last executing test programs:

1m37.671115704s ago: executing program 0 (id=1):
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0xfd}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

1m37.540051411s ago: executing program 0 (id=6):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000000200))

1m37.417931228s ago: executing program 0 (id=10):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @any, 0x7ff}, 0xe)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x20000, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e1f0a00c90002"], 0x22)
r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r1, 0xe)

1m37.100907146s ago: executing program 0 (id=17):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x1091, 0x0)
mkdir(&(0x7f0000000040)='./cgroup/../file0/file0\x00', 0x4)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69)
syz_clone3(&(0x7f00000004c0)={0x100801000, &(0x7f0000000180), 0x0, 0x0, {0x1d}, &(0x7f0000000240)=""/118, 0x76, 0x0, 0x0}, 0x58)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x8001, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x210001, 0x1ff, 0x8003, 0x0, 0x3, 0xb, 0x7, 0xba55, 0x8da8, 0x4, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x1, 0x4, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x9, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x6, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0x367, 0x6, 0x8, 0x63, 0x7, 0x7, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x7, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x400, 0x4, 0xea, 0x6, 0x20000005, 0x3, 0xd7, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x1, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x3, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x7, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x7, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x2086, 0x78c7, 0x409, 0x3, 0x4, 0x4, 0x10, 0x10, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x7fffffff]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1)
close(r0)
write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0/file0', [{0x20, 'syz1\x00'}, {0x20, 'syz1\x00'}, {0x20, ']'}, {0x20, 'tunl0\x00'}, {0x20, '#'}, {0x20, ':0}'}, {0x20, 'hash:ip,port,ip\x00'}, {0x20, 'tunl0\x00'}], 0xa, "6825a295fadadca768b112c24df379b17b7be0320a71d69b7279de62e28b857dba735fcb2b200651abfa82a29447babab598ae1189215d5fd502f17d"}, 0x80)
mkdir(0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x50000, 0x110)
io_setup(0x66, 0x0)
write$cgroup_int(r0, &(0x7f00000000c0)=0x103, 0x12)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'tunl0\x00', 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5800400002060108000000000000000005000003050005000ab95c3049b6d0cbf2e0e74500000005000846dd391b1e76010400000000000100020073797a310000000014000300686173683a69702c706f72742c6970000c0007800800064000000000"], 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x40c0)
socket$nl_netfilter(0x10, 0x3, 0xc)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'syztnl0\x00', &(0x7f00000003c0)={'tunl0\x00', <r5=>0x0, 0x8, 0x8000, 0x1, 0xa, {{0x1a, 0x4, 0x0, 0x6, 0x68, 0x65, 0x0, 0x15, 0x2f, 0x0, @private=0xa010100, @broadcast, {[@timestamp_prespec={0x44, 0x1c, 0xac, 0x3, 0x8, [{@empty, 0x6}, {@multicast2, 0x3ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffe}]}, @end, @timestamp_prespec={0x44, 0xc, 0x7f, 0x3, 0x0, [{@local, 0x800}]}, @timestamp={0x44, 0x10, 0x82, 0x0, 0x2, [0x6, 0x8, 0x8000]}, @rr={0x7, 0x1b, 0xa, [@remote, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @multicast1]}]}}}}})
getsockopt$inet_mreqn(r0, 0x0, 0x7afdee2653a28b0e, &(0x7f00000004c0)={@multicast2, @local, <r6=>0x0}, &(0x7f0000000540)=0xc)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000780)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xe0, r3, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKMODES_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0xa}, @ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4008014}, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000500)={[{@name={'name', 0x3d, '\x98\xc5R\x95\xb1\xa3!\xfb\x05a\xe6)w-.\xac\x177~t\xde\xc5\x1er\xe7\x0e\xf8\xc7\xdd\x9b\xe9\x83*\xceh\xf4\x1fH\x96\xac\x89\xcd=?\xd6\x9d>\x87\xa2F\xd8\xfc\x96\xc26\xeb\xa9&\xd0V3\xbf\x7f1'}}]})
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

1m37.014129899s ago: executing program 0 (id=20):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), r1)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000040)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000240)={0x30, r2, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan3\x00'}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4044084)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000100)={'wpan3\x00', <r6=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x1c, r4, 0x301, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x3000000}, 0x0)

1m36.315503602s ago: executing program 0 (id=29):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x14, 0x1, 0x1, 0x101, 0x0, 0x0, {0x1, 0x0, 0xfffc}}, 0x14}}, 0x24040844)

1m36.300338345s ago: executing program 32 (id=29):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0x14, 0x1, 0x1, 0x101, 0x0, 0x0, {0x1, 0x0, 0xfffc}}, 0x14}}, 0x24040844)

1m24.925719584s ago: executing program 1 (id=133):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

1m23.464928866s ago: executing program 1 (id=155):
socket(0xb, 0x6, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x4000080}, 0x20000000)
r1 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)

1m23.235660926s ago: executing program 1 (id=161):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00'})
sendmsg$nl_route_sched(r0, 0x0, 0x80c0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x200000c2)

1m23.234309268s ago: executing program 1 (id=163):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x1091, 0x0)
mkdir(&(0x7f0000000040)='./cgroup/../file0/file0\x00', 0x4)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69)
syz_clone3(&(0x7f00000004c0)={0x100801000, &(0x7f0000000180), 0x0, 0x0, {0x1d}, &(0x7f0000000240)=""/118, 0x76, 0x0, 0x0}, 0x58)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x8001, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x210001, 0x1ff, 0x8003, 0x0, 0x3, 0xb, 0x7, 0xba55, 0x8da8, 0x4, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x1, 0x4, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x9, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x6, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0x367, 0x6, 0x8, 0x63, 0x7, 0x7, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x7, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x400, 0x4, 0xea, 0x6, 0x20000005, 0x3, 0xd7, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x1, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x3, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x7, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x7, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x2086, 0x78c7, 0x409, 0x3, 0x4, 0x4, 0x10, 0x10, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x7fffffff]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1)
close(r0)
write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0/file0', [{0x20, 'syz1\x00'}, {0x20, 'syz1\x00'}, {0x20, ']'}, {0x20, 'tunl0\x00'}, {0x20, '#'}, {0x20, ':0}'}, {0x20, 'hash:ip,port,ip\x00'}, {0x20, 'tunl0\x00'}], 0xa, "6825a295fadadca768b112c24df379b17b7be0320a71d69b7279de62e28b857dba735fcb2b200651abfa82a29447babab598ae1189215d5fd502f17d"}, 0x80)
mkdir(0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x50000, 0x110)
io_setup(0x66, 0x0)
write$cgroup_int(r0, &(0x7f00000000c0)=0x103, 0x12)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'tunl0\x00', 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5800400002060108000000000000000005000003050005000ab95c3049b6d0cbf2e0e74500000005000846dd391b1e76010400000000000100020073797a310000000014000300686173683a69702c706f72742c6970000c0007800800064000000000"], 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x40c0)
socket$nl_netfilter(0x10, 0x3, 0xc)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'syztnl0\x00', &(0x7f00000003c0)={'tunl0\x00', <r5=>0x0, 0x8, 0x8000, 0x1, 0xa, {{0x1a, 0x4, 0x0, 0x6, 0x68, 0x65, 0x0, 0x15, 0x2f, 0x0, @private=0xa010100, @broadcast, {[@timestamp_prespec={0x44, 0x1c, 0xac, 0x3, 0x8, [{@empty, 0x6}, {@multicast2, 0x3ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffe}]}, @end, @timestamp_prespec={0x44, 0xc, 0x7f, 0x3, 0x0, [{@local, 0x800}]}, @timestamp={0x44, 0x10, 0x82, 0x0, 0x2, [0x6, 0x8, 0x8000]}, @rr={0x7, 0x1b, 0xa, [@remote, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @multicast1]}]}}}}})
getsockopt$inet_mreqn(r0, 0x0, 0x7afdee2653a28b0e, &(0x7f00000004c0)={@multicast2, @local, <r6=>0x0}, &(0x7f0000000540)=0xc)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000780)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xe0, r3, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKMODES_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0xa}, @ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4008014}, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000500)={[{@name={'name', 0x3d, '\x98\xc5R\x95\xb1\xa3!\xfb\x05a\xe6)w-.\xac\x177~t\xde\xc5\x1er\xe7\x0e\xf8\xc7\xdd\x9b\xe9\x83*\xceh\xf4\x1fH\x96\xac\x89\xcd=?\xd6\x9d>\x87\xa2F\xd8\xfc\x96\xc26\xeb\xa9&\xd0V3\xbf\x7f1'}}]})
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

1m23.011639006s ago: executing program 1 (id=175):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x1091, 0x0)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69)
close(r0)
write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0/file0', [{0x20, 'syz1\x00'}, {0x20, 'syz1\x00'}, {0x20, ']'}, {0x20, 'tunl0\x00'}, {0x20, '#'}, {0x20, ':0}'}, {0x20, 'hash:ip,port,ip\x00'}, {0x20, 'tunl0\x00'}], 0xa, "6825a295fadadca768b112c24df379b17b7be0320a71d69b7279de62e28b857dba735fcb2b200651abfa82a29447babab598ae1189215d5fd502f17d"}, 0x80)
write$cgroup_int(r0, &(0x7f00000000c0)=0x103, 0x12)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'syztnl0\x00', &(0x7f00000003c0)={'tunl0\x00', <r3=>0x0, 0x8, 0x8000, 0x1, 0xa, {{0x1a, 0x4, 0x0, 0x6, 0x68, 0x65, 0x0, 0x15, 0x2f, 0x0, @private=0xa010100, @broadcast, {[@timestamp_prespec={0x44, 0x1c, 0xac, 0x3, 0x8, [{@empty, 0x6}, {@multicast2, 0x3ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffe}]}, @end, @timestamp_prespec={0x44, 0xc, 0x7f, 0x3, 0x0, [{@local, 0x800}]}, @timestamp={0x44, 0x10, 0x82, 0x0, 0x2, [0x6, 0x8, 0x8000]}, @rr={0x7, 0x1b, 0xa, [@remote, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @multicast1]}]}}}}})
getsockopt$inet_mreqn(r0, 0x0, 0x7afdee2653a28b0e, &(0x7f00000004c0)={@multicast2, @local, <r4=>0x0}, &(0x7f0000000540)=0xc)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000780)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xe0, r1, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKMODES_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0xa}, @ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4008014}, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000500)={[{@name={'name', 0x3d, '\x98\xc5R\x95\xb1\xa3!\xfb\x05a\xe6)w-.\xac\x177~t\xde\xc5\x1er\xe7\x0e\xf8\xc7\xdd\x9b\xe9\x83*\xceh\xf4\x1fH\x96\xac\x89\xcd=?\xd6\x9d>\x87\xa2F\xd8\xfc\x96\xc26\xeb\xa9&\xd0V3\xbf\x7f1'}}]})
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

1m22.544482212s ago: executing program 1 (id=171):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0x4b564d07, 0x0, 0xff7}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x5f, 0x0, [{0x40000102}]})

1m22.493103822s ago: executing program 33 (id=171):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0x4b564d07, 0x0, 0xff7}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x5f, 0x0, [{0x40000102}]})

1m22.254264481s ago: executing program 3 (id=174):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x80003, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000170000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f596f8aca1f26c4e54dd3c839c63ecba701f7518abef567139fd50aba0ce94ab8786582ae2f35099ba41"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000914)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r3, 0x70b, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x4c}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x400d0}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0xea, 0x440, 0x0, 0x32}, 0x9c)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r6, &(0x7f0000001480)=[{{&(0x7f0000000080)={0x2, 0x4e26, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000000c0)="f1", 0x1}], 0x1}}], 0x1, 0x10048085)
r7 = socket$inet(0x2, 0x6, 0x6)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f00000001c0)={0x7, 0x4, 0x3, 0x4, r8}, 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={r8, @in={{0x2, 0x4e20, @multicast1}}, 0x0, 0x6, 0x7, 0x0, 0x8a, 0x0, 0xf8}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x40)
shutdown(r5, 0x2)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000540), 0x800, 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000e40), &(0x7f0000000100)=@udp, 0x8}, 0x20)
close_range(r9, 0xffffffffffffffff, 0x0)

1m22.045808489s ago: executing program 3 (id=176):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
close(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@udp=r0}, 0x20)
connect$unix(r0, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, 0x17, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x20004081)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r0)

1m20.509274156s ago: executing program 5 (id=180):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x1091, 0x0)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69)
close(r0)
write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0/file0', [{0x20, 'syz1\x00'}, {0x20, 'syz1\x00'}, {0x20, ']'}, {0x20, 'tunl0\x00'}, {0x20, '#'}, {0x20, ':0}'}, {0x20, 'hash:ip,port,ip\x00'}, {0x20, 'tunl0\x00'}], 0xa, "6825a295fadadca768b112c24df379b17b7be0320a71d69b7279de62e28b857dba735fcb2b200651abfa82a29447babab598ae1189215d5fd502f17d"}, 0x80)
write$cgroup_int(r0, &(0x7f00000000c0)=0x103, 0x12)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'syztnl0\x00', &(0x7f00000003c0)={'tunl0\x00', <r3=>0x0, 0x8, 0x8000, 0x1, 0xa, {{0x1a, 0x4, 0x0, 0x6, 0x68, 0x65, 0x0, 0x15, 0x2f, 0x0, @private=0xa010100, @broadcast, {[@timestamp_prespec={0x44, 0x1c, 0xac, 0x3, 0x8, [{@empty, 0x6}, {@multicast2, 0x3ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffe}]}, @end, @timestamp_prespec={0x44, 0xc, 0x7f, 0x3, 0x0, [{@local, 0x800}]}, @timestamp={0x44, 0x10, 0x82, 0x0, 0x2, [0x6, 0x8, 0x8000]}, @rr={0x7, 0x1b, 0xa, [@remote, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @multicast1]}]}}}}})
getsockopt$inet_mreqn(r0, 0x0, 0x7afdee2653a28b0e, &(0x7f00000004c0)={@multicast2, @local, <r4=>0x0}, &(0x7f0000000540)=0xc)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000780)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xe0, r1, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKMODES_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0xa}, @ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4008014}, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000500)={[{@name={'name', 0x3d, '\x98\xc5R\x95\xb1\xa3!\xfb\x05a\xe6)w-.\xac\x177~t\xde\xc5\x1er\xe7\x0e\xf8\xc7\xdd\x9b\xe9\x83*\xceh\xf4\x1fH\x96\xac\x89\xcd=?\xd6\x9d>\x87\xa2F\xd8\xfc\x96\xc26\xeb\xa9&\xd0V3\xbf\x7f1'}}]})
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

1m20.507882323s ago: executing program 3 (id=185):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
close(r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@udp=r0}, 0x20)
connect$unix(r0, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, 0x17, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x20004081)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r0)

1m20.432649279s ago: executing program 5 (id=177):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x124)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6d706f6c3d98a02e20ae6c23828462696e643d7374617469633a", @ANYRESDEC])
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x1f, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000380), 0x4)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0x80)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r4, 0xc0bc5351, &(0x7f0000000540)={0x200, 0x0, 'client1\x00', 0x0, "63c90423e49b72d0", "1ba07ace5fb459a485a978f410c38c331cb64f0a0d54833f564061dad4b14acb", 0x6, 0x4})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r5, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4)
write$binfmt_misc(r5, &(0x7f0000000300), 0x6)
connect$netlink(r2, &(0x7f0000004c80)=@kern={0x10, 0x0, 0x0, 0x80}, 0xc)
symlink(&(0x7f0000000400)='./bus\x00', &(0x7f0000000600)='./file0\x00')
getpeername(r2, 0x0, &(0x7f0000005680))
setxattr(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000000)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00')
sendfile(r7, r7, &(0x7f0000000000)=0x2eb4, 0x2000007ff)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYRES32=r7, @ANYRESHEX=r6, @ANYRES64=0x0], 0x38}, 0x1, 0x0, 0x0, 0x8043}, 0x4000040)
sendto(r1, &(0x7f00000002c0)="47ffa1414d8ffb669ad5cb2efeed39b71d7ade6da0bcfc7e1ca2e30d8c24e05c61d061b17cdbf224ccf843b24e68d0dc4e350dbb92c594a0f03cde2f1505f1421f850168ba17218dbd9d345cd9d022d0fed46f4926017bf6860a58fca7f4eebf3453da44832df00a66c1739505dacaa7eed71cf88765da05a817f1fbc5aded66eed34d3bf4e0cde59001111d676b658189be57777fc41b7ef7d6cd06b24c107bd4a3de16604e", 0xa6, 0x40000, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="bc030000100039042abd7000eaffffff000003e4", @ANYRESHEX=r6, @ANYBLOB="13000000c418060030001280080001007369740024000280060011004e22000005000900290000000800140005000000080003000a0101006c0316801000"], 0x3bc}, 0x1, 0x0, 0x0, 0x8000}, 0x2000c810)

1m20.42969304s ago: executing program 3 (id=187):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x1091, 0x0)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69)
close(r0)
write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0/file0', [{0x20, 'syz1\x00'}, {0x20, 'syz1\x00'}, {0x20, ']'}, {0x20, 'tunl0\x00'}, {0x20, '#'}, {0x20, ':0}'}, {0x20, 'hash:ip,port,ip\x00'}, {0x20, 'tunl0\x00'}], 0xa, "6825a295fadadca768b112c24df379b17b7be0320a71d69b7279de62e28b857dba735fcb2b200651abfa82a29447babab598ae1189215d5fd502f17d"}, 0x80)
write$cgroup_int(r0, &(0x7f00000000c0)=0x103, 0x12)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'syztnl0\x00', &(0x7f00000003c0)={'tunl0\x00', <r3=>0x0, 0x8, 0x8000, 0x1, 0xa, {{0x1a, 0x4, 0x0, 0x6, 0x68, 0x65, 0x0, 0x15, 0x2f, 0x0, @private=0xa010100, @broadcast, {[@timestamp_prespec={0x44, 0x1c, 0xac, 0x3, 0x8, [{@empty, 0x6}, {@multicast2, 0x3ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffe}]}, @end, @timestamp_prespec={0x44, 0xc, 0x7f, 0x3, 0x0, [{@local, 0x800}]}, @timestamp={0x44, 0x10, 0x82, 0x0, 0x2, [0x6, 0x8, 0x8000]}, @rr={0x7, 0x1b, 0xa, [@remote, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @multicast1]}]}}}}})
getsockopt$inet_mreqn(r0, 0x0, 0x7afdee2653a28b0e, &(0x7f00000004c0)={@multicast2, @local, <r4=>0x0}, &(0x7f0000000540)=0xc)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000780)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xe0, r1, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKMODES_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0xa}, @ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4008014}, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000500)={[{@name={'name', 0x3d, '\x98\xc5R\x95\xb1\xa3!\xfb\x05a\xe6)w-.\xac\x177~t\xde\xc5\x1er\xe7\x0e\xf8\xc7\xdd\x9b\xe9\x83*\xceh\xf4\x1fH\x96\xac\x89\xcd=?\xd6\x9d>\x87\xa2F\xd8\xfc\x96\xc26\xeb\xa9&\xd0V3\xbf\x7f1'}}]})
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

1m20.357136982s ago: executing program 3 (id=189):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1m19.855628694s ago: executing program 3 (id=186):
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0xfd}, 0x700}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

1m19.819305332s ago: executing program 34 (id=186):
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0xfd}, 0x700}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

1m18.835677024s ago: executing program 5 (id=201):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x1091, 0x0)
mkdir(&(0x7f0000000040)='./cgroup/../file0/file0\x00', 0x4)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69)
syz_clone3(&(0x7f00000004c0)={0x100801000, &(0x7f0000000180), 0x0, 0x0, {0x1d}, &(0x7f0000000240)=""/118, 0x76, 0x0, 0x0}, 0x58)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x8001, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x210001, 0x1ff, 0x8003, 0x0, 0x3, 0xb, 0x7, 0xba55, 0x8da8, 0x4, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x1, 0x4, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x9, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x6, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0x367, 0x6, 0x8, 0x63, 0x7, 0x7, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x7, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x400, 0x4, 0xea, 0x6, 0x20000005, 0x3, 0xd7, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x1, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x3, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x7, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x7, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x2086, 0x78c7, 0x409, 0x3, 0x4, 0x4, 0x10, 0x10, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x7fffffff]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1)
close(r0)
write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0/file0', [{0x20, 'syz1\x00'}, {0x20, 'syz1\x00'}, {0x20, ']'}, {0x20, 'tunl0\x00'}, {0x20, '#'}, {0x20, ':0}'}, {0x20, 'hash:ip,port,ip\x00'}, {0x20, 'tunl0\x00'}], 0xa, "6825a295fadadca768b112c24df379b17b7be0320a71d69b7279de62e28b857dba735fcb2b200651abfa82a29447babab598ae1189215d5fd502f17d"}, 0x80)
mkdir(0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x50000, 0x110)
io_setup(0x66, 0x0)
write$cgroup_int(r0, &(0x7f00000000c0)=0x103, 0x12)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'tunl0\x00', 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5800400002060108000000000000000005000003050005000ab95c3049b6d0cbf2e0e74500000005000846dd391b1e76010400000000000100020073797a310000000014000300686173683a69702c706f72742c6970000c0007800800064000000000"], 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x40c0)
socket$nl_netfilter(0x10, 0x3, 0xc)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'syztnl0\x00', &(0x7f00000003c0)={'tunl0\x00', <r5=>0x0, 0x8, 0x8000, 0x1, 0xa, {{0x1a, 0x4, 0x0, 0x6, 0x68, 0x65, 0x0, 0x15, 0x2f, 0x0, @private=0xa010100, @broadcast, {[@timestamp_prespec={0x44, 0x1c, 0xac, 0x3, 0x8, [{@empty, 0x6}, {@multicast2, 0x3ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffe}]}, @end, @timestamp_prespec={0x44, 0xc, 0x7f, 0x3, 0x0, [{@local, 0x800}]}, @timestamp={0x44, 0x10, 0x82, 0x0, 0x2, [0x6, 0x8, 0x8000]}, @rr={0x7, 0x1b, 0xa, [@remote, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @multicast1]}]}}}}})
getsockopt$inet_mreqn(r0, 0x0, 0x7afdee2653a28b0e, &(0x7f00000004c0)={@multicast2, @local, <r6=>0x0}, &(0x7f0000000540)=0xc)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000780)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xe0, r3, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKMODES_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0xa}, @ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4008014}, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000500)={[{@name={'name', 0x3d, '\x98\xc5R\x95\xb1\xa3!\xfb\x05a\xe6)w-.\xac\x177~t\xde\xc5\x1er\xe7\x0e\xf8\xc7\xdd\x9b\xe9\x83*\xceh\xf4\x1fH\x96\xac\x89\xcd=?\xd6\x9d>\x87\xa2F\xd8\xfc\x96\xc26\xeb\xa9&\xd0V3\xbf\x7f1'}}]})
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

