448][ T9315]  ? schedule+0xe7/0x350
[  963.356118][ T9315]  ? rcu_is_watching+0x12/0xc0
[  963.360867][ T9315]  ? schedule+0xe7/0x350
[  963.365112][ T9315]  ? __mutex_lock+0x8e6/0xb10
[  963.369798][ T9315]  __schedule+0x297/0x5890
[  963.374213][ T9315]  ? trace_irq_enable.constprop.0+0xea/0x140
[  963.380192][ T9315]  ? __pfx___schedule+0x10/0x10
[  963.385062][ T9315]  ? __mutex_trylock_common+0x78/0x250
[  963.390526][ T9315]  ? rcu_is_watching+0x12/0xc0
[  963.395308][ T9315]  ? __pfx___mutex_trylock_common+0x10/0x10
[  963.401207][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  963.406161][ T9315]  ? __mutex_lock+0x8e6/0xb10
[  963.410834][ T9315]  schedule+0xe7/0x350
[  963.414892][ T9315]  schedule_preempt_disabled+0x13/0x30
[  963.420394][ T9315]  __mutex_lock+0x93d/0xb10
[  963.424900][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  963.429824][ T9315]  ? find_held_lock+0x2d/0x110
[  963.434572][ T9315]  ? __pfx___mutex_lock+0x10/0x10
[  963.439672][ T9315]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  963.447692][ T9315]  ? lock_acquire+0x2f/0xb0
[  963.452901][ T9315]  ? exp_funnel_lock+0x13c/0x3b0
[  963.457846][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  963.462789][ T9315]  exp_funnel_lock+0x1a4/0x3b0
[  963.467562][ T9315]  ? __pfx_exp_funnel_lock+0x10/0x10
[  963.472858][ T9315]  ? __might_resched+0x4ca/0x5e0
[  963.477806][ T9315]  ? __pfx___might_resched+0x10/0x10
[  963.483282][ T9315]  ? lockdep_rcu_suspicious+0x2ee/0x3c0
[  963.488851][ T9315]  synchronize_rcu_expedited+0x290/0x450
[  963.494497][ T9315]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  963.500736][ T9315]  ? dump_stack_lvl+0x185/0x1f0
[  963.505585][ T9315]  ? lockdep_hardirqs_on+0x7c/0x110
[  963.510764][ T9315]  ? add_taint+0x5f/0xd0
[  963.515081][ T9315]  ? __pfx___might_resched+0x10/0x10
[  963.520368][ T9315]  synchronize_net+0x6f/0xa0
[  963.524950][ T9315]  dev_deactivate_many+0xac0/0xc30
[  963.530046][ T9315]  ? __pfx_dev_deactivate_many+0x10/0x10
[  963.535673][ T9315]  ? irqentry_exit+0x3b/0x90
[  963.540285][ T9315]  dev_deactivate+0xf9/0x1c0
[  963.544984][ T9315]  ? __pfx_dev_deactivate+0x10/0x10
[  963.550174][ T9315]  ? preempt_schedule_common+0x44/0xc0
[  963.555646][ T9315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  963.562154][ T9315]  linkwatch_do_dev+0x11e/0x160
[  963.567714][ T9315]  linkwatch_sync_dev+0x181/0x210
[  963.573203][ T9315]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  963.579286][ T9315]  ethtool_op_get_link+0x1d/0x70
[  963.584251][ T9315]  bond_check_dev_link+0x197/0x490
[  963.589881][ T9315]  ? __pfx_bond_check_dev_link+0x10/0x10
[  963.595873][ T9315]  bond_mii_monitor+0x3c1/0x2d90
[  963.600889][ T9315]  ? __pfx_bond_mii_monitor+0x10/0x10
[  963.607116][ T9315]  ? rcu_is_watching+0x12/0xc0
[  963.611868][ T9315]  ? lock_acquire+0x2f/0xb0
[  963.616734][ T9315]  ? process_one_work+0x921/0x1ba0
[  963.621871][ T9315]  process_one_work+0x9c5/0x1ba0
[  963.626832][ T9315]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  963.632481][ T9315]  ? __pfx_process_one_work+0x10/0x10
[  963.637855][ T9315]  ? assign_work+0x1a0/0x250
[  963.642455][ T9315]  worker_thread+0x6c8/0xf00