1m18.785627682s ago: executing program 35 (id=201):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x1091, 0x0)
mkdir(&(0x7f0000000040)='./cgroup/../file0/file0\x00', 0x4)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69)
syz_clone3(&(0x7f00000004c0)={0x100801000, &(0x7f0000000180), 0x0, 0x0, {0x1d}, &(0x7f0000000240)=""/118, 0x76, 0x0, 0x0}, 0x58)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x8001, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x210001, 0x1ff, 0x8003, 0x0, 0x3, 0xb, 0x7, 0xba55, 0x8da8, 0x4, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x1, 0x4, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x9, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x6, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0x367, 0x6, 0x8, 0x63, 0x7, 0x7, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x7, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x400, 0x4, 0xea, 0x6, 0x20000005, 0x3, 0xd7, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x1, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x3, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x7, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x7, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x2086, 0x78c7, 0x409, 0x3, 0x4, 0x4, 0x10, 0x10, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x7fffffff]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1)
close(r0)
write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0/file0', [{0x20, 'syz1\x00'}, {0x20, 'syz1\x00'}, {0x20, ']'}, {0x20, 'tunl0\x00'}, {0x20, '#'}, {0x20, ':0}'}, {0x20, 'hash:ip,port,ip\x00'}, {0x20, 'tunl0\x00'}], 0xa, "6825a295fadadca768b112c24df379b17b7be0320a71d69b7279de62e28b857dba735fcb2b200651abfa82a29447babab598ae1189215d5fd502f17d"}, 0x80)
mkdir(0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x50000, 0x110)
io_setup(0x66, 0x0)
write$cgroup_int(r0, &(0x7f00000000c0)=0x103, 0x12)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'tunl0\x00', 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5800400002060108000000000000000005000003050005000ab95c3049b6d0cbf2e0e74500000005000846dd391b1e76010400000000000100020073797a310000000014000300686173683a69702c706f72742c6970000c0007800800064000000000"], 0x58}, 0x1, 0x0, 0x0, 0x90}, 0x40c0)
socket$nl_netfilter(0x10, 0x3, 0xc)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'syztnl0\x00', &(0x7f00000003c0)={'tunl0\x00', <r5=>0x0, 0x8, 0x8000, 0x1, 0xa, {{0x1a, 0x4, 0x0, 0x6, 0x68, 0x65, 0x0, 0x15, 0x2f, 0x0, @private=0xa010100, @broadcast, {[@timestamp_prespec={0x44, 0x1c, 0xac, 0x3, 0x8, [{@empty, 0x6}, {@multicast2, 0x3ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffe}]}, @end, @timestamp_prespec={0x44, 0xc, 0x7f, 0x3, 0x0, [{@local, 0x800}]}, @timestamp={0x44, 0x10, 0x82, 0x0, 0x2, [0x6, 0x8, 0x8000]}, @rr={0x7, 0x1b, 0xa, [@remote, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @multicast1]}]}}}}})
getsockopt$inet_mreqn(r0, 0x0, 0x7afdee2653a28b0e, &(0x7f00000004c0)={@multicast2, @local, <r6=>0x0}, &(0x7f0000000540)=0xc)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000780)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xe0, r3, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKMODES_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0xa}, @ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_LANES={0x8}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4008014}, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x8000, 0x103)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000500)={[{@name={'name', 0x3d, '\x98\xc5R\x95\xb1\xa3!\xfb\x05a\xe6)w-.\xac\x177~t\xde\xc5\x1er\xe7\x0e\xf8\xc7\xdd\x9b\xe9\x83*\xceh\xf4\x1fH\x96\xac\x89\xcd=?\xd6\x9d>\x87\xa2F\xd8\xfc\x96\xc26\xeb\xa9&\xd0V3\xbf\x7f1'}}]})
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

1m13.964728143s ago: executing program 7 (id=239):
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x89, &(0x7f0000000080), &(0x7f0000000140)=0x4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)={0x54, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x69b}, {0x6, 0x11, 0xffff}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x4010)
syz_emit_ethernet(0xdc1, &(0x7f0000000540)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0xd8b, 0x3a, 0xff, @dev, @local, {[], @ndisc_rs={0x85, 0x0, 0x0, '\x00', [{0x3, 0x2, "07df82bb6bf7a292c06b1d590f879eaf31"}, {0x1f, 0x6, "e05591082b87569f6bdc58206e027a90058faf478036b7199d92110692e5ea9d0f888c5ce7a7f60bc84789b93ed6dafde1"}, {0x18, 0x1a7, "018c5853d5cf175e98b59efdd214a5b6c3d1b35487ef09373bb2b8a073d6cb2d320e76bcff757547042fd492436cde2de91f801dc7a215505617a07cfdbf8cd1506aeb038fe7d498950bbf3ab61fa24164817e74ad9414ae27f1414c16f96ccfded457b7652af645d2edcd00179066c82b3f515edf22e1e5cad25c7dd09811aa912cd86f84d94fb4973b3a0c9284cb5e3c5fdde85e15b619548997159672a219a67b7dfda4feeb6a2622d0b1c39999bfba77d07b49e57a92d51c80c6e4fe352b550b39c43f5ce47ad22b65a60f0b80a2fd7dcd35c20716aa4915fbb37e4742b4b2de995998bbb3d07f830d75f8db8a85a706c9376fb32796742402f34b94d9ad350a4bcc0c1f85a1ef09748bf184d0cc8f2741822c0695c1a0742abe23d6211c4e50e563cbbc2d4964525d2115cbf977a5ab52ae1bc405408494c73db8fdfa1b281014b5823e7f626686853facbb0956bf685159dd1f75a1e3ffffffdae73c0bcf0c685870b778c7a8bfec7be24335e58ca5179a3bd6047799890bfbda5f63e941ab0ef0c5c6d9d9bc602478bb589d7c1d0e9147e81f1ba2c1e99dd5c4e174f03cd2ee1aeea40fc28ef023a93e3436393635c69622ac1dceea801fe1b9a21c542ab219623cb403d3a15cbb30f8ce6f281a563c191ad164100129cad083682befa4780ed2c5724f97e1002e9845904ed59a9d7ca9e224189a78758ed6bc8195c95b8203ab2067990846c4b5ef7466d4ab11160bcde22f8792debd8834c99ac334155f5e7346ca4fe2e0f3c88098b37679a4a2bd2c9d98885e6eea59b5a38afa54b76b855d8d716e9becbb929084eb7c1b247b9ee9661da1591a94ea0aaa5ee80ae318bc2629f57d0d5781fdd114809dffdd8360ef4879eeb37a61605f51ae7068f302611610b01d08a66e1c4f67b88c4d08c1c9d692db1630f05ddd2237472aeee60911212ebcb7b1ae812453f56623d872bb479baf035336b4d03c39a3ab03140d8dec2cc019f2f0bcb7813772206b47947c10f8841d9acda6feda8bc809780154f2c5c1f36a85fc4b3c365d554ec6684e81606ce87b8ba4207816c50be8aaf450179a21a8ce8e3ebd4827526f55414f402bfe4d919af96e24c78b9aeda99129b64adb4a29c7a95abd44649840493cc1b1e295217b5c7599f8dba646c7db6829583efc56e8516808e27c5f51912e0fa25a80a3f511b407e3c0eeaedd255d98b1256f47aa09ecbf91638e20dc8e7b2b7832259ae82dbfb71d82813f20a7369deb50c2e62cac76c25306d782752b4a26151346b07dda15f0a29d6eacd54c61d4b45d1d774b14123d7db6769c89de419ee9573762ee40a35e9bb0ad81ff3a3172f3e4da13b75327cafbf6a04b1f7dd89090ba25282803c4908c7ac8b25b96d609adf3a36dd6bf5ef6562dcb7696e46686960fe63aade00e0d47e5e812fa3eca3f023b3c9c4e11f73e1a94432254f94122e02a17aebccec59c79bfdd2ae1f58caa6b02598e3a02946e9bcbdff783685cd2ab7ff264f51b8ed7aa848715e7006c38e139bfb55a94caf456992673ecd615b002c7d5e8de7b00ece07e71521cd227f76b245e2cc35daabc4ea776dd2343f909a9c7313c2ada917e9e4eebc3e97652af40d79199e0b37da197114a02d8d41eb0428d0eef84c435d5303d5f8d2600259fdd8199a33dee48b1dc5d2ffe30c0c97cf930fb06de69b56c5712a08146e8c64b8202145e8be4beb1b51cad7e957fd731507645ca5b3041db445d56009ccded4183921c3b39d821cd37fa96171a142223126fbd7900b1d68ee7b30aedaede0e546c9f2007696a98bfbbc80a3c076162a2b1be82d84b52642ef2ead07dc500fd56306d17446ed6c0b5593041149c0160d43fe8125213579c611599a56bc08de05e279e45b45760a18a23e7bae46a36c7d487629a2c9dd5206f14cfafec7fd4810a011a61f790ac0a3ea928a6c3c2721377379723abbd5d5618e0153210cbccd523bff3a37b65f183eb3be2b2830333b31461236db3143d28169972b891c9b43c4808818964d7d52c3eb7ac9db01e540fc8f95e248fb4f1f62c71cb0c0c238e587aa26877a60fca2946cfe6327d0fc1133e7da79cfc8c4b9bdc34375cce25cc1cc381135d7177d2f394e21cdfcc2be7f40354ca4399164ec9c36aa6a66b637be9d7802fe7098d13ef53445d5094cbef7cf7aca4010e470dc833706849097639d455878cd1392b731d60249336effb9e908d1155963f4733664c2f21e39caa730b0ec7e255e911714ef38fe0103b4f2613776d0dd8f394666de8700cf9b5233576ca0fc4ffe93d94133a0358f104e6c0f6613419c81ec5564983fe875387b84e1d7f7990255dad52cbf1e3c00db678289f81a2b2579897f4c92e70c3f899846f6c954e20d8c747df327fb0c0e6a468df653f0fde6968e0d7c10dbc28ffba83454b7bec578ae7ec5eae45d3e8a82f501c970142d3a5a180a049c795bba91cf4627154160e417db009ec32ed7f3935a3447c5f508f02e136aca724d241a906cc5186d185ee6d81885f00a62199a4d72c2cf8e2077c36c572437f4765e5de977c923bfffac0028df205be7e4f1ee6df884e6a24cccc572d6a6d4e62bd7a93d3bde8df14202d91cf1868009e47c638fdb1cd961e7d845b569ae70035a79acebe195d7b7f168d14415d2d2628b17a49001685d72888929d4a3ba2c30625d3d6b705e31726cf4b5d36f4860ca2b43f9bef8919225c678ce339b44ab4e18b882bcd435986c61fe866aff9387eed152aa763d04c44f4f8e84d769d674e464e60ad6579e9e9665971d5fa15ea166b3662ecc12c97bc82121002484542778f5b06f874fb254057f5e54f0b93048c84aa473eac50a877d27783c155bbd92086a4a51002e9e08c85e0daf4dab763ea5ed070f2c85adc198030a97d22737f8b72712da6c86584a79b4a7f2345909c8a4e2d9862ee5990d0b9a796bd8ed88ee1f2b5aced0caba511eb37293eceff5d01307e9d47bfbbb1ec34de64c7a71de12b6a44ee329c799aa5174e648de969893b4492f72e9aae96552823189c5b4e26609690fb83bf39eada5fb459cbc8bd5802e7995bc3d1569671287c658ba4695bd23bc497dc46639427ea3ebd75f4aa033d43c19cc47bf456d0f3d3f8dbfb156621eef90edfca98461654b8f7d28b0ab1a2519f40649326704b1e80218f9b505f6d15f289e9a40f49163513386db09a11345b4f68bc719c9aa6e3094d7ee7ff5c33fc47a2e1c31cbc3dc5f3504b0935ed58d0468b4a79e24e1f9b634943d4b27970a687d02a760da65706d7bb916a8121c45e5a1a5df7e5fc86e96ff021a4e6da641f09d6b45651cae4e6c8e8146d98c5c0cf71eee190502705627b390b747aa681d37228a31310428371234ce64f061e874d04e9c55ec9727cac94842a002ce8d0a12a718eaa2ce9954fe826a68f610da4b0b577da0c0ea30fa72c0b8735350cbbc0622d2f80ba36aa92560d34a30c69f91a02fc948d14fab2a56f9a130fdcaa38e4dd905addd970d6e781e73a39283b8ed369420ff6506f6e9fe656420d2dceb7c72575f769773d971a6add5884215c0221558e7973bd31a67ec1f77122fa4ff2c0e47a36ffcb2261c6cb70fc771f7d4a4927ef05b20f61b135ae40c6e9718334a630f4f0c362ccb5790c394458bfc9e4a6097391560dca296916da03d7acf8b01f65528e581d25547bcfbefbb4a9735e0e67488305fec89c5c6a8a3ed046b84b657482f1cb70dcade53c6f14c3d86505524365f0feef2ac2b31ba16f59ce9190f97babb12be3700dc72bb8cabb9cb637fe398c5fe73afca23de6a5b47f1d4200595ca28486b21f8f46d16ad98693373d395da9ecea32a66a89f61db4528438d43e0835980e28b9120109fd837c9918efcbdb0c2a08732e98faff1d43895f88d21fceed0248e12bce23f9b21eff6630b65123e9474dffe866137ff582c2dff498c6b931d5dc07e51ce53c37ec1c253792b45ca8f62a569b1534bea66b11dd416c435806ba9df826b56a2c80ccd19a13d5d4e795871633adea369a9cd494b82cded730f317a0a024003da2848b9ee8e153008721c42af3c4085dc94ea5fa11dc6fa6b1480b9fc23c8e8facb59373be9e8992f0bffbd3199078102f8044c63c480c8c226edbfea446309a6eac0bf07b93f0ea13d8a29728695a7cb84d5cb19500d641d4eee3b0b21fe36a25fb124c44de1172483e32d4aeb8810a80dcdf542d150bb06200bdfd2cb5188ed6dd6dbb700c86d928ce936280a566a68534fdaf656ab9193c6ab756f2097e8020a6ada49604398897a9fa10ecf0d2fb2e80e8540c21f0197f526a0183aa7bbc20b3988f2cd90e9ac24ebfead6ba8a8b7f4f47c8c75d1c7044b785cf9b2c83961cf8e0934d6c14d68667fc0a0d67c59cc06e8ef99f52dbfb4adffffe54cac85413f321f5f0ba4e3366a966d5d246a2c23413a685eddba1377bbd218f4d548ad3cec5c5c5785b259795b7fa1b0073713cd0739f04f6f345ba86e1825e9fcf09854a73d8048f21ef1500b3c4e8c9cdb047747183b8e92bb2563da231bfbc7ce52a3bb3010524f40f3d8958f3e2794e7b4df463cc5905904386f43909a3b15b9dbe7a94a0b7b933674f1553ffac28ee68332f45363c4c00050184d9f976d28e6d925e50f09a669c68f3a69b52f25394466526d525cae7975e962a1b2fad307c36a46508077b8b4a5b4dc36c3d9ca8ee3472d9d5061cc8001816cf5b5ce7a4e8bb948803cce0e1b628f77d6ebff9fd332782b460823f1c208ce3c389b0de"}]}}}}}}, 0x0)
socket$kcm(0x29, 0x0, 0x0)

1m13.962271745s ago: executing program 7 (id=240):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x80003, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000170000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f596f8aca1f26c4e54dd3c839c63ecba701f7518abef567139fd50aba0ce94ab8786582ae2f35099ba41"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000914)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r3, 0x70b, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x4c}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x400d0}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0xea, 0x440, 0x0, 0x32}, 0x9c)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r6, &(0x7f0000001480)=[{{&(0x7f0000000080)={0x2, 0x4e26, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000000c0)="f1", 0x1}], 0x1}}], 0x1, 0x10048085)
r7 = socket$inet(0x2, 0x6, 0x6)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f00000001c0)={0x7, 0x4, 0x3, 0x4, r8}, 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={r8, @in={{0x2, 0x4e20, @multicast1}}, 0x0, 0x6, 0x7, 0x0, 0x8a, 0x0, 0xf8}, 0x9c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r5, 0x2)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000540), 0x800, 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000e40), &(0x7f0000000100)=@udp, 0x8}, 0x20)
close_range(r9, 0xffffffffffffffff, 0x0)

1m13.775227135s ago: executing program 7 (id=243):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x38, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x15001}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x14000084}, 0x20004080)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0)
sendto$packet(r1, &(0x7f0000000580)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x4, 0x6, @random="13c210985c9f"}, 0x14)

1m13.774299446s ago: executing program 7 (id=245):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
read$sequencer(r2, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000f40))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0))
socketpair(0x1, 0x2, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003f80000850000008600000018010000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
umount2(&(0x7f0000000100)='./file0\x00', 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)={0x30, r0, 0x801, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xffffffff, 0x52}}}}, [@NL80211_ATTR_KEY={0x8, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)

1m13.700351097s ago: executing program 7 (id=246):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x98000, 0x0)
ioctl$PPPIOCGUNIT(r0, 0x80047456, &(0x7f0000000080))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000050000000100000007"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r1}, 0x38)
r2 = socket(0x10, 0x2, 0x0)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x19)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x28, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x6, 0x2, 0x1, 0x0, 0x1})
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x500, 0xfffffffc, 0x0, 0x0, [0x5]}})
close_range(r2, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r6=>r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r7, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="bda950ec761af61f4120a3a8a3cc10eaaf", @ANYRESOCT=r1, @ANYRESDEC=0x0, @ANYRES8=0x0, @ANYRESHEX=r1, @ANYBLOB="a1def33007e74554efc7198a73c492d18447c6a242cab3ee7a823fbed6952d152a8bb7e9aa866cdb365d8c29a7d1a1fcb56bd31ff05e7ebf8181394e210459acc2b35b247cda41329930046c3a69135a", @ANYRES8=r6, @ANYRES32=r6, @ANYRESHEX=r5], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r8, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m12.715577998s ago: executing program 7 (id=253):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, 0x0, 0x80c0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd27, 0x25dfdbfa, {0x0, 0x0, 0x0, r1, {0x0, 0x10}, {}, {0xa, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x80}]}}, @filter_kind_options=@f_u32={{0x8}, {0x24, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0xff}, @TCA_U32_FLAGS={0x8, 0xb, 0x7}, @TCA_U32_CLASSID={0x8, 0x1, {0xb, 0xb}}, @TCA_U32_CLASSID={0x8, 0x1, {0x1e, 0xfff1}}]}}, @TCA_RATE={0x6, 0x5, {0x3, 0x5}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x200000c2)

1m12.661574196s ago: executing program 36 (id=253):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, 0x0, 0x80c0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd27, 0x25dfdbfa, {0x0, 0x0, 0x0, r1, {0x0, 0x10}, {}, {0xa, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x80}]}}, @filter_kind_options=@f_u32={{0x8}, {0x24, 0x2, [@TCA_U32_LINK={0x8, 0x3, 0xff}, @TCA_U32_FLAGS={0x8, 0xb, 0x7}, @TCA_U32_CLASSID={0x8, 0x1, {0xb, 0xb}}, @TCA_U32_CLASSID={0x8, 0x1, {0x1e, 0xfff1}}]}}, @TCA_RATE={0x6, 0x5, {0x3, 0x5}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x200000c2)

708.493705ms ago: executing program 8 (id=1253):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r3, @ANYBLOB="0c009900ff070000070000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000640)="000a18000600600000eb5500000b000100aa34745a1945da08e815b218b175e62e90d9c5596d3ef4ddaae57cdcf90884", 0x30, 0x4000000, &(0x7f0000000380)={0x11, 0xe56930649afa540, r6, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)

626.499167ms ago: executing program 8 (id=1265):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r2, &(0x7f0000000640)="000a18000500000000eb55000000000116aa34745a1945da08e815b218b175e62e90d9c5596d3ef4ddaae57cdcf90884", 0x30, 0x4000000, &(0x7f0000000380)={0x11, 0xe56930649afa540, r1, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)

484.212319ms ago: executing program 8 (id=1259):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffffffe}]}}}]}]}], {0x14}}, 0x94}}, 0x0)

424.1153ms ago: executing program 2 (id=1261):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[], 0x84}}, 0x0)

423.71085ms ago: executing program 8 (id=1262):
syz_emit_ethernet(0x52, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd6000f100001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000e0000000080004e21", @ANYRES32=0x41424344, @ANYBLOB], 0x0)

344.301075ms ago: executing program 6 (id=1264):
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, 0x0, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x3}, 0x1c)
listen(r0, 0x7)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x11, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000040)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "003786", 0x28, 0x6, 0x1, @private2, @local, {[], {{0x4e24, 0x4e28, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0xa, 0x0, 0x0, {[@md5sig={0x13, 0x12, "aa000000002000000000000000000040"}]}}}}}}}}, 0x0)

343.951771ms ago: executing program 2 (id=1266):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r2, &(0x7f0000000640)="000a18000600600000eb5500000b000100aa34745a1945da08e815b218b175e62e90d9c5596d3ef4ddaae57cdcf90884", 0x30, 0x4000000, &(0x7f0000000380)={0x11, 0xe56930649afa540, r1, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)

343.625679ms ago: executing program 8 (id=1267):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_dev$dri(&(0x7f0000000280), 0x200, 0x102)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f00000004c0)={r3, 0x0, 0x4, 0x0, 0x2, [], [0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0xfffffffc], [0x1]})
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000100)={0x1, r2, 0x3, 0xfffffffc, 0x326, 0x89e, 0x1})
close(r1)

343.236054ms ago: executing program 4 (id=1268):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000640)="000a18000500000000eb55000000000116aa34745a1945da08e815b218b175e62e90d9c5596d3ef4ddaae57cdcf90884", 0x30, 0x4000000, &(0x7f0000000380)={0x11, 0xe56930649afa540, r1, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)