[  963.647049][ T9315]  ? __kthread_parkme+0x148/0x220
[  963.652063][ T9315]  ? __pfx_worker_thread+0x10/0x10
[  963.657163][ T9315]  kthread+0x3af/0x750
[  963.661218][ T9315]  ? __pfx_kthread+0x10/0x10
[  963.665968][ T9315]  ? lock_acquire+0x2f/0xb0
[  963.670763][ T9315]  ? __pfx_kthread+0x10/0x10
[  963.675873][ T9315]  ret_from_fork+0x45/0x80
[  963.680321][ T9315]  ? __pfx_kthread+0x10/0x10
[  963.685013][ T9315]  ret_from_fork_asm+0x1a/0x30
[  963.689774][ T9315]  </TASK>
[  963.692787][ T9315] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  963.700066][ T9315] CPU: 1 UID: 0 PID: 9315 Comm: kworker/u8:11 Tainted: G        W          6.14.0-rc2-syzkaller-00281-g496659003dac #0
[  963.712557][ T9315] Tainted: [W]=WARN
[  963.716914][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  963.729332][ T9315] Workqueue: bond0 bond_mii_monitor
[  963.734814][ T9315] Call Trace:
[  963.738328][ T9315]  <TASK>
[  963.741382][ T9315]  dump_stack_lvl+0x3d/0x1f0
[  963.746938][ T9315]  panic+0x71d/0x800
[  963.751113][ T9315]  ? __pfx_panic+0x10/0x10
[  963.755708][ T9315]  ? show_trace_log_lvl+0x29d/0x3d0
[  963.761075][ T9315]  ? check_panic_on_warn+0x1f/0xb0
[  963.766813][ T9315]  ? rcu_note_context_switch+0xcc6/0x1b70
[  963.773058][ T9315]  check_panic_on_warn+0xab/0xb0
[  963.778189][ T9315]  __warn+0xf6/0x3c0
[  963.782116][ T9315]  ? bpf_ksym_find+0x127/0x1c0
[  963.787250][ T9315]  ? rcu_note_context_switch+0xcc6/0x1b70
[  963.792991][ T9315]  report_bug+0x3c0/0x580
[  963.798387][ T9315]  handle_bug+0x54/0xa0
[  963.803266][ T9315]  exc_invalid_op+0x17/0x50
[  963.808320][ T9315]  asm_exc_invalid_op+0x1a/0x20
[  963.814276][ T9315] RIP: 0010:rcu_note_context_switch+0xcc6/0x1b70
[  963.821744][ T9315] Code: 7b 00 4c 8b 54 24 30 48 8b 44 24 28 8b 4c 24 10 e9 c6 03 00 00 c6 05 97 b4 a9 0e 01 90 48 c7 c7 a0 c2 6e 8b e8 0b fc d8 ff 90 <0f> 0b 90 90 e9 3e f4 ff ff 38 d0 7f 08 84 c0 0f 85 54 08 00 00 80
[  963.841347][ T9315] RSP: 0018:ffffc900048cf2c0 EFLAGS: 00010086
[  963.847421][ T9315] RAX: 0000000000000000 RBX: ffff8880b873fbc0 RCX: ffffffff817a1229
[  963.855738][ T9315] RDX: ffff88801f78a440 RSI: ffffffff817a1236 RDI: 0000000000000001
[  963.863792][ T9315] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  963.871764][ T9315] R10: 0000000000000000 R11: fffffffffffc30e0 R12: ffff88801f78a440
[  963.879739][ T9315] R13: ffff88801f78a440 R14: ffff88801f78a440 R15: ffff8880b873ec00
[  963.887824][ T9315]  ? __warn_printk+0x199/0x350
[  963.892688][ T9315]  ? __warn_printk+0x1a6/0x350
[  963.897443][ T9315]  ? lockdep_unlock+0x11a/0x290
[  963.902310][ T9315]  ? __lock_acquire+0x20f9/0x3c40
[  963.907345][ T9315]  ? schedule+0xe7/0x350
[  963.911600][ T9315]  ? rcu_is_watching+0x12/0xc0
[  963.916472][ T9315]  ? schedule+0xe7/0x350
[  963.920740][ T9315]  ? __mutex_lock+0x8e6/0xb10
[  963.925407][ T9315]  __schedule+0x297/0x5890
[  963.930006][ T9315]  ? trace_irq_enable.constprop.0+0xea/0x140
[  963.936169][ T9315]  ? __pfx___schedule+0x10/0x10
[  963.941601][ T9315]  ? __mutex_trylock_common+0x78/0x250
[  963.947234][ T9315]  ? rcu_is_watching+0x12/0xc0
[  963.952054][ T9315]  ? __pfx___mutex_trylock_common+0x10/0x10