270.732596ms ago: executing program 2 (id=1269):
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x530, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x1b0, 0x1d8, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@private1, [0xff000000, 0xffffffff, 0xff, 0xffffffff], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xff, 0xffffffff, 0xffffffff], @ipv6=@empty, [0xff000000, 0xff, 0xff, 0xff], @ipv6=@local, [0xffffffff, 0xff000000, 0xff000000, 0xffffff00], 0x80, 0x54, 0x3b, 0x4e20, 0x4e23, 0x4e21, 0x4e23, 0x446, 0x39a}, 0x100, 0x20}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x590)
syz_emit_ethernet(0x5e, &(0x7f0000000800)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x28, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x38}}}}}}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x27, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@filter={'filter\x00', 0x4, 0x4, 0x3a0, 0xffffffff, 0x0, 0x1a0, 0x1a0, 0xfeffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffb}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x100, 0x130, 0x0, {}, [@common=@srh={{0x30}, {0x88, 0x7f, 0x0, 0x5, 0x6, 0x1610, 0x51e8}}, @common=@eui64={{0x28}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x2, 0x3899, 0x1000, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x13, 0x0, 0x2}}}}}}}, 0x0)

270.382206ms ago: executing program 6 (id=1270):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000000)={0x1, &(0x7f0000001ac0)=[{0x0, 0x1000}]})

269.336998ms ago: executing program 8 (id=1271):
socket$kcm(0xa, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
close(r1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000240), &(0x7f00000004c0)=@udp=r1}, 0x20)
connect$unix(r1, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, 0x17, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x20004081)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "b7a41f5d937e5523", "4705a7b6113b967d7314f7201eb2babf", 'O\x00', "ecba26893bcdc493"}, 0x28)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r1)

269.203618ms ago: executing program 4 (id=1272):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffffffe}]}}}]}]}], {0x14}}, 0xa8}}, 0x0)

164.47168ms ago: executing program 6 (id=1273):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e22, 0x5, @private1}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r0, 0x2)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000540), 0x800, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x7b2, 0x10}, &(0x7f0000000040)=0xc)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0x9)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0xfffffdef}}, 0x8000)
close_range(r1, 0xffffffffffffffff, 0x0)

163.97222ms ago: executing program 4 (id=1274):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800f4bf80123d4d00000000000000733bef8096e7fff25f90bc996c"], &(0x7f0000000880)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x60}, 0x94)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
bind$inet(r1, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
r2 = socket$inet(0x2, 0x801, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000002040), 0x3, 0x2)
ioctl$VIDIOC_S_MODULATOR(r3, 0x40445637, &(0x7f0000002080)={0x0, "432e8e0e0ff1fcc4834efc7ee1c3927c3d59655f7878a7f2de909f3ffdfbf739", 0x0, 0x100, 0x0, 0x1})
syz_open_procfs(0x0, &(0x7f0000001380))
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x401, 0x0)
ioctl$COMEDI_INSNLIST(r4, 0x8010640b, &(0x7f000019b2c0)={0x1, &(0x7f000019b0c0)=[{0xc000002, 0x22, 0x0, 0x0, 0xa}]})
sendto$inet(r2, 0x0, 0xffffffffffffffb5, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
shutdown(r2, 0x1)
sendto$inet(r0, 0x0, 0x0, 0x200007bd, &(0x7f0000000700)={0x2, 0x4e23, @empty}, 0x10)

114.0047ms ago: executing program 6 (id=1275):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r1], 0x84}}, 0x0)

113.351927ms ago: executing program 2 (id=1276):
syz_emit_ethernet(0x52, &(0x7f00000003c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd6000f100001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000e0000000080004e21", @ANYRES32=0x41424344, @ANYBLOB], 0x0)

52.566613ms ago: executing program 4 (id=1277):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
setxattr$security_evm(&(0x7f0000001240)='./file1\x00', &(0x7f0000001340), &(0x7f0000000340)=ANY=[@ANYBLOB="05"], 0x51, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x22043, 0x69)

52.281947ms ago: executing program 6 (id=1278):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e22, 0x5, @private1}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r0, 0x2)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000540), 0x800, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x7b2, 0x10}, &(0x7f0000000040)=0xc)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0x9)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
close_range(r1, 0xffffffffffffffff, 0x0)

52.09602ms ago: executing program 2 (id=1279):
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, 0x0, 0x4000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x3}, 0x1c)
listen(r0, 0x7)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x11, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000040)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "003786", 0x28, 0x6, 0x1, @private2, @local, {[], {{0x4e24, 0x4e28, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0xa, 0x0, 0x0, {[@md5sig={0x13, 0x12, "aa000000002000000000000000000040"}]}}}}}}}}, 0x0)

1.549541ms ago: executing program 4 (id=1280):
syz_emit_ethernet(0x166, &(0x7f0000000180)={@random="722a22c05189", @random="b8a4baa793d1", @void, {@ipv6={0x86dd, @tipc_packet={0x2, 0x6, "786094", 0x130, 0x6, 0x1, @local, @local, {[@routing={0x2b, 0x8, 0x0, 0x0, 0x0, [@private0, @ipv4={'\x00', '\xff\xff', @empty}, @private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}]}, @dstopts={0x3a, 0x0, '\x00', [@pad1]}, @srh={0x87, 0x6, 0x4, 0x3, 0x5, 0x20, 0x80, [@dev={0xfe, 0x80, '\x00', 0x41}, @dev={0xfe, 0x80, '\x00', 0x21}, @dev={0xfe, 0x80, '\x00', 0x28}]}, @fragment={0xff, 0x0, 0x0, 0x1, 0x0, 0x9, 0x67}, @hopopts={0x2c, 0xc, '\x00', [@hao={0xc9, 0x10, @mcast2}, @calipso={0x7, 0x18, {0x3, 0x4, 0x1, 0xe75e, [0x3acf00e8, 0x41]}}, @calipso={0x7, 0x30, {0x1, 0xa, 0x9, 0x6, [0x8, 0x7, 0x100, 0x7, 0x3]}}, @ra={0x5, 0x2, 0x7}]}], @payload_direct={{{{0x28, 0x0, 0x1, 0x1, 0x1, 0x8, 0x0, 0x2, 0xa, 0x0, 0x3, 0x7, 0x3, 0x3, 0xb391, 0xf, 0x3, 0x4e23, 0x4e22}, 0x0, 0x3}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}}, 0x0)
r0 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x3, 0x1, 0x301, 0x0, 0x0, {0x3, 0x0, 0x1}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000410}, 0x40000)
write$cgroup_type(r0, &(0x7f0000000000), 0xd4ba103)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000001300)={0x0, 0x30, 0x0, 0x3, 0x1000, 0x4, &(0x7f0000000300)="b7580f2b3c96ecb1956a1f05a19c141d2cccc03786e46bfa840f9b114c0658c81a7b1925369c22a54a86fedd17e82416932f47b3e49f6bd02fa65e278f62d0c4f124be826034382356e0931362d0cf8f8c247516cdcbca239418bce31347127d6357629079d94b422c08a64bcb029a5235bd66230a56881453cc9afc9ef3b4e43e32ecbd2600f23ea4368bdb601b47cbc76a6d462590b94adc9c457804a67858de29cd2d5dc9b3e3c4941fa91817746f91a452a156561c39b20145267a77d7133f3e0925f0700779f3d11b84cb4096224f5b595c45d9747d2eacc674982c25f2b3ee376de45ef0febb03348c8c96331592b433364b6272c7ca9c71f358c3a367238c79194ab0c100a73ef1f61d971f68e94a47436f36070499d459b27fb3725bb333df8825340bba4bb55ece1da488f0f0624d09133fc1151b97f198132f47b6a504ed2c30f0cbfa77b0d7d8d245ca93321002916ccb8da5e354b1590eed89775938dd125c04febe4ab4e51b1eaa8cb70864b2ee2a7bfa6accb04758360da1c40a971daeb7c0dac4c20ea46bf591469e0ebe616514c40a2c93a2d93fdad5409aba24a14ddb6f9b1b3636fd82daffa8edab1a8b15793fafa7ac9db9147a002497b9a3e98489f7c24117def9c7c060b2fc7d2e868afe0ef50894a14ee29604b6e6aa5323c76942f31131e406a875fc41cce2d5e3c652fef1c3f7b3b4c4c08b256d8b36bb3e4954ac558d21e11718f8d5aedf0bfbac45e8a438b041dc2073b1fbc7f5f69623a992f5d0c9b10341c45865d7b20ae28c896eddb606882ef7307b20a94cadf79d4cfde2f2f697937ef73ef4b1ca97f5ae8f5044cb533e2b72414ada81ec423b3e27597c230f035953f5220bb544197063f6c8fe82cee5c631217773a7322189e88a4d2044f1cb8d5e405a2335f4524b024d2290096a203633cdc55638c3cc41c1994de7600d27b53b0fa965ccbf303b6f19a6933034f31a11c9ed7d0c450eaa04efc482dbb052e8851614535a541fc7f4da120c160db1db97ba7445f02e6aebad8bf04c9a3f1f7daffedecf7e50179a4857238ccfae775c0a4eed5420f5b002418f05e1b658175ccddc35fab712ddd71195668e5f56d2475c8fef0c15ece931ec1d4c629809ccc6a7610ad34b234f52dbfd1d10247d8f269c6dea4b18c5ea78c7eb7a6d99ba3b15ba8d6490b35d80e442ffbfc5ad8f678beb429aa6183d44b1405e5051ec094435480961b2c3cc3485ab752e5d16f769b5d807677ebee923a19597028249382cb4e4d6aa6864097f2b9c274b623cdce364a18e8811c93ae27e7bf2181c08ba41f8087998598949c55ead8d27f2cab5bf80c4299921be059c4298731765dde4190e39bb56a48570f7fcd57fe92f4f8bf7aa1e92b8d95df172ce7fb4b5d6cf24b11dd129011353ae90d00071951ddf3c185e57843e7989a3f26475b8f33fc206acf9370af7db003a80c67c813fad8d53112bd7ce01ccb35bfc62610957a7a53e4f9a07bc41eb8a4472742ffa1354f63a58af5dac17f17d9e4616bc1df02f410883379b99afb62deea9b1cac5dd3d654c6effd645b3d21bea19bf2d97ac1452ce707fa3e41848852338f0f6290388022de665a8f90428a8ba62572f3e6aff27c7faaa7a316c3e31c9cbb02b0475b889d26624e45ff754b412001d779a0a3e58d370615bdf8339db6130900ecc37e47046e5b33952531a46cb840385060a4a02ce0f1275e7344f65d776003961729a34c3ab4b30b02efdd7a7fadf8722a02e211b1956eb79b6edceb03d741ba245bf41ef5ae4eb977f39d620ef526a4d58f62a07f2546e01e90b38badf627e1c4b2473b520bdc3248703200fe485b540031b5de03b9641ec215b21d322f03d73166eb4571ae7547c02311af42f1fff2046ad9316b808ad3c7b964194388f6ee0aabfdeb9658d8689eecfacdef0ea41d0a693957ca83bdc0b3f6ae5f8c22a5494250b6b2515cc0e93f12d346f54240e428b9c92cef48dc6b3cd4f4bf70d3d544d4e8e7cb6ee9718647c85041c41939ca5720e72c4e720b249efabb235f6431d375fb7cdc05f5ba4f5859b761f1270ee5e1d23eeb57c2ebd9b0517e67a513078b46420416b84e719dd66f33889780b983be4bcd260778f22db18920757d29606d385dc0a0480bbe5738a8028b02eb86734bf4d7983e8635e83f108829b7e9ddf914023abe987b77d0822a711d5fc78d6958128098dc45a781ac90c73170bba059f7053a6558a5a29f9c57e4c93a1a2a5f24ae5926674eb10558f56e0abc53090953d26eaac750f8cecb5053934f9ae47611f6cc68ab39c977d64ee0a2da46c6b807d34e6a7a78009ddd8f3c5e15a2434ac3bcb4ababf1d89507f7b72a7e3841f229682d6ea7e5139dea44aee920ec95b447d909700ee8930c71baa73aecd0c5879e3d75ae1c4bd65651c0a96cbf424dbc94bb2853e3f0340bc3e0bbfaf100899f1e62051d41a2527c2c3aed148d1816fe3b48be83c15fe19861b97bd0439a4100df36d8e38855cee192fcda407744a311011ddb07a66dc9a68ad66e258403c859e182f945f3621b5b19d37d4079f04a4e9db42f1bafcfc9eb257887f87d535d9482fb6ebb4d8f50aa717a1b36ef693dca5ce916fc0ab76d4e0e7932f8908bd44ebb28cd4ed4b6082908e6676d0fd2f7ee88b682ddd00e41076f8eebf189677ca92869322e74777c11e8085feeeb259ad6f9bdb14223ee86c2a38fac7e8d297984a1af02264a214998b819a70a2c7e2a466cf2a998ef22b8eb574e6df26217caa05045b49fd8d74121e97c78863990edcff0d7953031ca0c9a5cf010359f649b800d5b6d79b0b4e9631ea737b13d41f4a248d78ee4662e0d8f5120fa6de8626cebd713142d6d42e63960b20b3fe97d54a831b6531765837a5dec5e1029b4b918190c7df9e0fd60ad220042385f4c82e9ba3c207e5118df4bcbbc983b2253718b808091dad76a216da04a68f11f8936d70bd0502166243fad0233a1ef88604fd666281d996ef7b90ea5e600f435d426ff103392c0fbc50a9e374981002f56ddcc0be0b3752b4947eec331e0ac3bb906d0d4cbb8f20e741c0918b2bf49c0aa9b7f91ec342309f7d67e232a9858d688a788ae230ad57974fb26929e1624535d25877e28cbad70e9e7f1843bbad1ad9d469deca72cae5fc9a25f2770da1f42dd0058f5a33f420fb83267da29995e25e7d2af5f4cb1f7197b8949e16ad5c1b5e98f341e1a764636d989cbf7c4000a1b4a8e26b4b4e0931305f04f67f407ecf810aef4f2d5a7546f634be9cc1e85badf7bf265bcd434d1ddd1217c6102cc3d396fd611f82c314dbff36b5b680699bcc84a6a6fb6d94f259c375bc9cf69c63934b9ca47a642a943a9bbe321400f0df266dd0360d77403154fccc16f997c44267839ac80d0a33ce8b46de065b81ab6c17a1f912c59c01fdf24eb1323144bb9d9199f16ab63d02a643f9dd4b67a92cdf62939d865cc7af3302db165247c9c6d80f9626ce633d6f049aa2f7d242f890583242645041034bba97d8f3aff510327ac6b1519ffb645d95b12d735b4473fc0b90a7867e752a3548165ee4f051b59c607db4f615750fe4ee8313ab52201fb01dfee2413c59110c40f35698265233621f27c33052e76fa79706bfa572238d47c9e26890e7ee5ca6ae786396fd646cc3ecb4a340782730831ae8292ba849b183a7d7a7b54886adfab25a3ee00eaac9900f7952aa75646d9ed6c82df1d852a8164f622b21e62795ca5c0a93d26410d9e1f37a72ff51c7d557de402a069e37fdbb4a372fb2366bd01118df183a9bc224045e924fbab21acfb9af7394658b37d8d4cd9525066227bb3f190987f4ae6ea2c72565679103e8dea045237e6c00b0a7d90936520517d29c697ec1eb4bdb46db08924da01f240f4d3a9d6f2c56e0e2131af636561f5eebb7f37e7df3ed05e66f689916395e809c396c65e894c6c622fb3a2ac9072d81f8a5bc3c85d3c6157b0181f652d13ab91fe6cbe44e91d5b16a0de17df9fb2c0e1d5a3a8d94a0e498e9312f3bf6b36d1f412250c7a9fc8a13a0fd01a54a31ce356cf34ff5b2a0bdc9bff60d9e06709bf72a2d115e1ff2db9f8aeac932c3223415c1b376cf072832e7589327e5d16c1a7014810b11533e516f26f9358eea3a985a1e0a2275bc5342cdae64c18ee13491d2b82ee4ed1815cdf11c2bbfd0e238f6b61faec11372e8510281d33c681832c981c7524f7ab5c8b909ae5f81ee92359e9e7b2810f442ef95659775ea408dd11a1321066af5c5a0f2a75cf248203447b2e5c1114a2cec215e88249eb1ac8f28c1d59cee5d37785a3e55ae124ecb2db3bfba484c6c6f40fee60d90e8d449c0f0d690be67aa57de7da5090d0b5ab438b6217cbc6aa163bc4241cbc19c87a72f4a9b28737bf0ecba08fc290be53cc0e27d32e349766b67258eecdcc93c5e7e5a4146434551e1d2095ef3dde970130c8148acf508376d04b4b8182dd2ed0af0f5f4751c85684a7d8eac9a56759f5c0a4e615409cdba308475e93cb6dbe9e5e9322bb2bf8aa2250a9ee7fc8b7e320c9936967d187fb3e13f2bf82378bbac3b39238dae5b23be848a4164c1a3aa98239e933919f01791af5a0d882dcae29052fc6092866574d306501f488dcd6352c02170400785e3331f4a0dff3cb4cb6150da70eefaccb57bc0bec151ad9560f86b47d1958ae890db0867be6d09adf77638b432beb7a899e9928feeadfe97b569f20b9bc507a92d28e66c432a58ece5169ea85457db31c9f707108f132224dfdc92befe4ea986df66fa6ddfa80ee298737f53fa41fecf1cb6db53fceb550fd70467288687c23fe9028d66a5d0736fdf6b6665ddbc01ccdbd41bbc968a69833ab36a03ec22029276bff5df1e73458387a5da53bebc80952b1e81da81fffddcb4dd8f301b00611fb2da98d7ab5bb1bb828cd11209d18da746911100320698ae6284dfff5b57a26f0e9a8d8cb2744c1936d27ef40badaa2d7222a302995ff754c3171f3d36f9eca56f9748c2a461163c3124e1a1560212c0b4c820375fdbf158e08b31321367a41a7b768f33a712532f699d6184799b17513be055bd2f7876b80c7864cae9d15d33d0a9ded47f8412960d9faa80dcb6d829af981dab0d35d1b4de2d37d2ef063d9d421424f431ee9c46c2908821e6bf2345753d9d72c81efdbcf5e73fac06b9fc461b88261c52e2f9e5f7ab4d27185d1880a794596be44bda807b39209e1cff38be367c37d8fed7562b1fc25b994e874b750d67acb0e81a9c5069c465bdd1f09fca0b9685a7686ddbc619125bea716244a77094ada1369f399b2b9598525ab6c796deb496c6b94b336b9b6d75d4f3d17328d859181c384ccac2b893dccd555fb677e7a3a718ecd615d33ea8015269e9b9774894a2e6aaa0ed956e3dbe1738d31a927396074b308353ac051cc554bfc1c3c8d80001d19868b6fec78c3bf4be938c2ee3ea3a63455c4259485f75c45d7036d106d6fafe1d0c5175e8cdc11bc0e43cbc5ccfe22bab49ea9c152f07a7c1ead3f21803d2e645de83fd3f2ed85ab771a8b3207da55ce0d2cbf4322d9c716abe61952fae1815c9507aaf4feab7e9ed200645a98d009d953c37bf9619e174f6f83002b53e8dc6eb21fc3507b28059e7f70e2adc07d48c58f6fd35c4e8175ffecfbfbc81e7ea8293be7db3cb803be27133a12ea9fdfb5372a90e190791fb750f5c82a36afa702d5122ce6e1e057062f7f563eae8ce3936907ed0516793e69a89d6f4e296697d2818e9b2c9b0cdd81c52"})

1.212128ms ago: executing program 2 (id=1281):
ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000000)={0x1, &(0x7f0000001ac0)=[{0x0, 0x1000}]})

858.31µs ago: executing program 4 (id=1282):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000640)="000a18000500000000eb55000000000116aa34745a1945da08e815b218b175e62e90d9c5596d3ef4ddaae57cdcf90884", 0x30, 0x4000000, &(0x7f0000000380)={0x11, 0xe56930649afa540, r1, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)

0s ago: executing program 6 (id=1283):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r3, @ANYBLOB="0c009900ff070000070000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000640)="000a1800000d600000eb5500fe00000100aa34745a1945da08e815b218b175e62e90d9c5596d3ef4ddaae57cdcf90884", 0x30, 0x4000000, &(0x7f0000000380)={0x11, 0xe56930649afa540, r6, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)

kernel console output (not intermixed with test programs):

58660][ T1044]  (id 0x00)
[  101.005844][ T1044] rc_core: IR keymap rc-imon-pad not found
[  101.008176][ T1044] Registered IR keymap rc-empty
[  101.009747][ T1044] imon 11-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  101.013314][ T1044] imon 11-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  101.166571][ T1044] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0
[  101.172477][ T1044] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0/input39
[  101.180853][ T1044] imon 11-1:155.0: iMON device (15c2:ffdc, intf0) on usb<11:6> initialized
[  101.345858][  T844] usb 11-1: USB disconnect, device number 6
[  101.624121][ T7919] netlink: 28 bytes leftover after parsing attributes in process `syz.8.518'.
[  101.628327][ T7919] netlink: 28 bytes leftover after parsing attributes in process `syz.8.518'.
[  101.739175][   T40] audit: type=1400 audit(1780057345.503:597): avc:  denied  { bind } for  pid=7922 comm="syz.8.519" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  101.745771][   T40] audit: type=1400 audit(1780057345.513:598): avc:  denied  { name_bind } for  pid=7922 comm="syz.8.519" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  101.752091][   T40] audit: type=1400 audit(1780057345.513:599): avc:  denied  { node_bind } for  pid=7922 comm="syz.8.519" saddr=255.255.255.255 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  101.792227][ T7925] SELinux:  policydb string length 813182979 does not match expected length 8
[  101.796209][ T7925] SELinux: failed to load policy
[  101.943039][ T7934] netlink: 'syz.6.523': attribute type 63 has an invalid length.
[  101.988630][ T7938] netlink: 52 bytes leftover after parsing attributes in process `syz.6.525'.
[  102.017542][ T7942] tmpfs: Unknown parameter 'mF!÷ÿ�Ì®LõÝ'
[  102.020532][ T7942] netlink: 4 bytes leftover after parsing attributes in process `syz.6.527'.
[  102.296025][ T1044] usb 11-1: new high-speed USB device number 7 using dummy_hcd
[  102.361746][ T7952] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  102.428857][   T40] audit: type=1400 audit(1780057346.193:600): avc:  denied  { ioctl } for  pid=7956 comm="syz.4.533" path="socket:[23982]" dev="sockfs" ino=23982 ioctlcmd=0x941e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  102.440041][   T40] audit: type=1400 audit(1780057346.203:601): avc:  denied  { setattr } for  pid=7956 comm="syz.4.533" name="NETLINK" dev="sockfs" ino=23093 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  102.440293][ T7957] netlink: 56 bytes leftover after parsing attributes in process `syz.4.533'.
[  102.455850][ T1044] usb 11-1: Using ep0 maxpacket: 32
[  102.464739][ T1044] usb 11-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  102.469142][ T1044] usb 11-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  102.473898][ T1044] usb 11-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  102.479483][ T1044] usb 11-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  102.479624][ T7957] XFS (nullb0): Invalid superblock magic number
[  102.487210][ T1044] usb 11-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  102.487234][ T1044] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.487252][ T1044] usb 11-1: Product: syz
[  102.487265][ T1044] usb 11-1: Manufacturer: syz
[  102.495134][ T1044] usb 11-1: SerialNumber: syz
[  102.505167][    C0] imon 11-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  102.510229][ T1044] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/input/input40
[  102.548271][   T40] audit: type=1400 audit(1780057346.313:602): avc:  denied  { write } for  pid=7967 comm="syz.2.536" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  102.556229][   T40] audit: type=1400 audit(1780057346.323:603): avc:  denied  { read } for  pid=7967 comm="syz.2.536" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  102.608033][ T7972] netlink: 'syz.2.536': attribute type 18 has an invalid length.
[  102.611289][ T7972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.536'.
[  102.626524][   T13] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  102.626618][ T7972] netlink: 'syz.2.536': attribute type 18 has an invalid length.
[  102.629793][   T13] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  102.632836][ T7972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.536'.
[  102.640380][   T79] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  102.643874][   T79] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  102.668458][ T7974] netem: change failed
[  102.725539][ T1044] imon 11-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  102.733517][ T1044]  (id 0x00)
[  102.775916][ T1044] rc_core: IR keymap rc-imon-pad not found
[  102.777759][ T1044] Registered IR keymap rc-empty
[  102.779698][ T1044] imon 11-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  102.782845][ T1044] imon 11-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  102.887026][ T7981] netlink: 'syz.8.539': attribute type 1 has an invalid length.
[  102.889609][ T7981] netlink: 14436 bytes leftover after parsing attributes in process `syz.8.539'.
[  102.935967][ T1044] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0
[  102.940220][ T1044] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0/input41
[  102.945502][ T1044] imon 11-1:155.0: iMON device (15c2:ffdc, intf0) on usb<11:7> initialized
[  102.965982][ T5843] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  102.975220][ T7990] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1539 sclass=netlink_route_socket pid=7990 comm=syz.8.542
[  103.055688][ T7991] netlink: 4 bytes leftover after parsing attributes in process `syz.8.542'.
[  103.110407][ T6912] usb 11-1: USB disconnect, device number 7
[  103.116070][ T5843] usb 7-1: Using ep0 maxpacket: 32
[  103.121664][ T5843] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  103.125032][ T5843] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  103.129241][ T5843] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  103.132638][ T5843] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  103.148617][ T5843] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  103.151481][ T5843] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.153978][ T5843] usb 7-1: Product: syz
[  103.155343][ T5843] usb 7-1: Manufacturer: syz
[  103.157526][ T5843] usb 7-1: SerialNumber: syz
[  103.163648][    C3] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  103.167441][ T5843] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input42
[  103.375760][ T5843] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  103.378746][ T5843]  (id 0x00)
[  103.425515][ T5843] rc_core: IR keymap rc-imon-pad not found
[  103.427444][ T5843] Registered IR keymap rc-empty
[  103.429027][ T5843] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  103.432256][ T5843] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  103.587910][ T5843] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[  103.592293][ T5843] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input43
[  103.599266][ T5843] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:17> initialized
[  103.654459][ T8009] capability: warning: `syz.6.548' uses 32-bit capabilities (legacy support in use)
[  103.778258][ T8015] mac80211_hwsim hwsim15 syzkaller0: entered promiscuous mode
[  103.779946][ T5843] usb 7-1: USB disconnect, device number 17
[  103.781226][ T8015] mac80211_hwsim hwsim15 syzkaller0: entered allmulticast mode
[  103.832057][ T8024] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  103.835206][ T8024] netlink: 4 bytes leftover after parsing attributes in process `syz.6.552'.
[  104.205922][ T5887] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  104.376160][ T5887] usb 9-1: Using ep0 maxpacket: 32
[  104.379882][ T5887] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  104.383241][ T5887] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  104.387404][ T5887] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  104.390793][ T5887] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  104.398474][ T5887] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  104.401867][ T5887] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.404359][ T5887] usb 9-1: Product: syz
[  104.406064][ T5887] usb 9-1: Manufacturer: syz
[  104.407734][ T5887] usb 9-1: SerialNumber: syz
[  104.419394][    C0] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  104.424880][ T5887] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/input/input44
[  104.636243][ T5887] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  104.641320][ T5887]  (id 0x00)
[  104.705516][ T5887] rc_core: IR keymap rc-imon-pad not found
[  104.707905][ T5887] Registered IR keymap rc-empty
[  104.709400][ T5887] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  104.712556][ T5887] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  104.836369][ T5887] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0
[  104.841702][ T5887] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0/input45
[  104.852996][ T5887] imon 9-1:155.0: iMON device (15c2:ffdc, intf0) on usb<9:9> initialized
[  105.024825][ T6807] usb 9-1: USB disconnect, device number 9
[  105.125566][ T6208] usb 13-1: new high-speed USB device number 9 using dummy_hcd
[  105.255634][ T6208] usb 13-1: device descriptor read/64, error -71
[  105.505527][ T6208] usb 13-1: new high-speed USB device number 10 using dummy_hcd
[  105.519990][ T8081] netlink: 'syz.2.569': attribute type 12 has an invalid length.
[  105.584156][   T40] kauditd_printk_skb: 15 callbacks suppressed
[  105.584166][   T40] audit: type=1400 audit(1780057349.343:619): avc:  denied  { read } for  pid=8088 comm="syz.4.572" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  105.593923][   T40] audit: type=1400 audit(1780057349.353:620): avc:  denied  { open } for  pid=8088 comm="syz.4.572" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  105.656296][ T6208] usb 13-1: device descriptor read/64, error -71
[  105.766062][ T6208] usb usb13-port1: attempt power cycle
[  106.115601][ T6208] usb 13-1: new high-speed USB device number 11 using dummy_hcd
[  106.136429][ T6208] usb 13-1: device descriptor read/8, error -71
[  106.385636][ T6208] usb 13-1: new high-speed USB device number 12 using dummy_hcd
[  106.407660][ T6208] usb 13-1: device descriptor read/8, error -71
[  106.515772][ T6208] usb usb13-port1: unable to enumerate USB device
[  106.548328][ T8102] nbd: illegal input index -2146435068
[  106.628521][   T40] audit: type=1400 audit(1780057350.393:621): avc:  denied  { create } for  pid=8104 comm="syz.6.579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  106.795652][ T6208] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  106.986953][ T6208] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  106.993284][ T6208] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  106.996498][ T6208] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  107.001920][ T6208] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  107.004815][ T6208] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  107.007573][ T6208] usb 7-1: Product: syz
[  107.008859][ T6208] usb 7-1: Manufacturer: syz
[  107.010342][ T6208] usb 7-1: SerialNumber: syz
[  107.055586][  T844] usb 11-1: new high-speed USB device number 8 using dummy_hcd
[  107.205556][  T844] usb 11-1: Using ep0 maxpacket: 32
[  107.209403][  T844] usb 11-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  107.213810][  T844] usb 11-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  107.218141][ T6208] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  107.218768][  T844] usb 11-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  107.227362][  T844] usb 11-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  107.234695][  T844] usb 11-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  107.238305][  T844] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.241274][  T844] usb 11-1: Product: syz
[  107.242579][  T844] usb 11-1: Manufacturer: syz
[  107.244249][  T844] usb 11-1: SerialNumber: syz
[  107.250966][    C2] imon 11-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  107.254980][  T844] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/input/input46
[  107.449416][   T40] audit: type=1400 audit(1780057351.213:622): avc:  denied  { write } for  pid=8100 comm="syz.2.578" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  107.475546][  T844] imon 11-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  107.482771][  T844]  (id 0x00)
[  107.499450][ T6208] usb 7-1: USB disconnect, device number 18
[  107.514628][ T6208] usblp0: removed
[  107.535551][  T844] rc_core: IR keymap rc-imon-pad not found
[  107.537415][  T844] Registered IR keymap rc-empty
[  107.543406][  T844] imon 11-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  107.551248][  T844] imon 11-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  107.574497][ T8121] __nla_validate_parse: 1 callbacks suppressed
[  107.574509][ T8121] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.583'.
[  107.574515][ T8122] netlink: 212336 bytes leftover after parsing attributes in process `syz.4.583'.
[  107.676464][  T844] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0
[  107.687161][  T844] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0/input47
[  107.705421][  T844] imon 11-1:155.0: iMON device (15c2:ffdc, intf0) on usb<11:8> initialized
[  107.863013][  T844] usb 11-1: USB disconnect, device number 8
[  108.031384][ T8133] netlink: 20 bytes leftover after parsing attributes in process `syz.4.587'.
[  108.033889][   T40] audit: type=1400 audit(1780057351.793:623): avc:  denied  { nlmsg_read } for  pid=8132 comm="syz.4.587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  108.095598][ T5887] usb 9-1: new low-speed USB device number 10 using dummy_hcd
[  108.298564][ T8149] netlink: 'syz.2.593': attribute type 1 has an invalid length.
[  108.350811][ T8149] macvlan3: entered promiscuous mode
[  108.352431][ T8149] macvlan3: entered allmulticast mode
[  108.354507][ T8149] bond3: entered promiscuous mode
[  108.356989][ T8149] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  108.362960][ T8149] bond3: left promiscuous mode
[  108.627390][ T8166] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8166 comm=syz.4.600
[  108.640196][ T8166] netlink: 8 bytes leftover after parsing attributes in process `syz.4.600'.
[  108.648627][ T8166] netlink: 24 bytes leftover after parsing attributes in process `syz.4.600'.
[  108.696897][ T8171] netlink: 16 bytes leftover after parsing attributes in process `syz.4.600'.
[  108.698007][ T8166] veth3: entered allmulticast mode
[  108.806140][  T844] usb 11-1: new high-speed USB device number 9 using dummy_hcd
[  108.895931][ T8173] fuse: Unknown parameter 'fd0x0000000000000003'
[  108.935795][   T34] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  108.986016][  T844] usb 11-1: Using ep0 maxpacket: 32
[  108.995429][  T844] usb 11-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  109.001134][  T844] usb 11-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  109.015531][  T844] usb 11-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  109.019118][  T844] usb 11-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  109.027934][  T844] usb 11-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  109.032111][  T844] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.034614][  T844] usb 11-1: Product: syz
[  109.036423][  T844] usb 11-1: Manufacturer: syz
[  109.038893][  T844] usb 11-1: SerialNumber: syz
[  109.046118][    C2] imon 11-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  109.054868][  T844] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/input/input48
[  109.085522][   T34] usb 7-1: Using ep0 maxpacket: 32
[  109.092542][   T34] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  109.097374][   T34] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  109.105517][   T34] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  109.111006][   T34] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  109.128992][   T34] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  109.131833][   T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.134262][   T34] usb 7-1: Product: syz
[  109.135627][   T34] usb 7-1: Manufacturer: syz
[  109.137057][   T34] usb 7-1: SerialNumber: syz
[  109.151543][    C3] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  109.166559][   T34] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input50
[  109.265602][  T844] imon 11-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  109.269876][  T844]  (id 0x00)
[  109.325567][ T5887] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  109.325586][  T844] rc_core: IR keymap rc-imon-pad not found
[  109.325600][  T844] Registered IR keymap rc-empty
[  109.331962][  T844] imon 11-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  109.335060][  T844] imon 11-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  109.365596][   T34] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  109.370497][   T34]  (id 0x00)
[  109.425689][   T34] rc_core: IR keymap rc-imon-pad not found
[  109.427457][   T34] Registered IR keymap rc-empty
[  109.431093][   T34] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  109.445501][   T34] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  109.455586][ T5887] usb 9-1: device descriptor read/64, error -71
[  109.477351][  T844] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0
[  109.485297][  T844] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0/input49
[  109.493843][  T844] imon 11-1:155.0: iMON device (15c2:ffdc, intf0) on usb<11:9> initialized
[  109.518199][ T8192] netlink: 8 bytes leftover after parsing attributes in process `syz.8.608'.
[  109.521167][ T8192] netlink: 4 bytes leftover after parsing attributes in process `syz.8.608'.
[  109.524092][ T8192] netlink: 'syz.8.608': attribute type 11 has an invalid length.
[  109.527067][ T8192] netlink: 'syz.8.608': attribute type 7 has an invalid length.
[  109.566179][   T34] rc rc1: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc1
[  109.570124][   T34] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc1/input51
[  109.587694][   T34] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:19> initialized
[  109.604288][   T40] audit: type=1400 audit(1780057353.363:624): avc:  denied  { module_request } for  pid=8193 comm="syz.8.609" kmod="crypto-digest_null" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  109.699332][ T5887] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  109.758674][ T8170] imon:display_open: display port is already open
[  109.804404][  T844] usb 7-1: USB disconnect, device number 19
[  109.829135][ T5887] usb 9-1: device descriptor read/64, error -71
[  109.907539][   T40] audit: type=1400 audit(1780057353.673:625): avc:  denied  { write } for  pid=8231 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  109.943371][   T58] usb 11-1: USB disconnect, device number 9
[  109.945941][ T5887] usb usb9-port1: attempt power cycle
[  109.971018][   T40] audit: type=1400 audit(1780057353.733:626): avc:  denied  { write } for  pid=8234 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  110.037507][   T40] audit: type=1400 audit(1780057353.803:627): avc:  denied  { write } for  pid=8236 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  110.083179][   T40] audit: type=1400 audit(1780057353.843:628): avc:  denied  { write } for  pid=8239 comm="rm" name="hook-state" dev="tmpfs" ino=1842 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  110.285635][ T5887] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  110.306429][ T5887] usb 9-1: device descriptor read/8, error -71
[  110.367185][ T8246] netlink: 36 bytes leftover after parsing attributes in process `syz.2.612'.
[  110.466828][ T8250] netlink: 'syz.2.613': attribute type 1 has an invalid length.
[  110.470299][ T8250] netlink: 'syz.2.613': attribute type 1 has an invalid length.
[  110.474161][ T8250] netlink: 'syz.2.613': attribute type 1 has an invalid length.
[  110.478644][ T8250] netlink: 'syz.2.613': attribute type 1 has an invalid length.
[  110.481943][ T8250] netlink: 'syz.2.613': attribute type 1 has an invalid length.
[  110.485098][ T8250] netlink: 'syz.2.613': attribute type 1 has an invalid length.
[  110.545844][ T5887] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  110.567585][ T5887] usb 9-1: device descriptor read/8, error -71
[  110.682472][ T5887] usb usb9-port1: unable to enumerate USB device
[  110.719356][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  110.719373][   T40] audit: type=1400 audit(1780057354.483:630): avc:  denied  { connect } for  pid=8274 comm="syz.2.618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  110.763514][   T40] audit: type=1326 audit(1780057354.523:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8272 comm="syz.6.617" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f52d179ce59 code=0x0
[  111.055877][ T5844] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  111.205845][ T5844] usb 7-1: Using ep0 maxpacket: 32
[  111.209978][ T5844] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  111.215783][ T5844] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  111.220024][ T5844] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  111.225680][ T5844] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  111.233335][ T5844] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  111.239177][ T5844] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.242480][ T5844] usb 7-1: Product: syz
[  111.244210][ T5844] usb 7-1: Manufacturer: syz
[  111.247734][ T5844] usb 7-1: SerialNumber: syz
[  111.257049][    C0] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  111.271218][ T5844] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input52
[  111.302711][ T8281] netlink: 16 bytes leftover after parsing attributes in process `syz.8.621'.
[  111.475855][ T5844] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  111.479283][ T5844]  (id 0x00)
[  111.545625][ T5844] rc_core: IR keymap rc-imon-pad not found
[  111.550345][ T5844] Registered IR keymap rc-empty
[  111.552437][ T5844] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  111.566959][ T5844] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  111.634467][   T40] audit: type=1400 audit(1780057355.393:632): avc:  denied  { create } for  pid=8284 comm="syz.6.622" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  111.676441][ T5844] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[  111.682549][ T5844] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input53
[  111.694349][ T5844] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:20> initialized
[  111.795338][   T40] audit: type=1400 audit(1780057355.553:633): avc:  denied  { unlink } for  pid=6543 comm="syz-executor" name="file0" dev="tmpfs" ino=528 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  111.841612][   T40] audit: type=1400 audit(1780057355.603:634): avc:  denied  { mount } for  pid=8288 comm="syz.6.623" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  111.863833][ T6208] usb 7-1: USB disconnect, device number 20
[  111.867172][   T40] audit: type=1400 audit(1780057355.633:635): avc:  denied  { unmount } for  pid=6543 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  112.153888][   T40] audit: type=1400 audit(1780057355.913:636): avc:  denied  { map } for  pid=8301 comm="syz.8.628" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  112.193336][   T40] audit: type=1800 audit(1780057355.953:637): pid=8306 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.8.630" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  112.336860][   T40] audit: type=1400 audit(1780057356.103:638): avc:  denied  { append } for  pid=8307 comm="syz.8.631" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  112.415690][   T58] usb 11-1: new high-speed USB device number 10 using dummy_hcd
[  112.535586][   T40] audit: type=1400 audit(1780057356.293:639): avc:  denied  { ioctl } for  pid=8323 comm="syz.2.637" path="socket:[25532]" dev="sockfs" ino=25532 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  112.565745][   T58] usb 11-1: Using ep0 maxpacket: 32