[  963.957962][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  963.962905][ T9315]  ? __mutex_lock+0x8e6/0xb10
[  963.967578][ T9315]  schedule+0xe7/0x350
[  963.971646][ T9315]  schedule_preempt_disabled+0x13/0x30
[  963.977087][ T9315]  __mutex_lock+0x93d/0xb10
[  963.981591][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  963.986532][ T9315]  ? find_held_lock+0x2d/0x110
[  963.991294][ T9315]  ? __pfx___mutex_lock+0x10/0x10
[  963.996309][ T9315]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  964.001666][ T9315]  ? lock_acquire+0x2f/0xb0
[  964.006156][ T9315]  ? exp_funnel_lock+0x13c/0x3b0
[  964.011122][ T9315]  ? exp_funnel_lock+0x1a4/0x3b0
[  964.016071][ T9315]  exp_funnel_lock+0x1a4/0x3b0
[  964.020839][ T9315]  ? __pfx_exp_funnel_lock+0x10/0x10
[  964.026917][ T9315]  ? __might_resched+0x4ca/0x5e0
[  964.032083][ T9315]  ? __pfx___might_resched+0x10/0x10
[  964.037553][ T9315]  ? lockdep_rcu_suspicious+0x2ee/0x3c0
[  964.043370][ T9315]  synchronize_rcu_expedited+0x290/0x450
[  964.049026][ T9315]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  964.055183][ T9315]  ? dump_stack_lvl+0x185/0x1f0
[  964.060036][ T9315]  ? lockdep_hardirqs_on+0x7c/0x110
[  964.065329][ T9315]  ? add_taint+0x5f/0xd0
[  964.069575][ T9315]  ? __pfx___might_resched+0x10/0x10
[  964.074867][ T9315]  synchronize_net+0x6f/0xa0
[  964.079451][ T9315]  dev_deactivate_many+0xac0/0xc30
[  964.084546][ T9315]  ? __pfx_dev_deactivate_many+0x10/0x10
[  964.090163][ T9315]  ? irqentry_exit+0x3b/0x90
[  964.094740][ T9315]  dev_deactivate+0xf9/0x1c0
[  964.100026][ T9315]  ? __pfx_dev_deactivate+0x10/0x10
[  964.105224][ T9315]  ? preempt_schedule_common+0x44/0xc0
[  964.110695][ T9315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  964.116860][ T9315]  linkwatch_do_dev+0x11e/0x160
[  964.121709][ T9315]  linkwatch_sync_dev+0x181/0x210
[  964.126749][ T9315]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  964.132424][ T9315]  ethtool_op_get_link+0x1d/0x70
[  964.138320][ T9315]  bond_check_dev_link+0x197/0x490
[  964.143445][ T9315]  ? __pfx_bond_check_dev_link+0x10/0x10
[  964.149089][ T9315]  bond_mii_monitor+0x3c1/0x2d90
[  964.154034][ T9315]  ? __pfx_bond_mii_monitor+0x10/0x10
[  964.159507][ T9315]  ? rcu_is_watching+0x12/0xc0
[  964.166819][ T9315]  ? lock_acquire+0x2f/0xb0
[  964.172051][ T9315]  ? process_one_work+0x921/0x1ba0
[  964.178396][ T9315]  process_one_work+0x9c5/0x1ba0
[  964.184050][ T9315]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  964.189690][ T9315]  ? __pfx_process_one_work+0x10/0x10
[  964.195890][ T9315]  ? assign_work+0x1a0/0x250
[  964.202898][ T9315]  worker_thread+0x6c8/0xf00
[  964.208465][ T9315]  ? __kthread_parkme+0x148/0x220
[  964.215069][ T9315]  ? __pfx_worker_thread+0x10/0x10
[  964.220503][ T9315]  kthread+0x3af/0x750
[  964.224924][ T9315]  ? __pfx_kthread+0x10/0x10
[  964.231388][ T9315]  ? lock_acquire+0x2f/0xb0
[  964.236082][ T9315]  ? __pfx_kthread+0x10/0x10
[  964.241030][ T9315]  ret_from_fork+0x45/0x80
[  964.245884][ T9315]  ? __pfx_kthread+0x10/0x10
[  964.250950][ T9315]  ret_from_fork_asm+0x1a/0x30
[  964.258255][ T9315]  </TASK>
[  964.261739][ T9315] Kernel Offset: disabled
[  964.266767][ T9315] Rebooting in 86400 seconds..