[  112.570546][   T58] usb 11-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  112.574867][   T58] usb 11-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  112.580053][   T58] usb 11-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  112.582563][ T8327] __nla_validate_parse: 1 callbacks suppressed
[  112.582573][ T8327] netlink: 12 bytes leftover after parsing attributes in process `syz.2.638'.
[  112.583428][   T58] usb 11-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  112.594061][   T58] usb 11-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  112.597047][   T58] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.599582][   T58] usb 11-1: Product: syz
[  112.600952][   T58] usb 11-1: Manufacturer: syz
[  112.602450][   T58] usb 11-1: SerialNumber: syz
[  112.612561][    C1] imon 11-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  112.619760][   T58] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/input/input54
[  112.661435][ T8329] could not allocate digest TFM handle sha224-arm64-neon
[  112.753511][ T8342] validate_nla: 59 callbacks suppressed
[  112.753524][ T8342] netlink: 'syz.2.643': attribute type 1 has an invalid length.
[  112.782697][ T8342] 8021q: adding VLAN 0 to HW filter on device bond4
[  112.804481][ T8342] bond4: (slave geneve3): making interface the new active one
[  112.809584][ T8342] bond4: (slave geneve3): Enslaving as an active interface with an up link
[  112.835812][   T58] imon 11-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  112.839249][   T58]  (id 0x00)
[  112.896936][   T58] rc_core: IR keymap rc-imon-pad not found
[  112.902522][   T58] Registered IR keymap rc-empty
[  112.904559][   T58] imon 11-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  112.915826][   T58] imon 11-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  112.935612][  T844] usb 13-1: new high-speed USB device number 13 using dummy_hcd
[  112.944100][ T8347] tmpfs: Unknown parameter '00000000000000000000'
[  113.036627][   T58] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0
[  113.045111][   T58] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0/input55
[  113.066589][   T58] imon 11-1:155.0: iMON device (15c2:ffdc, intf0) on usb<11:10> initialized
[  113.115649][  T844] usb 13-1: Using ep0 maxpacket: 32
[  113.122184][  T844] usb 13-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  113.130261][  T844] usb 13-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  113.138651][  T844] usb 13-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  113.146358][  T844] usb 13-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  113.155538][  T844] usb 13-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  113.159418][  T844] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.162786][  T844] usb 13-1: Product: syz
[  113.164660][  T844] usb 13-1: Manufacturer: syz
[  113.168698][  T844] usb 13-1: SerialNumber: syz
[  113.185881][    C2] imon 13-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  113.191047][  T844] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/input/input56
[  113.313469][   T58] usb 11-1: USB disconnect, device number 10
[  113.335953][ T8360] netlink: 172 bytes leftover after parsing attributes in process `syz.4.649'.
[  113.405771][  T844] imon 13-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  113.409072][  T844]  (id 0x00)
[  113.443640][ T8366] netlink: del zone limit has 4 unknown bytes
[  113.475657][  T844] rc_core: IR keymap rc-imon-pad not found
[  113.477662][  T844] Registered IR keymap rc-empty
[  113.479680][  T844] imon 13-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  113.483269][  T844] imon 13-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  113.596610][  T844] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0
[  113.603216][  T844] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0/input57
[  113.612147][  T844] imon 13-1:155.0: iMON device (15c2:ffdc, intf0) on usb<13:13> initialized
[  113.725682][   T58] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  113.786325][   T58] usb 13-1: USB disconnect, device number 13
[  113.861838][ T5742] Bluetooth: hci4: sending frame failed (-49)
[  113.867564][ T5098] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  114.800058][ T8411] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  114.862547][ T8426] FAULT_INJECTION: forcing a failure.
[  114.862547][ T8426] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  114.873306][ T8426] CPU: 2 UID: 0 PID: 8426 Comm: syz.6.670 Not tainted syzkaller #0 PREEMPT(full) 
[  114.873321][ T8426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  114.873328][ T8426] Call Trace:
[  114.873332][ T8426]  <TASK>
[  114.873336][ T8426]  dump_stack_lvl+0x100/0x190
[  114.873361][ T8426]  should_fail_ex.cold+0x5/0xa
[  114.873376][ T8426]  _copy_from_user+0x2e/0xd0
[  114.873394][ T8426]  move_addr_to_kernel+0x65/0x170
[  114.873412][ T8426]  __sys_sendto+0x1c9/0x4b0
[  114.873428][ T8426]  ? __pfx___sys_sendto+0x10/0x10
[  114.873453][ T8426]  ? ksys_write+0x1ac/0x250
[  114.873465][ T8426]  ? __pfx_ksys_write+0x10/0x10
[  114.873477][ T8426]  __x64_sys_sendto+0xe0/0x1c0
[  114.873492][ T8426]  ? do_syscall_64+0x90/0x870
[  114.873509][ T8426]  ? lockdep_hardirqs_on+0x78/0x100
[  114.873528][ T8426]  do_syscall_64+0x115/0x870
[  114.873541][ T8426]  ? clear_bhb_loop+0x40/0x90
[  114.873554][ T8426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.873565][ T8426] RIP: 0033:0x7f52d179ce59
[  114.873574][ T8426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  114.873585][ T8426] RSP: 002b:00007f52d26d0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  114.873596][ T8426] RAX: ffffffffffffffda RBX: 00007f52d1a15fa0 RCX: 00007f52d179ce59
[  114.873602][ T8426] RDX: 0000000000000028 RSI: 0000200000000580 RDI: 0000000000000003
[  114.873609][ T8426] RBP: 00007f52d26d0090 R08: 0000200000000140 R09: 0000000000000014
[  114.873615][ T8426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.873621][ T8426] R13: 00007f52d1a16038 R14: 00007f52d1a15fa0 R15: 00007ffd49678ff8
[  114.873634][ T8426]  </TASK>
[  114.956122][ T8430] netlink: 45 bytes leftover after parsing attributes in process `syz.4.671'.
[  115.065559][ T5887] usb 13-1: new high-speed USB device number 14 using dummy_hcd
[  115.196180][ T5844] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  115.215531][ T5887] usb 13-1: Using ep0 maxpacket: 32
[  115.217801][ T8454] FAULT_INJECTION: forcing a failure.
[  115.217801][ T8454] name failslab, interval 1, probability 0, space 0, times 0
[  115.221745][ T8454] CPU: 3 UID: 0 PID: 8454 Comm: syz.4.681 Not tainted syzkaller #0 PREEMPT(full) 
[  115.221760][ T8454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  115.221767][ T8454] Call Trace:
[  115.221771][ T8454]  <TASK>
[  115.221775][ T8454]  dump_stack_lvl+0x100/0x190
[  115.221791][ T8454]  should_fail_ex.cold+0x5/0xa
[  115.221806][ T8454]  should_failslab+0xc2/0x120
[  115.221832][ T8454]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  115.221849][ T8454]  ? __alloc_skb+0x140/0x710
[  115.221864][ T8454]  ? __alloc_skb+0x5b7/0x710
[  115.221888][ T8454]  __alloc_skb+0x140/0x710
[  115.221908][ T8454]  ? __alloc_skb+0x5b7/0x710
[  115.221933][ T8454]  ? __pfx___alloc_skb+0x10/0x10
[  115.221957][ T8454]  ? find_held_lock+0x2b/0x80
[  115.221977][ T8454]  alloc_skb_with_frags+0xdd/0x760
[  115.221993][ T8454]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  115.222008][ T8454]  sock_alloc_send_pskb+0x801/0x980
[  115.222023][ T8454]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  115.222042][ T8454]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  115.222057][ T8454]  ? find_held_lock+0x2b/0x80
[  115.222066][ T8454]  ? dev_get_by_index+0x180/0x380
[  115.222081][ T8454]  ? dev_get_by_index+0x180/0x380
[  115.222100][ T8454]  packet_sendmsg+0x1eda/0x5100
[  115.222119][ T8454]  ? __lock_acquire+0x4a5/0x2630
[  115.222134][ T8454]  ? sock_has_perm+0x25a/0x2f0
[  115.222148][ T8454]  ? __pfx_sock_has_perm+0x10/0x10
[  115.222162][ T8454]  ? __pfx_packet_sendmsg+0x10/0x10
[  115.222183][ T8454]  __sys_sendto+0x468/0x4b0
[  115.222197][ T8454]  ? __pfx_packet_sendmsg+0x10/0x10
[  115.222211][ T8454]  ? __pfx___sys_sendto+0x10/0x10
[  115.222236][ T8454]  ? ksys_write+0x1ac/0x250
[  115.222248][ T8454]  ? __pfx_ksys_write+0x10/0x10
[  115.222261][ T8454]  __x64_sys_sendto+0xe0/0x1c0
[  115.222276][ T8454]  ? do_syscall_64+0x90/0x870
[  115.222289][ T8454]  ? lockdep_hardirqs_on+0x78/0x100
[  115.222303][ T8454]  do_syscall_64+0x115/0x870
[  115.222315][ T8454]  ? clear_bhb_loop+0x40/0x90
[  115.222328][ T8454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.222339][ T8454] RIP: 0033:0x7fa61919ce59
[  115.222348][ T8454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  115.222358][ T8454] RSP: 002b:00007fa61a070028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  115.222369][ T8454] RAX: ffffffffffffffda RBX: 00007fa619415fa0 RCX: 00007fa61919ce59
[  115.222376][ T8454] RDX: 0000000000000028 RSI: 0000200000000580 RDI: 0000000000000003
[  115.222382][ T8454] RBP: 00007fa61a070090 R08: 0000200000000140 R09: 0000000000000014
[  115.222388][ T8454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.222394][ T8454] R13: 00007fa619416038 R14: 00007fa619415fa0 R15: 00007ffcaee9f538
[  115.222407][ T8454]  </TASK>
[  115.223157][ T5887] usb 13-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  115.335532][ T5887] usb 13-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  115.340200][ T5887] usb 13-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 187, changing to 11
[  115.344720][ T5887] usb 13-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 24732, setting to 1024
[  115.349780][ T5887] usb 13-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  115.360447][ T5887] usb 13-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  115.364150][ T5887] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.368718][ T5887] usb 13-1: Product: syz
[  115.370451][ T5887] usb 13-1: Manufacturer: syz
[  115.372023][ T5887] usb 13-1: SerialNumber: syz
[  115.378469][    C0] imon 13-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  115.382113][ T5887] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/input/input58
[  115.405900][ T5844] usb 7-1: Using ep0 maxpacket: 32
[  115.410151][ T5844] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  115.414159][ T5844] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  115.417719][ T5844] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  115.421740][ T5844] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  115.431263][ T5844] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  115.436436][ T5844] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.439072][ T5844] usb 7-1: Product: syz
[  115.440747][ T5844] usb 7-1: Manufacturer: syz
[  115.442705][ T5844] usb 7-1: SerialNumber: syz
[  115.457068][    C0] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  115.461527][ T5844] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input60
[  115.580692][ T8413] cifs: Bad value for 'port'
[  115.595825][ T5887] imon 13-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  115.601549][ T5887]  (id 0x00)
[  115.655673][ T5887] rc_core: IR keymap rc-imon-pad not found
[  115.657783][ T5887] Registered IR keymap rc-empty
[  115.659411][ T5887] imon 13-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  115.662565][ T5887] imon 13-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  115.665818][ T5887] imon:send_packet: packet tx failed (-71)
[  115.675899][ T5844] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  115.678677][ T5844]  (id 0x00)
[  115.685624][ T5887] imon 13-1:155.0: remote input dev register failed
[  115.687915][ T5887] imon 13-1:155.0: imon_init_intf0: rc device setup failed
[  115.698887][ T5887] imon 13-1:155.0: unable to initialize intf0, err 0
[  115.701263][ T5887] imon:imon_probe: failed to initialize context!
[  115.703236][ T5887] imon 13-1:155.0: unable to register, err -19
[  115.707037][ T5887] usb 13-1: USB disconnect, device number 14
[  115.735946][ T5844] rc_core: IR keymap rc-imon-pad not found
[  115.738389][ T5844] Registered IR keymap rc-empty
[  115.740682][ T5844] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  115.744851][ T5844] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  115.866412][ T5844] rc rc1: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc1
[  115.871194][ T5844] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc1/input61
[  115.877157][ T5844] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:21> initialized
[  116.056713][ T8432] imon:display_open: display port is already open
[  116.070586][  T844] usb 7-1: USB disconnect, device number 21
[  116.173837][ T8480] bond2: entered promiscuous mode
[  116.177693][ T8480] netlink: 20 bytes leftover after parsing attributes in process `syz.6.687'.
[  116.241582][ T8487] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  116.282566][ T8489] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6)
[  116.284620][ T8489] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  116.293697][ T8489] vhci_hcd vhci_hcd.0: Device attached
[  116.315269][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  116.315281][   T40] audit: type=1400 audit(1780057360.073:644): avc:  denied  { read write } for  pid=8488 comm="syz.8.692" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  116.324401][   T40] audit: type=1400 audit(1780057360.073:645): avc:  denied  { open } for  pid=8488 comm="syz.8.692" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  116.336469][   T40] audit: type=1400 audit(1780057360.083:646): avc:  denied  { ioctl } for  pid=8488 comm="syz.8.692" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  116.371896][ T8493] binder: 8492:8493 ioctl c0306201 200000000040 returned -14
[  116.396440][ T8490] vhci_hcd: connection closed
[  116.396744][ T8219] vhci_hcd vhci_hcd.8: stop threads
[  116.401132][ T8219] vhci_hcd vhci_hcd.8: release socket
[  116.402853][ T8219] vhci_hcd vhci_hcd.8: disconnect device
[  116.463931][ T8498] xt_hashlimit: size too large, truncated to 1048576
[  116.514045][ T8500] ip6t_srh: unknown srh invflags 51E8
[  116.517037][ T8500] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  116.557420][   T40] audit: type=1400 audit(1780057360.323:647): avc:  denied  { bpf } for  pid=8501 comm="syz.4.696" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  116.805602][  T844] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  116.835691][ T5851] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  116.933474][   T40] audit: type=1400 audit(1780057360.693:648): avc:  denied  { perfmon } for  pid=8505 comm="syz.8.698" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  116.965753][  T844] usb 9-1: Using ep0 maxpacket: 8
[  116.974896][ T5851] usb 7-1: device descriptor read/64, error -71
[  116.982300][  T844] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  116.984606][ T8512] FAULT_INJECTION: forcing a failure.
[  116.984606][ T8512] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  116.986875][  T844] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.986902][  T844] usb 9-1: config 0 interface 0 has no altsetting 0
[  116.986939][  T844] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  116.986962][  T844] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.989713][  T844] usb 9-1: config 0 descriptor??
[  116.993713][ T8512] CPU: 1 UID: 0 PID: 8512 Comm: syz.8.701 Not tainted syzkaller #0 PREEMPT(full) 
[  116.993728][ T8512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  116.993735][ T8512] Call Trace:
[  116.993739][ T8512]  <TASK>
[  116.993744][ T8512]  dump_stack_lvl+0x100/0x190
[  116.993760][ T8512]  should_fail_ex.cold+0x5/0xa
[  116.993776][ T8512]  _copy_to_user+0x32/0xd0
[  116.993791][ T8512]  simple_read_from_buffer+0xcb/0x170
[  116.993807][ T8512]  proc_fail_nth_read+0x1af/0x230
[  116.993820][ T8512]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  116.993834][ T8512]  ? rw_verify_area+0xce/0x6d0
[  116.993844][ T8512]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  116.993856][ T8512]  vfs_read+0x1e4/0xb30
[  116.993870][ T8512]  ? __pfx_vfs_read+0x10/0x10
[  116.993882][ T8512]  ? __fget_files+0x215/0x3d0
[  116.993899][ T8512]  ? __fget_files+0x21f/0x3d0
[  116.993924][ T8512]  ksys_read+0x12a/0x250
[  116.993936][ T8512]  ? __pfx_ksys_read+0x10/0x10
[  116.993952][ T8512]  do_syscall_64+0x115/0x870
[  116.993967][ T8512]  ? clear_bhb_loop+0x40/0x90
[  116.993981][ T8512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.993993][ T8512] RIP: 0033:0x7f902b95d68e
[  116.994002][ T8512] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  116.994014][ T8512] RSP: 002b:00007f902c8b9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  116.994026][ T8512] RAX: ffffffffffffffda RBX: 00007f902c8ba6c0 RCX: 00007f902b95d68e
[  116.994033][ T8512] RDX: 000000000000000f RSI: 00007f902c8ba0a0 RDI: 0000000000000005
[  116.994039][ T8512] RBP: 00007f902c8ba090 R08: 0000000000000000 R09: 0000000000000000
[  116.994045][ T8512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  116.994052][ T8512] R13: 00007f902bc16038 R14: 00007f902bc15fa0 R15: 00007ffc36e01c18
[  116.994066][ T8512]  </TASK>
[  117.225681][ T5851] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  117.355551][ T5851] usb 7-1: device descriptor read/64, error -71
[  117.466863][ T5851] usb usb7-port1: attempt power cycle
[  117.508236][  T844] hid_parser_main: 5 callbacks suppressed
[  117.508258][  T844] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  117.513926][  T844] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  117.516921][  T844] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  117.519697][  T844] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  117.522470][  T844] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[  117.526250][  T844] mcp2221 0003:04D8:00DD.0004: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  117.741723][ T7129] usb 9-1: USB disconnect, device number 15
[  117.805600][ T5851] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  117.825984][ T5851] usb 7-1: device descriptor read/8, error -71
[  118.065566][ T5851] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  118.086163][ T5851] usb 7-1: device descriptor read/8, error -71
[  118.157673][ T1044] usb 11-1: new high-speed USB device number 11 using dummy_hcd
[  118.196013][ T5851] usb usb7-port1: unable to enumerate USB device
[  118.305788][ T1044] usb 11-1: Using ep0 maxpacket: 32
[  118.308908][ T1044] usb 11-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  118.312651][ T1044] usb 11-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  118.316722][ T1044] usb 11-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  118.320569][ T1044] usb 11-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  118.327088][ T1044] usb 11-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  118.330411][ T1044] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.333256][ T1044] usb 11-1: Product: syz
[  118.334729][ T1044] usb 11-1: Manufacturer: syz
[  118.337208][ T1044] usb 11-1: SerialNumber: syz
[  118.342940][    C0] imon 11-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  118.346567][ T1044] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/input/input62
[  118.362938][ T8527] netlink: 44 bytes leftover after parsing attributes in process `syz.8.706'.
[  118.389426][   T40] audit: type=1400 audit(1780057362.153:649): avc:  denied  { bind } for  pid=8528 comm="syz.4.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  118.402100][   T40] audit: type=1400 audit(1780057362.163:650): avc:  denied  { create } for  pid=8528 comm="syz.4.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  118.556537][ T1044] imon 11-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  118.559135][ T1044]  (id 0x00)
[  118.605832][ T1044] rc_core: IR keymap rc-imon-pad not found
[  118.609268][ T1044] Registered IR keymap rc-empty
[  118.610915][ T1044] imon 11-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  118.613981][ T1044] imon 11-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  118.756603][ T1044] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0
[  118.761455][ T1044] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0/input63
[  118.766842][ T1044] imon 11-1:155.0: iMON device (15c2:ffdc, intf0) on usb<11:11> initialized
[  118.815937][ T5851] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  118.947337][ T1044] usb 11-1: USB disconnect, device number 11
[  118.965959][ T5851] usb 9-1: device descriptor read/64, error -71
[  119.086841][   T40] audit: type=1400 audit(1780057362.853:651): avc:  denied  { bind } for  pid=8564 comm="syz.8.717" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  119.172277][ T8569] input: syz1 as /devices/virtual/input/input64
[  119.205591][ T5851] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  119.335622][ T5851] usb 9-1: device descriptor read/64, error -71
[  119.347456][ T8578] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  119.446125][ T5851] usb usb9-port1: attempt power cycle
[  119.530276][   T40] audit: type=1400 audit(1780057363.293:652): avc:  denied  { ioctl } for  pid=8589 comm="syz.6.726" path="socket:[26183]" dev="sockfs" ino=26183 ioctlcmd=0x6e87 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  119.566903][   T40] audit: type=1400 audit(1780057363.333:653): avc:  denied  { map } for  pid=8595 comm="syz.6.727" path="/dev/sg0" dev="devtmpfs" ino=722 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  119.606139][ T8598] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  119.785845][ T5851] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  119.807935][ T5851] usb 9-1: device descriptor read/8, error -71
[  119.920341][ T8626] netlink: 32 bytes leftover after parsing attributes in process `syz.6.735'.
[  119.965951][ T5843] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  120.045527][ T5851] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  120.066037][ T5851] usb 9-1: device descriptor read/8, error -71
[  120.135678][ T5843] usb 7-1: Using ep0 maxpacket: 32
[  120.140276][ T5843] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  120.143348][ T5843] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  120.146949][ T5843] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  120.150230][ T5843] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  120.155636][ T5843] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  120.158406][ T5843] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.160853][ T5843] usb 7-1: Product: syz
[  120.162106][ T5843] usb 7-1: Manufacturer: syz
[  120.163501][ T5843] usb 7-1: SerialNumber: syz
[  120.172898][    C3] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  120.176427][ T5843] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input65
[  120.178020][ T5851] usb usb9-port1: unable to enumerate USB device
[  120.360806][ T8628] overlayfs: missing 'workdir'
[  120.386293][ T5843] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  120.389062][ T5843]  (id 0x00)
[  120.425694][ T5843] rc_core: IR keymap rc-imon-pad not found
[  120.428219][ T5843] Registered IR keymap rc-empty
[  120.430387][ T5843] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  120.434415][ T5843] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  120.596538][ T5843] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[  120.600647][ T5843] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input66
[  120.605837][ T5843] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:26> initialized
[  120.776772][ T5851] usb 7-1: USB disconnect, device number 26
[  121.227392][ T8632] hsr0: entered promiscuous mode
[  121.230607][ T8632] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  121.555559][   T29] usb 13-1: new high-speed USB device number 15 using dummy_hcd
[  121.716391][   T29] usb 13-1: Using ep0 maxpacket: 32
[  121.723138][   T29] usb 13-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  121.731278][   T29] usb 13-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  121.740030][   T29] usb 13-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  121.743521][   T29] usb 13-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  121.745530][ T5851] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  121.751379][   T29] usb 13-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  121.758654][   T29] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.766785][   T29] usb 13-1: Product: syz
[  121.768123][   T29] usb 13-1: Manufacturer: syz
[  121.769628][   T29] usb 13-1: SerialNumber: syz
[  121.774696][    C1] imon 13-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  121.781434][   T29] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/input/input67
[  121.917493][ T5851] usb 7-1: Using ep0 maxpacket: 16
[  121.920346][ T5851] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  121.924821][ T5851] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  121.927794][ T5851] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.930445][ T5851] usb 7-1: Product: syz
[  121.932051][ T5851] usb 7-1: Manufacturer: syz
[  121.933828][ T5851] usb 7-1: SerialNumber: syz
[  121.938869][ T5851] usb 7-1: config 0 descriptor??
[  121.943144][ T5851] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  121.946912][ T5851] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  121.996211][   T29] imon 13-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  122.000378][   T29]  (id 0x00)
[  122.045590][   T29] rc_core: IR keymap rc-imon-pad not found
[  122.047871][   T29] Registered IR keymap rc-empty
[  122.049910][   T29] imon 13-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  122.053139][   T29] imon 13-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  122.155965][   T34] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  122.206247][   T29] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0
[  122.210760][   T29] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0/input68
[  122.226644][   T29] imon 13-1:155.0: iMON device (15c2:ffdc, intf0) on usb<13:15> initialized
[  122.306105][   T34] usb 9-1: Using ep0 maxpacket: 32
[  122.310038][   T34] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  122.313158][   T34] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  122.316803][   T34] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  122.320136][   T34] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  122.327636][   T34] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  122.330652][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.333135][   T34] usb 9-1: Product: syz
[  122.334432][   T34] usb 9-1: Manufacturer: syz
[  122.336320][   T34] usb 9-1: SerialNumber: syz
[  122.341416][    C3] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  122.347170][   T34] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/input/input69
[  122.378984][  T844] usb 13-1: USB disconnect, device number 15
[  122.544050][ T5851] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  122.555786][   T34] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  122.559051][   T34]  (id 0x00)
[  122.605890][   T34] rc_core: IR keymap rc-imon-pad not found
[  122.607964][   T34] Registered IR keymap rc-empty
[  122.609723][   T34] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  122.613200][   T34] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  122.766168][   T34] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0
[  122.770582][   T34] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0/input70
[  122.776457][   T34] imon 9-1:155.0: iMON device (15c2:ffdc, intf0) on usb<9:20> initialized
qemu-system-x86_64: warning: 9p: degraded performance: a reasonable high msize should be chosen on client/guest side (chosen msize is <= 8192). See https://wiki.qemu.org/Documentation/9psetup#msize for details.
[  122.948026][ T5844] usb 9-1: USB disconnect, device number 20
[  122.959274][   T40] kauditd_printk_skb: 860 callbacks suppressed
[  122.959306][   T40] audit: type=1400 audit(1780057366.723:1514): avc:  denied  { write } for  pid=8676 comm="syz.6.753" name="/" dev="9p" ino=72877303 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  122.973267][   T40] audit: type=1400 audit(1780057366.723:1515): avc:  denied  { create } for  pid=8676 comm="syz.6.753" name="memory.events.local" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  122.981000][ T5851] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  122.983259][   T40] audit: type=1400 audit(1780057366.733:1516): avc:  denied  { read append open } for  pid=8676 comm="syz.6.753" path="/126/file0/memory.events.local" dev="9p" ino=72877495 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  122.985319][ T5851] em28xx 7-1:0.0: board has no eeprom
[  122.993544][   T40] audit: type=1400 audit(1780057366.753:1517): avc:  denied  { map } for  pid=8676 comm="syz.6.753" path="/126/file0/memory.events.local" dev="9p" ino=72877495 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  122.993571][   T40] audit: type=1400 audit(1780057366.753:1518): avc:  denied  { write } for  pid=8676 comm="syz.6.753" path="/126/file0/memory.events.local" dev="9p" ino=72877495 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  123.025002][ T8680] exFAT-fs (nbd8): unable to read boot sector
[  123.027059][ T8680] exFAT-fs (nbd8): failed to read boot sector
[  123.029283][ T8680] exFAT-fs (nbd8): failed to recognize exfat type
[  123.035604][ T8677] fuse: Bad value for 'user_id'
[  123.037398][   T40] audit: type=1400 audit(1780057366.803:1519): avc:  denied  { mounton } for  pid=8676 comm="syz.6.753" path="/126/file0/file0" dev="9p" ino=72877307 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sock_file permissive=1
[  123.037718][ T8677] fuse: Bad value for 'user_id'
[  123.172456][ T8684] 9p: Unknown access argument cl!÷}+: -22
[  123.280619][ T8649] em28xx 7-1:0.0: reading from i2c device at 0xa failed (error=-5)
[  123.335574][ T5851] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  123.338304][ T5851] em28xx 7-1:0.0: dvb set to bulk mode.
[  123.341746][  T844] em28xx 7-1:0.0: Binding DVB extension
[  123.350694][ T5851] usb 7-1: USB disconnect, device number 27
[  123.357682][ T5851] em28xx 7-1:0.0: Disconnecting em28xx
[  123.373091][  T844] em28xx 7-1:0.0: Registering input extension
[  123.376086][ T5851] em28xx 7-1:0.0: Closing input extension
[  123.401067][ T5851] em28xx 7-1:0.0: Freeing device
[  123.481330][ T8695] 9p: Bad value for 'msize'
[  123.785582][ T1044] usb 13-1: new high-speed USB device number 16 using dummy_hcd
[  123.935607][ T1044] usb 13-1: Using ep0 maxpacket: 32
[  123.939548][ T1044] usb 13-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  123.943946][ T1044] usb 13-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  123.949860][ T1044] usb 13-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  123.954225][ T1044] usb 13-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  123.960929][ T1044] usb 13-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  123.964705][ T1044] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.968290][ T1044] usb 13-1: Product: syz
[  123.970014][ T1044] usb 13-1: Manufacturer: syz
[  123.971900][ T1044] usb 13-1: SerialNumber: syz
[  123.973490][ T8724] openvswitch: netlink: Message has 4 unknown bytes.
[  123.977165][ T8724] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  123.982407][    C0] imon 13-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  123.991486][ T1044] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/input/input72
[  124.035862][   T34] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  124.196250][ T1044] imon 13-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  124.204667][ T1044]  (id 0x00)
[  124.205954][   T34] usb 9-1: Using ep0 maxpacket: 32
[  124.210690][   T34] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  124.211054][ T8736] tipc: Started in network mode
[  124.215110][   T34] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  124.217865][ T8736] tipc: Node identity 080211000001, cluster identity 4711
[  124.221513][   T34] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  124.224029][ T8736] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  124.228582][   T34] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  124.230408][   T34] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  124.241271][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.244739][   T34] usb 9-1: Product: syz
[  124.246576][   T34] usb 9-1: Manufacturer: syz
[  124.248507][   T34] usb 9-1: SerialNumber: syz
[  124.255727][ T1044] rc_core: IR keymap rc-imon-pad not found
[  124.256216][    C3] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  124.258558][ T1044] Registered IR keymap rc-empty
[  124.263156][ T1044] imon 13-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  124.263699][   T34] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/input/input74
[  124.268598][ T1044] imon 13-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  124.399475][ T1044] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0
[  124.405175][ T1044] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0/input73
[  124.413526][ T1044] imon 13-1:155.0: iMON device (15c2:ffdc, intf0) on usb<13:16> initialized
[  124.477178][ T8746] tipc: New replicast peer: 0.0.0.0
[  124.479459][ T8746] tipc: Enabled bearer <udp:syz2>, priority 10
[  124.481756][ T8746] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0001
[  124.485763][   T34] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  124.489685][   T34]  (id 0x00)
[  124.555670][   T34] rc_core: IR keymap rc-imon-pad not found
[  124.558193][   T34] Registered IR keymap rc-empty
[  124.560328][   T34] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  124.564638][   T34] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  124.594428][   T40] audit: type=1400 audit(1780057368.353:1520): avc:  denied  { write } for  pid=8700 comm="syz.8.761" name="/" dev="9p" ino=72877303 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  124.603566][   T40] audit: type=1400 audit(1780057368.363:1521): avc:  denied  { lock } for  pid=8700 comm="syz.8.761" path="/140/file0/cpuset.effective_cpus" dev="9p" ino=72877501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  124.665234][ T5843] usb 13-1: USB disconnect, device number 16
[  124.685100][   T34] rc rc1: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc1
[  124.699188][   T34] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc1/input75
[  124.726506][   T34] imon 9-1:155.0: iMON device (15c2:ffdc, intf0) on usb<9:21> initialized
[  124.796581][ T8757] syz.6.782: calling unsupported SCSI_IOCTL_SEND_COMMAND
[  124.862301][  T844] usb 9-1: USB disconnect, device number 21
[  125.043233][   T40] audit: type=1400 audit(1780057368.803:1522): avc:  denied  { connect } for  pid=8768 comm="syz.6.786" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  125.345636][   T58] usb 11-1: new full-speed USB device number 12 using dummy_hcd
[  125.409609][   T40] audit: type=1400 audit(1780057369.173:1523): avc:  denied  { set_context_mgr } for  pid=8778 comm="syz.4.790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  125.475804][ T5851] tipc: Node number set to 134418688
[  125.527030][   T58] usb 11-1: config 1 interface 0 altsetting 255 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  125.531166][   T58] usb 11-1: config 1 interface 0 has no altsetting 0
[  125.536874][   T58] usb 11-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.40
[  125.539917][   T58] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.543358][   T58] usb 11-1: Product: syz
[  125.545216][   T58] usb 11-1: Manufacturer: syz
[  125.547195][   T58] usb 11-1: SerialNumber: syz
[  125.552076][ T8775] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  126.422506][ T8786] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  126.425194][ T8786] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  126.429160][ T8786] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  126.481388][ T8799] bridge0: port 1(syz_tun) entered blocking state
[  126.484303][ T8799] bridge0: port 1(syz_tun) entered disabled state
[  126.489447][ T8799] syz_tun: entered allmulticast mode
[  126.492955][ T8799] syz_tun: entered promiscuous mode
[  126.500946][ T8799] bridge0: port 1(syz_tun) entered blocking state
[  126.503759][ T8799] bridge0: port 1(syz_tun) entered forwarding state
[  126.526917][   T58] usbhid 11-1:1.0: can't add hid device: -71
[  126.528905][   T58] usbhid 11-1:1.0: probe with driver usbhid failed with error -71
[  126.546719][   T58] usb 11-1: USB disconnect, device number 12
[  126.558962][ T1044] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  127.468704][ T8821] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  127.471690][ T8821] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  127.477145][ T8821] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  127.480166][ T8821] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  127.536393][ T8835] bridge0: port 3(syz_tun) entered blocking state
[  127.539414][ T8835] bridge0: port 3(syz_tun) entered disabled state
[  127.542371][ T8835] syz_tun: entered allmulticast mode
[  127.568023][ T8835] syz_tun: entered promiscuous mode
[  127.636281][ T1044] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  127.666116][ T8846] netlink: 8 bytes leftover after parsing attributes in process `syz.6.816'.
[  128.558655][ T8858] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  128.560656][ T8858] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  128.564381][ T8858] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  128.567439][ T8858] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  128.614860][ T1044] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  128.629842][ T5742] Bluetooth: hci3: ACL packet for unknown connection handle 4040
[  128.630075][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  128.630084][   T40] audit: type=1400 audit(1780057372.393:1526): avc:  denied  { bind } for  pid=8878 comm="syz.2.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  128.642811][   T40] audit: type=1400 audit(1780057372.403:1527): avc:  denied  { listen } for  pid=8878 comm="syz.2.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  128.647147][ T8877] libceph: resolve '½@½Ée2²âOAq§¨­cz' (ret=-3): failed
[  128.697296][ T8887] netlink: 8 bytes leftover after parsing attributes in process `syz.2.831'.
[  128.700635][ T8888] netlink: 8 bytes leftover after parsing attributes in process `syz.2.831'.
[  129.001513][ T1044] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  129.666184][ T8900] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  129.668973][ T8900] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  129.677374][ T8900] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  129.719657][   T40] audit: type=1400 audit(1780057373.483:1528): avc:  denied  { call } for  pid=8919 comm="syz.2.844" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  129.754590][ T8924] syz_tun: left promiscuous mode
[  129.768343][ T8924] tipc: Resetting bearer <eth:team0>
[  129.801420][ T8929] netlink: 48 bytes leftover after parsing attributes in process `syz.2.845'.
[  129.844630][ T1044] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  130.738134][ T8938] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  130.740227][ T8938] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  130.745188][ T8938] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  130.801688][ T8955] binder_alloc: 8953: binder_alloc_buf, no vma
[  130.866456][   T40] audit: type=1326 audit(1780057374.633:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8963 comm="syz.4.861" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa61919ce59 code=0x0
[  130.983144][ T8971] FAULT_INJECTION: forcing a failure.
[  130.983144][ T8971] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.989609][ T8971] CPU: 2 UID: 0 PID: 8971 Comm: syz.2.863 Not tainted syzkaller #0 PREEMPT(full) 
[  130.989633][ T8971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  130.989643][ T8971] Call Trace:
[  130.989649][ T8971]  <TASK>
[  130.989655][ T8971]  dump_stack_lvl+0x100/0x190
[  130.989680][ T8971]  should_fail_ex.cold+0x5/0xa
[  130.989701][ T8971]  _copy_from_iter+0x1f4/0x1690
[  130.989727][ T8971]  ? __pfx__copy_from_iter+0x10/0x10
[  130.989748][ T8971]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  130.989776][ T8971]  copy_page_from_iter+0x238/0x300
[  130.989800][ T8971]  tun_build_skb.constprop.0+0x2ea/0x18f0
[  130.989831][ T8971]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  130.989856][ T8971]  ? unwind_get_return_address+0x59/0xa0
[  130.989881][ T8971]  ? arch_stack_walk+0xa6/0xf0
[  130.989917][ T8971]  ? _kstrtoull+0x13c/0x1f0
[  130.989939][ T8971]  ? __pfx__kstrtoull+0x10/0x10
[  130.989965][ T8971]  tun_get_user+0x16d6/0x3c20
[  130.990005][ T8971]  ? __pfx_tun_get_user+0x10/0x10
[  130.990031][ T8971]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  130.990061][ T8971]  ? find_held_lock+0x2b/0x80
[  130.990076][ T8971]  ? tun_get+0x191/0x370
[  130.990098][ T8971]  ? tun_get+0x191/0x370
[  130.990127][ T8971]  tun_chr_write_iter+0xdc/0x200
[  130.990154][ T8971]  vfs_write+0x6ac/0x1070
[  130.990173][ T8971]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  130.990199][ T8971]  ? __pfx_vfs_write+0x10/0x10
[  130.990220][ T8971]  ? find_held_lock+0x2b/0x80
[  130.990250][ T8971]  ksys_write+0x12a/0x250
[  130.990269][ T8971]  ? __pfx_ksys_write+0x10/0x10
[  130.990307][ T8971]  ? rcu_is_watching+0x12/0xc0
[  130.990336][ T8971]  do_syscall_64+0x115/0x870
[  130.990372][ T8971]  ? clear_bhb_loop+0x40/0x90
[  130.990393][ T8971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.990408][ T8971] RIP: 0033:0x7fddb2f5d68e
[  130.990421][ T8971] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  130.990437][ T8971] RSP: 002b:00007fddb3dd9fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  130.990455][ T8971] RAX: ffffffffffffffda RBX: 00007fddb3dda6c0 RCX: 00007fddb2f5d68e
[  130.990466][ T8971] RDX: 000000000000003e RSI: 0000200000000500 RDI: 00000000000000c8
[  130.990476][ T8971] RBP: 00007fddb3dda090 R08: 0000000000000000 R09: 0000000000000000
[  130.990486][ T8971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.990496][ T8971] R13: 00007fddb3216038 R14: 00007fddb3215fa0 R15: 00007fff604273b8
[  130.990518][ T8971]  </TASK>
[  131.096114][  T844] usb 13-1: new high-speed USB device number 17 using dummy_hcd
[  131.246385][  T844] usb 13-1: Using ep0 maxpacket: 32
[  131.250232][  T844] usb 13-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  131.258011][  T844] usb 13-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  131.263647][  T844] usb 13-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  131.268794][  T844] usb 13-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  131.276034][  T844] usb 13-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  131.279686][  T844] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.282134][  T844] usb 13-1: Product: syz
[  131.283468][  T844] usb 13-1: Manufacturer: syz
[  131.284917][  T844] usb 13-1: SerialNumber: syz
[  131.293026][    C2] imon 13-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  131.296850][  T844] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/input/input76
[  131.505505][  T844] imon 13-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  131.508099][  T844]  (id 0x00)
[  131.565510][  T844] rc_core: IR keymap rc-imon-pad not found
[  131.568200][  T844] Registered IR keymap rc-empty
[  131.570042][  T844] imon 13-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  131.573222][  T844] imon 13-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  131.708310][  T844] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0
[  131.713820][  T844] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc0/input77
[  131.724207][  T844] imon 13-1:155.0: iMON device (15c2:ffdc, intf0) on usb<13:17> initialized
[  131.790966][ T8987] binder_alloc: 8985: binder_alloc_buf, no vma
[  131.897684][  T844] usb 13-1: USB disconnect, device number 17
[  132.073393][ T8982] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  132.075705][ T8982] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  132.080523][ T8982] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  132.333275][ T9010] binder_alloc: 9009: binder_alloc_buf, no vma
[  133.194903][ T9013] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  133.198118][ T9013] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  133.210463][ T9013] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  133.212704][ T9013] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  133.424228][ T9038] Can't find a SQUASHFS superblock on nullb0
[  133.449703][   T40] audit: type=1400 audit(1780057377.213:1530): avc:  denied  { accept } for  pid=9039 comm="syz.2.892" path=0000214E000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002F6465762F6B766D0000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  134.338609][ T9080] netlink: 24 bytes leftover after parsing attributes in process `syz.2.906'.
[  134.370988][ T9050] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  134.373547][ T9050] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  134.377379][ T9050] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  134.379985][ T9050] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  134.381994][ T9050] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  134.577314][ T9105] netlink: 36 bytes leftover after parsing attributes in process `syz.4.915'.
[  134.581074][ T9105] netlink: 16 bytes leftover after parsing attributes in process `syz.4.915'.
[  134.584854][ T9105] netlink: 36 bytes leftover after parsing attributes in process `syz.4.915'.
[  134.696572][   T40] audit: type=1400 audit(1780057378.453:1531): avc:  denied  { mounton } for  pid=9110 comm="syz.4.920" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  134.771732][   T62] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  135.452825][ T9137] overlayfs: conflicting options: userxattr,metacopy=on
[  135.492901][ T9112] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  135.497066][ T9112] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  135.501876][ T9112] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  135.504235][ T9112] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  135.914158][ T9161] netlink: 68 bytes leftover after parsing attributes in process `syz.2.939'.
[  136.795814][ T5742] Bluetooth: hci3: command 0x040f tx timeout
[  136.894362][ T9187] netlink: 68 bytes leftover after parsing attributes in process `syz.4.950'.
[  137.060590][ T9192] netlink: 36 bytes leftover after parsing attributes in process `syz.8.945'.
[  137.065247][ T9192] netlink: 16 bytes leftover after parsing attributes in process `syz.8.945'.
[  137.070431][ T9192] netlink: 36 bytes leftover after parsing attributes in process `syz.8.945'.
[  137.374616][   T40] audit: type=1400 audit(1780057381.133:1532): avc:  denied  { write } for  pid=9195 comm="syz.4.953" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  137.517496][ T5742] Bluetooth: hci2: command 0x0c1a tx timeout
[  137.517882][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  137.640347][   T40] audit: type=1400 audit(1780057381.403:1533): avc:  denied  { setopt } for  pid=9205 comm="syz.4.955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  137.839974][ T1438] ieee802154 phy0 wpan0: encryption failed: -22
[  137.842426][ T1438] ieee802154 phy1 wpan1: encryption failed: -22
[  138.025336][ T9235] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  138.053026][ T9236] netlink: 36 bytes leftover after parsing attributes in process `syz.6.966'.
[  138.105558][ T6149] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  138.266651][ T6149] usb 7-1: Using ep0 maxpacket: 32
[  138.269863][ T6149] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  138.276693][ T6149] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  138.283813][ T6149] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  138.287587][ T6149] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  138.293279][ T6149] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  138.297409][ T6149] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.302847][ T6149] usb 7-1: Product: syz
[  138.305280][ T6149] usb 7-1: Manufacturer: syz
[  138.309575][ T6149] usb 7-1: SerialNumber: syz
[  138.320488][    C2] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  138.323956][ T6149] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input78
[  138.537809][ T6149] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  138.545784][ T6149]  (id 0x00)
[  138.595532][ T6149] rc_core: IR keymap rc-imon-pad not found
[  138.597334][ T6149] Registered IR keymap rc-empty
[  138.598919][ T6149] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  138.601973][ T6149] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  138.736407][ T6149] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[  138.740495][ T6149] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input79
[  138.746097][ T6149] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:28> initialized
[  138.885876][   T62] Bluetooth: hci3: command 0x040f tx timeout
[  138.925067][ T6149] usb 7-1: USB disconnect, device number 28
[  139.511956][   T40] audit: type=1400 audit(1780057383.273:1534): avc:  denied  { wake_alarm } for  pid=9269 comm="syz.4.982" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  139.534274][ T9275] __nla_validate_parse: 2 callbacks suppressed
[  139.534290][ T9275] netlink: 36 bytes leftover after parsing attributes in process `syz.2.979'.
[  139.542244][ T9275] netlink: 16 bytes leftover after parsing attributes in process `syz.2.979'.
[  139.546162][ T9275] netlink: 36 bytes leftover after parsing attributes in process `syz.2.979'.
[  139.595614][   T62] Bluetooth: hci2: command 0x0c1a tx timeout
[  139.665084][   T62] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  139.711884][ T9285] tipc: Resetting bearer <eth:team0>
[  139.715696][ T9285] tipc: Resetting bearer <eth:team0>
[  139.785713][   T34] usb 11-1: new high-speed USB device number 13 using dummy_hcd
[  139.827643][ T9297] FAULT_INJECTION: forcing a failure.
[  139.827643][ T9297] name failslab, interval 1, probability 0, space 0, times 0
[  139.833749][ T9297] CPU: 1 UID: 0 PID: 9297 Comm: syz.4.994 Not tainted syzkaller #0 PREEMPT(full) 
[  139.833770][ T9297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  139.833779][ T9297] Call Trace:
[  139.833785][ T9297]  <TASK>
[  139.833791][ T9297]  dump_stack_lvl+0x100/0x190
[  139.833815][ T9297]  should_fail_ex.cold+0x5/0xa
[  139.833838][ T9297]  ? tomoyo_realpath_from_path+0xb6/0x690
[  139.833867][ T9297]  should_failslab+0xc2/0x120
[  139.833886][ T9297]  __kmalloc_noprof+0xe0/0x850
[  139.833908][ T9297]  ? kfree+0x1dd/0x6c0
[  139.833932][ T9297]  tomoyo_realpath_from_path+0xb6/0x690
[  139.833962][ T9297]  tomoyo_path_number_perm+0x23c/0x580
[  139.833982][ T9297]  ? tomoyo_path_number_perm+0x22e/0x580
[  139.834010][ T9297]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  139.834056][ T9297]  ? find_held_lock+0x2b/0x80
[  139.834070][ T9297]  ? __fget_files+0x215/0x3d0
[  139.834088][ T9297]  ? hook_file_ioctl_common+0x149/0x410
[  139.834103][ T9297]  ? __fget_files+0x215/0x3d0
[  139.834132][ T9297]  ? __fget_files+0x21f/0x3d0
[  139.834159][ T9297]  security_file_ioctl+0xd3/0x230
[  139.834186][ T9297]  __x64_sys_ioctl+0xb7/0x210
[  139.834204][ T9297]  do_syscall_64+0x115/0x870
[  139.834224][ T9297]  ? clear_bhb_loop+0x40/0x90
[  139.834243][ T9297]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.834259][ T9297] RIP: 0033:0x7fa61919ce59
[  139.834272][ T9297] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  139.834289][ T9297] RSP: 002b:00007fa61a070028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  139.834308][ T9297] RAX: ffffffffffffffda RBX: 00007fa619415fa0 RCX: 00007fa61919ce59
[  139.834321][ T9297] RDX: 0000000000000000 RSI: 000000004004480d RDI: 0000000000000003
[  139.834331][ T9297] RBP: 00007fa61a070090 R08: 0000000000000000 R09: 0000000000000000
[  139.834340][ T9297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.834349][ T9297] R13: 00007fa619416038 R14: 00007fa619415fa0 R15: 00007ffcaee9f538
[  139.834371][ T9297]  </TASK>
[  139.834377][ T9297] ERROR: Out of memory at tomoyo_realpath_from_path.
[  139.853298][   T62] Bluetooth: hci3: unexpected event for opcode 0x0401
[  139.861990][ T9301] netlink: 16 bytes leftover after parsing attributes in process `syz.8.995'.
[  139.949849][   T34] usb 11-1: Using ep0 maxpacket: 32
[  139.957845][   T34] usb 11-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  139.961300][   T34] usb 11-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  139.967021][   T34] usb 11-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  139.988778][   T34] usb 11-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  139.997641][   T34] usb 11-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  140.000369][   T34] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.004632][   T34] usb 11-1: Product: syz
[  140.009129][   T34] usb 11-1: Manufacturer: syz
[  140.010645][   T34] usb 11-1: SerialNumber: syz
[  140.019681][    C3] imon 11-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  140.028166][   T34] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/input/input80
[  140.126162][ T9319] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  140.128094][ T9319] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  140.134455][ T9319] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  140.137666][ T9319] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  140.211943][   T62] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  140.245629][   T58] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  140.245773][   T34] imon 11-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  140.250910][   T34]  (id 0x00)
[  140.315745][   T34] rc_core: IR keymap rc-imon-pad not found
[  140.317580][   T34] Registered IR keymap rc-empty
[  140.319143][   T34] imon 11-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  140.322223][   T34] imon 11-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  140.331903][   T62] Bluetooth: hci2: unexpected event for opcode 0x0401
[  140.406542][   T58] usb 9-1: Using ep0 maxpacket: 32
[  140.411461][   T58] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  140.415909][   T58] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  140.419510][   T58] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  140.422914][   T58] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  140.423864][ T9274] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.430195][   T58] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  140.433831][ T9274] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  140.434763][   T58] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.444779][   T58] usb 9-1: Product: syz
[  140.446716][   T58] usb 9-1: Manufacturer: syz
[  140.448669][   T58] usb 9-1: SerialNumber: syz
[  140.454627][    C1] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  140.459711][   T58] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/input/input82
[  140.476372][   T34] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0
[  140.482425][   T34] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0/input81
[  140.489000][   T34] imon 11-1:155.0: iMON device (15c2:ffdc, intf0) on usb<11:13> initialized
[  140.650589][ T6149] usb 11-1: USB disconnect, device number 13
[  140.652001][ T9345] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1013'.
[  140.678889][   T58] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  140.686432][   T58]  (id 0x00)
[  140.746103][   T58] rc_core: IR keymap rc-imon-pad not found
[  140.748053][   T58] Registered IR keymap rc-empty
[  140.749683][   T58] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  140.752904][   T58] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  140.777733][ T9351] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  140.780329][ T9351] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  140.783194][ T9351] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  140.876415][   T58] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0
[  140.881874][   T58] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0/input83
[  140.890293][   T58] imon 9-1:155.0: iMON device (15c2:ffdc, intf0) on usb<9:22> initialized
[  141.062384][ T5887] usb 9-1: USB disconnect, device number 22
[  141.181697][   T62] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  141.222323][ T9364] tipc: Resetting bearer <eth:syzkaller0>
[  141.299129][   T62] Bluetooth: hci1: unexpected event for opcode 0x0401
[  141.596997][ T9377] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1024'.
[  141.599988][ T9377] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1024'.
[  141.604188][ T9377] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1024'.
[  141.696559][ T9388] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1025'.
[  141.699394][ T9388] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1025'.
[  141.793960][ T9393] FAULT_INJECTION: forcing a failure.
[  141.793960][ T9393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.798140][ T9393] CPU: 3 UID: 0 PID: 9393 Comm: syz.6.1031 Not tainted syzkaller #0 PREEMPT(full) 
[  141.798155][ T9393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  141.798161][ T9393] Call Trace:
[  141.798166][ T9393]  <TASK>
[  141.798170][ T9393]  dump_stack_lvl+0x100/0x190
[  141.798186][ T9393]  should_fail_ex.cold+0x5/0xa
[  141.798201][ T9393]  _copy_from_iter+0x1f4/0x1690
[  141.798218][ T9393]  ? __pfx__copy_from_iter+0x10/0x10
[  141.798231][ T9393]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  141.798248][ T9393]  copy_page_from_iter+0x238/0x300
[  141.798263][ T9393]  tun_build_skb.constprop.0+0x2ea/0x18f0
[  141.798284][ T9393]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  141.798300][ T9393]  ? unwind_get_return_address+0x59/0xa0
[  141.798317][ T9393]  ? arch_stack_walk+0xa6/0xf0
[  141.798338][ T9393]  ? _kstrtoull+0x13c/0x1f0
[  141.798353][ T9393]  ? __pfx__kstrtoull+0x10/0x10
[  141.798370][ T9393]  tun_get_user+0x16d6/0x3c20
[  141.798391][ T9393]  ? __pfx_tun_get_user+0x10/0x10
[  141.798408][ T9393]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  141.798427][ T9393]  ? find_held_lock+0x2b/0x80
[  141.798437][ T9393]  ? tun_get+0x191/0x370
[  141.798450][ T9393]  ? tun_get+0x191/0x370
[  141.798468][ T9393]  tun_chr_write_iter+0xdc/0x200
[  141.798485][ T9393]  vfs_write+0x6ac/0x1070
[  141.798498][ T9393]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  141.798515][ T9393]  ? __pfx_vfs_write+0x10/0x10
[  141.798525][ T9393]  ? find_held_lock+0x2b/0x80
[  141.798542][ T9393]  ksys_write+0x12a/0x250
[  141.798554][ T9393]  ? __pfx_ksys_write+0x10/0x10
[  141.798566][ T9393]  ? rcu_is_watching+0x12/0xc0
[  141.798583][ T9393]  do_syscall_64+0x115/0x870
[  141.798597][ T9393]  ? clear_bhb_loop+0x40/0x90
[  141.798609][ T9393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.798620][ T9393] RIP: 0033:0x7f52d175d68e
[  141.798629][ T9393] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  141.798640][ T9393] RSP: 002b:00007f52d26cffb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  141.798651][ T9393] RAX: ffffffffffffffda RBX: 00007f52d26d06c0 RCX: 00007f52d175d68e
[  141.798658][ T9393] RDX: 0000000000000036 RSI: 0000200000001800 RDI: 00000000000000c8
[  141.798664][ T9393] RBP: 00007f52d26d0090 R08: 0000000000000000 R09: 0000000000000000
[  141.798670][ T9393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.798676][ T9393] R13: 00007f52d1a16038 R14: 00007f52d1a15fa0 R15: 00007ffd49678ff8
[  141.798689][ T9393]  </TASK>
[  142.086822][ T9416] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  142.089440][ T9416] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  142.091930][ T9416] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  142.363694][ T5844] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  142.684491][ T5742] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  142.745900][   T34] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  142.899234][   T40] audit: type=1400 audit(1780057386.663:1535): avc:  denied  { write } for  pid=9474 comm="syz.8.1063" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  142.906556][   T40] audit: type=1400 audit(1780057386.663:1536): avc:  denied  { open } for  pid=9474 comm="syz.8.1063" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  142.913991][   T40] audit: type=1400 audit(1780057386.663:1537): avc:  denied  { ioctl } for  pid=9474 comm="syz.8.1063" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0xaa07 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  142.925507][   T34] usb 9-1: Using ep0 maxpacket: 32
[  142.930589][   T34] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  142.934592][   T34] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  142.940511][   T34] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  142.944020][   T34] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  142.951868][   T34] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  142.954782][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.958149][   T34] usb 9-1: Product: syz
[  142.959753][   T34] usb 9-1: Manufacturer: syz
[  142.961309][   T34] usb 9-1: SerialNumber: syz
[  142.967414][    C3] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  142.972365][   T34] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/input/input84
[  143.005826][ T5844] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  143.185558][   T34] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  143.188129][   T34]  (id 0x00)
[  143.225554][   T34] rc_core: IR keymap rc-imon-pad not found
[  143.227489][   T34] Registered IR keymap rc-empty
[  143.229340][   T34] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  143.237095][   T34] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  143.298260][ T5098] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  143.302360][ T5098] CPU: 0 UID: 0 PID: 5098 Comm: kworker/u33:1 Not tainted syzkaller #0 PREEMPT(full) 
[  143.302385][ T5098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  143.302397][ T5098] Workqueue: hci3 hci_rx_work
[  143.302423][ T5098] Call Trace:
[  143.302429][ T5098]  <TASK>
[  143.302437][ T5098]  dump_stack_lvl+0x100/0x190
[  143.302463][ T5098]  sysfs_warn_dup.cold+0x1c/0x28
[  143.302493][ T5098]  sysfs_create_dir_ns+0x24b/0x2b0
[  143.302515][ T5098]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  143.302533][ T5098]  ? find_held_lock+0x2b/0x80
[  143.302546][ T5098]  ? kobject_add_internal+0x25f/0x930
[  143.302571][ T5098]  ? kobject_add_internal+0x25f/0x930
[  143.302599][ T5098]  ? do_raw_spin_unlock+0x145/0x1e0
[  143.302625][ T5098]  kobject_add_internal+0x2c8/0x930
[  143.302654][ T5098]  kobject_add+0x16a/0x1e0
[  143.302679][ T5098]  ? __pfx_kobject_add+0x10/0x10
[  143.302704][ T5098]  ? class_to_subsys+0x10f/0x150
[  143.302727][ T5098]  ? kobject_put+0xb9/0x640
[  143.302751][ T5098]  ? _raw_spin_unlock+0x28/0x50
[  143.302779][ T5098]  device_add+0x294/0x1950
[  143.302798][ T5098]  ? __pfx_dev_set_name+0x10/0x10
[  143.302819][ T5098]  ? __pfx_device_add+0x10/0x10
[  143.302838][ T5098]  ? mgmt_send_event_skb+0x2fb/0x460
[  143.302866][ T5098]  hci_conn_add_sysfs+0x1a3/0x260
[  143.302910][ T5098]  le_conn_complete_evt+0x11eb/0x1f60
[  143.302942][ T5098]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  143.302978][ T5098]  hci_le_enh_conn_complete_evt+0x23d/0x3b0
[  143.303028][ T5098]  ? skb_pull_data+0x15f/0x1e0
[  143.303053][ T5098]  hci_le_meta_evt+0x34a/0x5f0
[  143.303077][ T5098]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  143.303102][ T5098]  hci_event_packet+0x51c/0xcd0
[  143.303124][ T5098]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  143.303147][ T5098]  ? __pfx_hci_event_packet+0x10/0x10
[  143.303170][ T5098]  ? kcov_remote_start+0x374/0x660
[  143.303188][ T5098]  ? lockdep_hardirqs_on+0x78/0x100
[  143.303216][ T5098]  hci_rx_work+0x451/0xfc0
[  143.303241][ T5098]  process_one_work+0xa0e/0x1980
[  143.303275][ T5098]  ? __pfx_process_one_work+0x10/0x10
[  143.303304][ T5098]  ? __pfx_hci_rx_work+0x10/0x10
[  143.303327][ T5098]  worker_thread+0x5ef/0xe50
[  143.303354][ T5098]  ? __pfx_worker_thread+0x10/0x10
[  143.303377][ T5098]  ? kthread+0x13a/0x450
[  143.303394][ T5098]  ? __pfx_worker_thread+0x10/0x10
[  143.303415][ T5098]  kthread+0x370/0x450
[  143.303433][ T5098]  ? __pfx_kthread+0x10/0x10
[  143.303454][ T5098]  ret_from_fork+0x72b/0xd50
[  143.303477][ T5098]  ? __pfx_ret_from_fork+0x10/0x10
[  143.303499][ T5098]  ? __switch_to+0x800/0x1100
[  143.303524][ T5098]  ? __pfx_kthread+0x10/0x10
[  143.303544][ T5098]  ret_from_fork_asm+0x1a/0x30
[  143.303579][ T5098]  </TASK>
[  143.304866][ T5098] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  143.327684][ T5754] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  143.330551][ T5098] Bluetooth: hci3: failed to register connection device
[  143.386336][   T34] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0
[  143.418730][   T34] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0/input85
[  143.423605][   T34] imon 9-1:155.0: iMON device (15c2:ffdc, intf0) on usb<9:23> initialized
[  144.155606][ T5098] Bluetooth: hci2: command 0x0c1a tx timeout
[  144.155620][ T5754] Bluetooth: hci1: command 0x0c1a tx timeout
[  144.157532][ T5098] Bluetooth: hci3: command 0x040f tx timeout
[  144.926194][ T6149] usb 13-1: new high-speed USB device number 18 using dummy_hcd
[  145.095626][ T6149] usb 13-1: Using ep0 maxpacket: 32
[  145.098472][ T6149] usb 13-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  145.101929][ T6149] usb 13-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  145.106497][ T6149] usb 13-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  145.110182][ T6149] usb 13-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  145.118495][ T6149] usb 13-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  145.122383][ T6149] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.126161][ T6149] usb 13-1: Product: syz
[  145.126176][ T6149] usb 13-1: Manufacturer: syz
[  145.126189][ T6149] usb 13-1: SerialNumber: syz
[  145.140245][    C2] imon 13-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  145.145174][ T6149] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/input/input86
[  145.355683][ T6149] imon 13-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  145.359026][ T6149]  (id 0x00)
[  145.405494][ T6149] rc_core: IR keymap rc-imon-pad not found
[  145.407509][ T6149] Registered IR keymap rc-empty
[  145.409530][ T6149] imon 13-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  145.413547][ T6149] imon 13-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  145.505631][ T5851] usb 9-1: USB disconnect, device number 23
[  145.557052][ T6149] rc rc1: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc1
[  145.566339][ T6149] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:155.0/rc/rc1/input87
[  145.574718][ T6149] imon 13-1:155.0: iMON device (15c2:ffdc, intf0) on usb<13:18> initialized
[  145.744996][ T5843] usb 13-1: USB disconnect, device number 18
[  146.235593][ T5754] Bluetooth: hci1: command 0x0c1a tx timeout
[  146.235935][ T5743] Bluetooth: hci2: command 0x0c1a tx timeout
[  147.916170][ T5098] Bluetooth: hci3: command 0x040f tx timeout
[  147.925236][ T9558] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  147.927852][ T9558] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  147.931133][ T9558] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  147.937311][ T9558] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  147.984818][ T5844] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  148.176480][ T9611] __nla_validate_parse: 10 callbacks suppressed
[  148.176499][ T9611] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1114'.
[  148.357708][ T9630] FAULT_INJECTION: forcing a failure.
[  148.357708][ T9630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  148.362612][ T9630] CPU: 2 UID: 0 PID: 9630 Comm: syz.2.1124 Not tainted syzkaller #0 PREEMPT(full) 
[  148.362628][ T9630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  148.362634][ T9630] Call Trace:
[  148.362639][ T9630]  <TASK>
[  148.362643][ T9630]  dump_stack_lvl+0x100/0x190
[  148.362660][ T9630]  should_fail_ex.cold+0x5/0xa
[  148.362674][ T9630]  _copy_to_user+0x32/0xd0
[  148.362688][ T9630]  simple_read_from_buffer+0xcb/0x170
[  148.362703][ T9630]  proc_fail_nth_read+0x1af/0x230
[  148.362716][ T9630]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  148.362728][ T9630]  ? rw_verify_area+0xce/0x6d0
[  148.362738][ T9630]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  148.362749][ T9630]  vfs_read+0x1e4/0xb30
[  148.362762][ T9630]  ? __pfx_vfs_read+0x10/0x10
[  148.362773][ T9630]  ? __fget_files+0x215/0x3d0
[  148.362789][ T9630]  ? __fget_files+0x21f/0x3d0
[  148.362806][ T9630]  ksys_read+0x12a/0x250
[  148.362817][ T9630]  ? __pfx_ksys_read+0x10/0x10
[  148.362829][ T9630]  ? rcu_is_watching+0x12/0xc0
[  148.362847][ T9630]  do_syscall_64+0x115/0x870
[  148.362860][ T9630]  ? clear_bhb_loop+0x40/0x90
[  148.362873][ T9630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.362884][ T9630] RIP: 0033:0x7fddb2f5d68e
[  148.362892][ T9630] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  148.362902][ T9630] RSP: 002b:00007fddb3dd9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  148.362913][ T9630] RAX: ffffffffffffffda RBX: 00007fddb3dda6c0 RCX: 00007fddb2f5d68e
[  148.362941][ T9630] RDX: 000000000000000f RSI: 00007fddb3dda0a0 RDI: 0000000000000004
[  148.362952][ T9630] RBP: 00007fddb3dda090 R08: 0000000000000000 R09: 0000000000000000
[  148.362960][ T9630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.362966][ T9630] R13: 00007fddb3216038 R14: 00007fddb3215fa0 R15: 00007fff604273b8
[  148.362980][ T9630]  </TASK>
[  148.400448][ T9634] binder: BINDER_SET_CONTEXT_MGR already set
[  148.429904][ T9634] binder: 9632:9634 ioctl 4018620d 2000000003c0 returned -16
[  148.465578][ T6149] usb 11-1: new high-speed USB device number 14 using dummy_hcd
[  148.492634][ T1044] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  148.615547][ T6149] usb 11-1: Using ep0 maxpacket: 32
[  148.620585][ T6149] usb 11-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  148.624906][ T6149] usb 11-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  148.630125][ T6149] usb 11-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  148.633623][ T6149] usb 11-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  148.639647][ T6149] usb 11-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  148.642659][ T6149] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.645148][ T6149] usb 11-1: Product: syz
[  148.646655][ T6149] usb 11-1: Manufacturer: syz
[  148.648175][ T6149] usb 11-1: SerialNumber: syz
[  148.652692][    C2] imon 11-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  148.658287][ T6149] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/input/input88
[  148.868824][ T6149] imon 11-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  148.877070][ T6149]  (id 0x00)
[  148.915538][ T6149] rc_core: IR keymap rc-imon-pad not found
[  148.917422][ T6149] Registered IR keymap rc-empty
[  148.919382][ T6149] imon 11-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  148.923076][ T6149] imon 11-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  149.077372][ T6149] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0
[  149.082100][ T6149] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:155.0/rc/rc0/input89
[  149.088575][ T6149] imon 11-1:155.0: iMON device (15c2:ffdc, intf0) on usb<11:14> initialized
[  149.261591][ T6149] usb 11-1: USB disconnect, device number 14
[  149.319126][ T9671] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  149.517862][ T9695] binder: BINDER_SET_CONTEXT_MGR already set
[  149.521626][ T9695] binder: 9693:9695 ioctl 4018620d 2000000003c0 returned -16
[  149.689744][ T9702] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  149.995677][   T62] Bluetooth: hci2: command 0x0c1a tx timeout
[  149.995772][ T5742] Bluetooth: hci3: command 0x040f tx timeout
[  150.005801][ T5742] Bluetooth: hci1: command 0x0c1a tx timeout
[  150.236305][ T9731] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  150.238320][ T9731] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  150.241727][ T9731] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  150.243726][ T9731] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  150.297660][ T5844] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  150.360548][ T9749] FAULT_INJECTION: forcing a failure.
[  150.360548][ T9749] name failslab, interval 1, probability 0, space 0, times 0
[  150.364446][ T9749] CPU: 1 UID: 0 PID: 9749 Comm: syz.6.1175 Not tainted syzkaller #0 PREEMPT(full) 
[  150.364461][ T9749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  150.364468][ T9749] Call Trace:
[  150.364472][ T9749]  <TASK>
[  150.364476][ T9749]  dump_stack_lvl+0x100/0x190
[  150.364491][ T9749]  should_fail_ex.cold+0x5/0xa
[  150.364506][ T9749]  should_failslab+0xc2/0x120
[  150.364519][ T9749]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  150.364535][ T9749]  ? do_getname+0x35/0x390
[  150.364550][ T9749]  ? find_held_lock+0x2b/0x80
[  150.364559][ T9749]  ? ksys_write+0x190/0x250
[  150.364572][ T9749]  do_getname+0x35/0x390
[  150.364589][ T9749]  do_sys_openat2+0xc5/0x1e0
[  150.364604][ T9749]  ? __pfx_do_sys_openat2+0x10/0x10
[  150.364618][ T9749]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  150.364636][ T9749]  ? __fget_files+0x21f/0x3d0
[  150.364651][ T9749]  __x64_sys_openat+0x12d/0x210
[  150.364667][ T9749]  ? __pfx___x64_sys_openat+0x10/0x10
[  150.364681][ T9749]  ? ksys_write+0x1ac/0x250
[  150.364694][ T9749]  ? rcu_is_watching+0x12/0xc0
[  150.364711][ T9749]  do_syscall_64+0x115/0x870
[  150.364724][ T9749]  ? clear_bhb_loop+0x40/0x90
[  150.364736][ T9749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.364747][ T9749] RIP: 0033:0x7f52d179ce59
[  150.364756][ T9749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  150.364766][ T9749] RSP: 002b:00007f52d26d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  150.364776][ T9749] RAX: ffffffffffffffda RBX: 00007f52d1a15fa0 RCX: 00007f52d179ce59
[  150.364782][ T9749] RDX: 0000000000020000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  150.364789][ T9749] RBP: 00007f52d26d0090 R08: 0000000000000000 R09: 0000000000000000
[  150.364795][ T9749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.364800][ T9749] R13: 00007f52d1a16038 R14: 00007f52d1a15fa0 R15: 00007ffd49678ff8
[  150.364813][ T9749]  </TASK>
[  150.385207][ T9753] xt_CT: You must specify a L4 protocol and not use inversions on it
[  150.418006][ T9757] FAULT_INJECTION: forcing a failure.
[  150.418006][ T9757] name failslab, interval 1, probability 0, space 0, times 0
[  150.420170][ T9758] xt_CT: You must specify a L4 protocol and not use inversions on it
[  150.421917][ T9757] CPU: 0 UID: 0 PID: 9757 Comm: syz.6.1178 Not tainted syzkaller #0 PREEMPT(full) 
[  150.421931][ T9757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  150.421937][ T9757] Call Trace:
[  150.421941][ T9757]  <TASK>
[  150.421945][ T9757]  dump_stack_lvl+0x100/0x190
[  150.421960][ T9757]  should_fail_ex.cold+0x5/0xa
[  150.421975][ T9757]  should_failslab+0xc2/0x120
[  150.421987][ T9757]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  150.422004][ T9757]  ? __alloc_skb+0x140/0x710
[  150.422019][ T9757]  ? __alloc_skb+0x5b7/0x710
[  150.422035][ T9757]  __alloc_skb+0x140/0x710
[  150.422049][ T9757]  ? __alloc_skb+0x5b7/0x710
[  150.422064][ T9757]  ? __pfx___alloc_skb+0x10/0x10
[  150.422079][ T9757]  ? find_held_lock+0x2b/0x80
[  150.422091][ T9757]  alloc_skb_with_frags+0xdd/0x760
[  150.422101][ T9757]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  150.422116][ T9757]  sock_alloc_send_pskb+0x801/0x980
[  150.422131][ T9757]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  150.422149][ T9757]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  150.422164][ T9757]  ? find_held_lock+0x2b/0x80
[  150.422173][ T9757]  ? dev_get_by_index+0x180/0x380
[  150.422188][ T9757]  ? dev_get_by_index+0x180/0x380
[  150.422206][ T9757]  packet_sendmsg+0x1eda/0x5100
[  150.422224][ T9757]  ? __lock_acquire+0x4a5/0x2630
[  150.422240][ T9757]  ? sock_has_perm+0x25a/0x2f0
[  150.422254][ T9757]  ? __pfx_sock_has_perm+0x10/0x10
[  150.422268][ T9757]  ? __pfx_packet_sendmsg+0x10/0x10
[  150.422288][ T9757]  __sys_sendto+0x468/0x4b0
[  150.422302][ T9757]  ? __pfx_packet_sendmsg+0x10/0x10
[  150.422316][ T9757]  ? __pfx___sys_sendto+0x10/0x10
[  150.422341][ T9757]  ? ksys_write+0x1ac/0x250
[  150.422353][ T9757]  ? __pfx_ksys_write+0x10/0x10
[  150.422366][ T9757]  __x64_sys_sendto+0xe0/0x1c0
[  150.422380][ T9757]  ? do_syscall_64+0x90/0x870
[  150.422394][ T9757]  ? lockdep_hardirqs_on+0x78/0x100
[  150.422411][ T9757]  do_syscall_64+0x115/0x870
[  150.422424][ T9757]  ? clear_bhb_loop+0x40/0x90
[  150.422436][ T9757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.422447][ T9757] RIP: 0033:0x7f52d179ce59
[  150.422456][ T9757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  150.422467][ T9757] RSP: 002b:00007f52d26d0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  150.422477][ T9757] RAX: ffffffffffffffda RBX: 00007f52d1a15fa0 RCX: 00007f52d179ce59
[  150.422483][ T9757] RDX: 000000000000002b RSI: 0000200000000640 RDI: 0000000000000004
[  150.422489][ T9757] RBP: 00007f52d26d0090 R08: 0000200000000380 R09: 0000000000000014
[  150.422495][ T9757] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001
[  150.422501][ T9757] R13: 00007f52d1a16038 R14: 00007f52d1a15fa0 R15: 00007ffd49678ff8
[  150.422514][ T9757]  </TASK>
[  150.453705][ T9761] netlink: 4768 bytes leftover after parsing attributes in process `syz.8.1179'.
[  150.560382][ T1044] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  150.748958][   T40] audit: type=1400 audit(1780057394.513:1538): avc:  denied  { ioctl } for  pid=9789 comm="syz.4.1190" path="/dev/tty4" dev="devtmpfs" ino=23 ioctlcmd=0x64bd scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:devicekit_disk_exec_t:s0"
[  150.749516][ T9790] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  150.782041][ T1044] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  150.851097][ T9811] FAULT_INJECTION: forcing a failure.
[  150.851097][ T9811] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.855100][ T9811] CPU: 2 UID: 0 PID: 9811 Comm: syz.4.1196 Not tainted syzkaller #0 PREEMPT(full) 
[  150.855114][ T9811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  150.855120][ T9811] Call Trace:
[  150.855124][ T9811]  <TASK>
[  150.855129][ T9811]  dump_stack_lvl+0x100/0x190
[  150.855145][ T9811]  should_fail_ex.cold+0x5/0xa
[  150.855160][ T9811]  _copy_from_iter+0x1f4/0x1690
[  150.855177][ T9811]  ? __pfx__copy_from_iter+0x10/0x10
[  150.855191][ T9811]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  150.855208][ T9811]  copy_page_from_iter+0x238/0x300
[  150.855222][ T9811]  tun_build_skb.constprop.0+0x2ea/0x18f0
[  150.855243][ T9811]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  150.855259][ T9811]  ? unwind_get_return_address+0x59/0xa0
[  150.855275][ T9811]  ? arch_stack_walk+0xa6/0xf0
[  150.855297][ T9811]  ? _kstrtoull+0x13c/0x1f0
[  150.855311][ T9811]  ? __pfx__kstrtoull+0x10/0x10
[  150.855328][ T9811]  tun_get_user+0x16d6/0x3c20
[  150.855353][ T9811]  ? __pfx_tun_get_user+0x10/0x10
[  150.855369][ T9811]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  150.855390][ T9811]  ? find_held_lock+0x2b/0x80
[  150.855399][ T9811]  ? tun_get+0x191/0x370
[  150.855413][ T9811]  ? tun_get+0x191/0x370
[  150.855441][ T9811]  tun_chr_write_iter+0xdc/0x200
[  150.855461][ T9811]  vfs_write+0x6ac/0x1070
[  150.855473][ T9811]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  150.855490][ T9811]  ? __pfx_vfs_write+0x10/0x10
[  150.855500][ T9811]  ? find_held_lock+0x2b/0x80
[  150.855518][ T9811]  ksys_write+0x12a/0x250
[  150.855529][ T9811]  ? __pfx_ksys_write+0x10/0x10
[  150.855541][ T9811]  ? rcu_is_watching+0x12/0xc0
[  150.855559][ T9811]  do_syscall_64+0x115/0x870
[  150.855574][ T9811]  ? clear_bhb_loop+0x40/0x90
[  150.855586][ T9811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.855597][ T9811] RIP: 0033:0x7fa61915d68e
[  150.855606][ T9811] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  150.855616][ T9811] RSP: 002b:00007fa61a06ffb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  150.855627][ T9811] RAX: ffffffffffffffda RBX: 00007fa61a0706c0 RCX: 00007fa61915d68e
[  150.855634][ T9811] RDX: 000000000000002a RSI: 0000200000000040 RDI: 00000000000000c8
[  150.855640][ T9811] RBP: 00007fa61a070090 R08: 0000000000000000 R09: 0000000000000000
[  150.855646][ T9811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.855652][ T9811] R13: 00007fa619416038 R14: 00007fa619415fa0 R15: 00007ffcaee9f538
[  150.855665][ T9811]  </TASK>
[  151.068280][ T9825] can0: slcan on ttyS3.
[  151.072731][ T9827] netlink: 164 bytes leftover after parsing attributes in process `syz.6.1205'.
[  151.158529][ T9824] can0 (unregistered): slcan off ttyS3.
[  151.272026][ T9845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1211'.
[  151.351904][ T9854] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  151.358933][ T9845] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  151.368694][ T9845] CIFS mount error: No usable UNC path provided in device string!
[  151.368694][ T9845] 
[  151.371927][ T9845] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  151.377748][   T40] audit: type=1400 audit(1780057395.143:1539): avc:  denied  { append } for  pid=9844 comm="syz.4.1211" name="rtc0" dev="devtmpfs" ino=945 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  151.399792][ T9853] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  151.580118][ T9863] netlink: 9 bytes leftover after parsing attributes in process `syz.8.1218'.
[  151.585405][ T9863] netlink: 9 bytes leftover after parsing attributes in process `syz.8.1218'.
[  151.601369][ T9863] netlink: 9 bytes leftover after parsing attributes in process `syz.8.1218'.
[  151.606389][ T9863] netlink: 9 bytes leftover after parsing attributes in process `syz.8.1218'.
[  151.614068][ T9863] netlink: 9 bytes leftover after parsing attributes in process `syz.8.1218'.
[  151.623154][ T9863] netlink: 9 bytes leftover after parsing attributes in process `syz.8.1218'.
[  151.895590][   T34] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  152.067336][   T34] usb 9-1: Using ep0 maxpacket: 32
[  152.076309][   T34] usb 9-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  152.076754][ T9902] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  152.082838][   T34] usb 9-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  152.091998][   T34] usb 9-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  152.096930][ T9899] CIFS mount error: No usable UNC path provided in device string!
[  152.096930][ T9899] 
[  152.100815][   T34] usb 9-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  152.105641][ T9899] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  152.110919][   T34] usb 9-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  152.115207][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.118585][   T34] usb 9-1: Product: syz
[  152.120258][   T34] usb 9-1: Manufacturer: syz
[  152.122066][   T34] usb 9-1: SerialNumber: syz
[  152.132397][    C3] imon 9-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  152.138972][   T34] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/input/input90
[  152.325523][ T5742] Bluetooth: hci2: command 0x0c1a tx timeout
[  152.325604][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  152.327930][ T5742] Bluetooth: hci3: command 0x040f tx timeout
[  152.355805][   T34] imon 9-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  152.359075][   T34]  (id 0x00)
[  152.405510][   T34] rc_core: IR keymap rc-imon-pad not found
[  152.407449][   T34] Registered IR keymap rc-empty
[  152.409049][   T34] imon 9-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  152.412213][   T34] imon 9-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  152.557978][   T34] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0
[  152.565995][   T34] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:155.0/rc/rc0/input91
[  152.573662][   T34] imon 9-1:155.0: iMON device (15c2:ffdc, intf0) on usb<9:24> initialized
[  152.696833][ T9920] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  152.698849][ T9920] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  152.700796][ T9920] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  152.737159][   T34] usb 9-1: USB disconnect, device number 24
[  152.901914][ T9932] xt_hashlimit: size too large, truncated to 1048576
[  152.901971][ T9928] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  152.913661][ T9928] CIFS mount error: No usable UNC path provided in device string!
[  152.913661][ T9928] 
[  152.919546][ T9928] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  152.957047][ T9934] ip6t_srh: unknown srh invflags 51E8
[  152.987938][   T40] audit: type=1400 audit(1780057396.753:1540): avc:  denied  { bind } for  pid=9866 comm="syz.2.1220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  153.369353][ T9867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.377000][ T9867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.431232][ T9962] xt_hashlimit: size too large, truncated to 1048576
[  153.479046][   T34] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  153.496157][ T9966] ip6t_srh: unknown srh invflags 51E8
[  153.716966][ T5844] [drm:virtio_gpu_dequeue_ctrl_func] *ERROR* response 0x1205 (command 0x105)
[  153.762352][ T9988] xt_hashlimit: size too large, truncated to 1048576
[  153.817741][ T9996] ip6t_srh: unknown srh invflags 51E8
[  154.068374][T10018] mac80211_hwsim hwsim15 syzkaller0: left promiscuous mode
[  154.071855][T10018] mac80211_hwsim hwsim15 syzkaller0: left allmulticast mode
[  154.078752][T10018] ------------[ cut here ]------------
[  154.081298][T10018] hwsim_get_chanwidth(bw) > hwsim_get_chanwidth(confbw)
[  154.081306][T10018] WARNING: drivers/net/wireless/virtual/mac80211_hwsim.c:2235 at mac80211_hwsim_tx+0x16c2/0x2b10, CPU#2: syz.6.1283/10018
[  154.087330][T10018] Modules linked in:
[  154.089083][T10018] CPU: 2 UID: 0 PID: 10018 Comm: syz.6.1283 Not tainted syzkaller #0 PREEMPT(full) 
[  154.093040][T10018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  154.096942][T10018] RIP: 0010:mac80211_hwsim_tx+0x16c2/0x2b10
[  154.099259][T10018] Code: 03 80 3c 02 00 0f 85 85 13 00 00 49 8b 86 00 38 00 00 c7 44 24 20 00 00 00 00 48 89 44 24 18 e9 bc eb ff ff e8 2f a8 da fa 90 <0f> 0b 90 e9 15 f1 ff ff e8 21 a8 da fa 90 0f 0b 90 48 8b 3c 24 4c
[  154.106645][T10018] RSP: 0018:ffffc9000557f1c8 EFLAGS: 00010287
[  154.109020][T10018] RAX: 0000000000000517 RBX: 0000000000000014 RCX: ffffc90028150000
[  154.112046][T10018] RDX: 0000000000080000 RSI: ffffffff872df8f1 RDI: ffff888032d32540
[  154.115075][T10018] RBP: ffff88803250f570 R08: 0000000000000004 R09: 0000000000000014
[  154.118156][T10018] R10: 0000000000000028 R11: 0000000000000001 R12: 0000000000000000
[  154.121158][T10018] R13: dffffc0000000000 R14: 0000000000000028 R15: 0000000000000020
[  154.124158][T10018] FS:  00007f52d26d06c0(0000) GS:ffff8880d6586000(0000) knlGS:0000000000000000
[  154.127076][T10018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  154.129608][T10018] CR2: 0000001b2db0bff8 CR3: 0000000046129000 CR4: 0000000000352ef0
[  154.132641][T10018] DR0: 0000000000000001 DR1: 00000000000001f8 DR2: 0000000000000003
[  154.135791][T10018] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  154.138864][T10018] Call Trace:
[  154.140189][T10018]  <TASK>
[  154.141330][T10018]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  154.143565][T10018]  ieee80211_tx_frags+0x5c9/0xa70
[  154.145531][T10018]  ? __pfx_ieee80211_tx_frags+0x10/0x10
[  154.147649][T10018]  __ieee80211_tx+0x145/0x5b0
[  154.149463][T10018]  ieee80211_tx+0x336/0x460
[  154.151282][T10018]  ? __pfx_ieee80211_tx+0x10/0x10
[  154.153241][T10018]  ? __pfx_ieee80211_parse_tx_radiotap+0x10/0x10
[  154.155746][T10018]  ? ieee80211_skb_resize+0x119/0x670
[  154.157847][T10018]  ? ieee80211_set_qos_hdr+0x2c1/0x3f0
[  154.159932][T10018]  ieee80211_xmit+0x30f/0x3e0
[  154.161747][T10018]  ieee80211_monitor_start_xmit+0xdd1/0x1280
[  154.164042][T10018]  ? __pfx_ieee80211_monitor_start_xmit+0x10/0x10
[  154.166551][T10018]  dev_hard_start_xmit+0x128/0x7a0
[  154.168588][T10018]  sch_direct_xmit+0x1b2/0xc60
[  154.170464][T10018]  ? __pfx_sch_direct_xmit+0x10/0x10
[  154.172511][T10018]  ? get_slot_next+0x370/0x420
[  154.174371][T10018]  ? mark_held_locks+0x40/0x70
[  154.176295][T10018]  ? ktime_get+0x22c/0x320
[  154.178001][T10018]  ? lockdep_hardirqs_on+0x78/0x100
[  154.179998][T10018]  __qdisc_run+0x52d/0x1af0
[  154.181761][T10018]  __dev_queue_xmit+0x30ed/0x4950
[  154.183744][T10018]  ? __might_fault+0xc5/0x140
[  154.185375][T10018]  ? __pfx___dev_queue_xmit+0x10/0x10
[  154.187114][T10018]  ? __pfx__copy_from_iter+0x10/0x10
[  154.188728][T10018]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  154.190393][T10018]  ? packet_parse_headers+0x5ae/0x800
[  154.192052][T10018]  ? packet_parse_headers+0x5ba/0x800
[  154.193696][T10018]  ? packet_parse_headers+0x205/0x800
[  154.195375][T10018]  ? __pfx_packet_parse_headers+0x10/0x10
[  154.197183][T10018]  packet_xmit+0x243/0x310
[  154.198587][T10018]  packet_sendmsg+0x319a/0x5100
[  154.200187][T10018]  ? sock_has_perm+0x25a/0x2f0
[  154.201660][T10018]  ? __pfx_sock_has_perm+0x10/0x10
[  154.203264][T10018]  ? __pfx_packet_sendmsg+0x10/0x10
[  154.205055][T10018]  __sys_sendto+0x468/0x4b0
[  154.206725][T10018]  ? __pfx_packet_sendmsg+0x10/0x10
[  154.208350][T10018]  ? __pfx___sys_sendto+0x10/0x10
[  154.209902][T10018]  ? fd_install+0x223/0x580
[  154.211306][T10018]  ? xfd_validate_state+0x129/0x190
[  154.212873][T10018]  ? selinux_file_ioctl+0xb6/0x290
[  154.214429][T10018]  __x64_sys_sendto+0xe0/0x1c0
[  154.215954][T10018]  ? do_syscall_64+0x90/0x870
[  154.217446][T10018]  ? lockdep_hardirqs_on+0x78/0x100
[  154.219038][T10018]  do_syscall_64+0x115/0x870
[  154.220471][T10018]  ? clear_bhb_loop+0x40/0x90
[  154.221908][T10018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.223711][T10018] RIP: 0033:0x7f52d179ce59
[  154.225074][T10018] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  154.230923][T10018] RSP: 002b:00007f52d26d0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  154.233509][T10018] RAX: ffffffffffffffda RBX: 00007f52d1a15fa0 RCX: 00007f52d179ce59
[  154.236034][T10018] RDX: 0000000000000030 RSI: 0000200000000640 RDI: 0000000000000007
[  154.238606][T10018] RBP: 00007f52d1832d6f R08: 0000200000000380 R09: 0000000000000014
[  154.241029][T10018] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000
[  154.243416][T10018] R13: 00007f52d1a16038 R14: 00007f52d1a15fa0 R15: 00007ffd49678ff8
[  154.245875][T10018]  </TASK>
[  154.246814][T10018] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  154.249057][T10018] CPU: 2 UID: 0 PID: 10018 Comm: syz.6.1283 Not tainted syzkaller #0 PREEMPT(full) 
[  154.251888][T10018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  154.254935][T10018] Call Trace:
[  154.255972][T10018]  <TASK>
[  154.256905][T10018]  dump_stack_lvl+0x100/0x190
[  154.258360][T10018]  vpanic+0x552/0x970
[  154.259590][T10018]  ? __pfx_vpanic+0x10/0x10
[  154.260978][T10018]  panic+0xd1/0xe0
[  154.262150][T10018]  ? __pfx_panic+0x10/0x10
[  154.263534][T10018]  check_panic_on_warn.cold+0x19/0x34
[  154.265170][T10018]  ? mac80211_hwsim_tx+0x16c2/0x2b10
[  154.266778][T10018]  __warn.cold+0x191/0x328
[  154.268154][T10018]  __report_bug+0x296/0x3d0
[  154.269569][T10018]  ? mac80211_hwsim_tx+0x16c2/0x2b10
[  154.271221][T10018]  ? __pfx___report_bug+0x10/0x10
[  154.272783][T10018]  ? stack_trace_save+0x8e/0xc0
[  154.274262][T10018]  ? __pfx_stack_trace_save+0x10/0x10
[  154.275893][T10018]  ? ieee80211_encrypt_tx_skb+0x2b8/0x3b0
[  154.277631][T10018]  ? mac80211_hwsim_tx+0x16c2/0x2b10
[  154.279237][T10018]  report_bug+0xb2/0x220
[  154.280560][T10018]  ? mac80211_hwsim_tx+0x16c2/0x2b10
[  154.282171][T10018]  handle_bug+0x16a/0x2a0
[  154.283508][T10018]  exc_invalid_op+0x17/0x50
[  154.284902][T10018]  asm_exc_invalid_op+0x1a/0x20
[  154.286386][T10018] RIP: 0010:mac80211_hwsim_tx+0x16c2/0x2b10
[  154.288188][T10018] Code: 03 80 3c 02 00 0f 85 85 13 00 00 49 8b 86 00 38 00 00 c7 44 24 20 00 00 00 00 48 89 44 24 18 e9 bc eb ff ff e8 2f a8 da fa 90 <0f> 0b 90 e9 15 f1 ff ff e8 21 a8 da fa 90 0f 0b 90 48 8b 3c 24 4c
[  154.293988][T10018] RSP: 0018:ffffc9000557f1c8 EFLAGS: 00010287
[  154.295823][T10018] RAX: 0000000000000517 RBX: 0000000000000014 RCX: ffffc90028150000
[  154.298205][T10018] RDX: 0000000000080000 RSI: ffffffff872df8f1 RDI: ffff888032d32540
[  154.300609][T10018] RBP: ffff88803250f570 R08: 0000000000000004 R09: 0000000000000014
[  154.302978][T10018] R10: 0000000000000028 R11: 0000000000000001 R12: 0000000000000000
[  154.305337][T10018] R13: dffffc0000000000 R14: 0000000000000028 R15: 0000000000000020
[  154.307722][T10018]  ? mac80211_hwsim_tx+0x16c1/0x2b10
[  154.309325][T10018]  ? mac80211_hwsim_tx+0x16c1/0x2b10
[  154.310943][T10018]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  154.312706][T10018]  ieee80211_tx_frags+0x5c9/0xa70
[  154.314233][T10018]  ? __pfx_ieee80211_tx_frags+0x10/0x10
[  154.315892][T10018]  __ieee80211_tx+0x145/0x5b0
[  154.317347][T10018]  ieee80211_tx+0x336/0x460
[  154.318735][T10018]  ? __pfx_ieee80211_tx+0x10/0x10
[  154.320292][T10018]  ? __pfx_ieee80211_parse_tx_radiotap+0x10/0x10
[  154.322200][T10018]  ? ieee80211_skb_resize+0x119/0x670
[  154.323841][T10018]  ? ieee80211_set_qos_hdr+0x2c1/0x3f0
[  154.325489][T10018]  ieee80211_xmit+0x30f/0x3e0
[  154.326935][T10018]  ieee80211_monitor_start_xmit+0xdd1/0x1280
[  154.328757][T10018]  ? __pfx_ieee80211_monitor_start_xmit+0x10/0x10
[  154.330700][T10018]  dev_hard_start_xmit+0x128/0x7a0
[  154.332264][T10018]  sch_direct_xmit+0x1b2/0xc60
[  154.333735][T10018]  ? __pfx_sch_direct_xmit+0x10/0x10
[  154.335345][T10018]  ? get_slot_next+0x370/0x420
[  154.336812][T10018]  ? mark_held_locks+0x40/0x70
[  154.338266][T10018]  ? ktime_get+0x22c/0x320
[  154.339637][T10018]  ? lockdep_hardirqs_on+0x78/0x100
[  154.341220][T10018]  __qdisc_run+0x52d/0x1af0
[  154.342613][T10018]  __dev_queue_xmit+0x30ed/0x4950
[  154.344161][T10018]  ? __might_fault+0xc5/0x140
[  154.345624][T10018]  ? __pfx___dev_queue_xmit+0x10/0x10
[  154.347266][T10018]  ? __pfx__copy_from_iter+0x10/0x10
[  154.348870][T10018]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  154.350531][T10018]  ? packet_parse_headers+0x5ae/0x800
[  154.352173][T10018]  ? packet_parse_headers+0x5ba/0x800
[  154.353796][T10018]  ? packet_parse_headers+0x205/0x800
[  154.355426][T10018]  ? __pfx_packet_parse_headers+0x10/0x10
[  154.357168][T10018]  packet_xmit+0x243/0x310
[  154.358534][T10018]  packet_sendmsg+0x319a/0x5100
[  154.360036][T10018]  ? sock_has_perm+0x25a/0x2f0
[  154.361510][T10018]  ? __pfx_sock_has_perm+0x10/0x10
[  154.363122][T10018]  ? __pfx_packet_sendmsg+0x10/0x10
[  154.364756][T10018]  __sys_sendto+0x468/0x4b0
[  154.366153][T10018]  ? __pfx_packet_sendmsg+0x10/0x10
[  154.367744][T10018]  ? __pfx___sys_sendto+0x10/0x10
[  154.369279][T10018]  ? fd_install+0x223/0x580
[  154.370712][T10018]  ? xfd_validate_state+0x129/0x190
[  154.372305][T10018]  ? selinux_file_ioctl+0xb6/0x290
[  154.373909][T10018]  __x64_sys_sendto+0xe0/0x1c0
[  154.375387][T10018]  ? do_syscall_64+0x90/0x870
[  154.376828][T10018]  ? lockdep_hardirqs_on+0x78/0x100
[  154.378399][T10018]  do_syscall_64+0x115/0x870
[  154.379848][T10018]  ? clear_bhb_loop+0x40/0x90
[  154.381306][T10018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.383128][T10018] RIP: 0033:0x7f52d179ce59
[  154.384483][T10018] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  154.390229][T10018] RSP: 002b:00007f52d26d0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  154.392751][T10018] RAX: ffffffffffffffda RBX: 00007f52d1a15fa0 RCX: 00007f52d179ce59
[  154.395161][T10018] RDX: 0000000000000030 RSI: 0000200000000640 RDI: 0000000000000007
[  154.397580][T10018] RBP: 00007f52d1832d6f R08: 0000200000000380 R09: 0000000000000014
[  154.399959][T10018] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000
[  154.402348][T10018] R13: 00007f52d1a16038 R14: 00007f52d1a15fa0 R15: 00007ffd49678ff8
[  154.404740][T10018]  </TASK>
[  154.406381][T10018] Kernel Offset: disabled
[  154.407714][T10018] Rebooting in 86400 seconds..