last executing test programs:

5m24.849161501s ago: executing program 3 (id=3181):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0xc00, 0xb)
r2 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000140)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000030200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

5m23.299391639s ago: executing program 3 (id=3186):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3001}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41f}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x82, 0x2, "c9a7"}, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000a00)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={0x20, 0x84, 0x2, "46e2"}, 0x0})
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000001140), 0x224400, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f00000004c0)={0x1082b344cdcc653b, 0x0, 0x4a, "9ad68da4ebb7cbc0fe25a236c876e417bd2eb5c8c9b5b15048c06a1c130c4a2c01b06e24a6b625bdd876ff2ab508b4cd0c3c34a9c13343563825d07d8bc221473d8eff115156f4bf4b02"}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x10}, 0x0, &(0x7f00000005c0)={0x20, 0x82, 0x2, "25fa"}, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000b80)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="208102000000b858e4"], 0x0, 0x0, 0x0, 0x0})

5m19.302201744s ago: executing program 3 (id=3204):
syz_open_dev$vim2m(0x0, 0xb, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000001100)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008380), 0x400000000000174, 0x4008890)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
r3 = socket(0xa, 0x1, 0x0)
ioctl(r3, 0x8916, &(0x7f0000000240))
writev(r2, &(0x7f00000001c0)=[{&(0x7f00000000c0)="390000001300034700bb65e1c3e4ffff06000300010000004500000025000000190011000600ad0002fe000000000006040000000000000000", 0x39}], 0x1)

5m18.305136944s ago: executing program 3 (id=3206):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000fcffffff0000000009d8061861aa517a00000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260)

5m16.811379707s ago: executing program 3 (id=3213):
syz_open_dev$video4linux(0x0, 0x3, 0x481)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f0000000280)=[{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000140)="030000000000000047e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f0000000380)="6a3148953ff27bca2320704f26e3662c0f0fe8347b60ef", 0x17}, {&(0x7f00000003c0)="b423d613d815d079440585662e4e35f2f08bddd825f7083dc167568f9fd3c0233c0f9616ec0e5151270668f9f33c4d10ca7abdfb09fbf91fba9b7ba3", 0x3c}], 0x3, 0x0, 0x0, 0x4001}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000000740)=""/157, 0x9d}, {&(0x7f0000000800)=""/4096, 0x1000}], 0x2}, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)

5m16.329150602s ago: executing program 3 (id=3215):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, r1, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x4fd, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3}, &(0x7f0000000180)=<r6=>0x0, &(0x7f0000000340)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x14, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x47f6, 0x25f6, 0x0, 0x0, 0x0)

5m16.17528349s ago: executing program 32 (id=3215):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, r1, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x4fd, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3}, &(0x7f0000000180)=<r6=>0x0, &(0x7f0000000340)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x14, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x47f6, 0x25f6, 0x0, 0x0, 0x0)

12.567444065s ago: executing program 0 (id=4396):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xfffffff9, 0x4}, &(0x7f0000000340)=<r1=>0x0, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000240)=0xfffffffb, 0x0, 0x4)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x5, 0x5, 0xffffffffffffffff, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x5, 0x32bf)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e24, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x6, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
msgget(0x0, 0x40)
msgget(0x2, 0x1)
fcntl$lock(0xffffffffffffffff, 0x26, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(0xffffffffffffffff, 0xc01064b3, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x2, 0x2, 0x1, 0x7})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)

11.400167845s ago: executing program 2 (id=4399):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000016c0), 0x100, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000001540)={0x6, &(0x7f0000000100)=""/51, &(0x7f0000001480)=[{0x7, 0x91, 0x679, &(0x7f0000000240)=""/145}, {0x96, 0xd0, 0x8, &(0x7f0000000300)=""/208}, {0x5, 0x4e, 0x9, &(0x7f0000000180)=""/78}, {0x0, 0x39, 0x10001, &(0x7f0000000400)=""/57}, {0x5, 0x1000, 0xb0, &(0x7f0000000440)=""/4096}, {0x6, 0x21, 0xb, &(0x7f0000001440)=""/33}]}) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) (async)
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080)) (async)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r3, 0x4bfb, 0x0) (async)
socket$kcm(0x2, 0x1, 0x84) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000240)=@abs={0x1}, 0x6e) (async)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff}) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x2404c8c0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r6], 0x4c}}, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000015c0)=ANY=[@ANYRESOCT=r2, @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x0) (async)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
r8 = openat$sequencer(0xffffff9c, &(0x7f0000001bc0), 0x2000, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r8, 0x4004510d, &(0x7f0000000000)) (async)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) (async)
gettid()

11.308010443s ago: executing program 2 (id=4401):
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
io_setup(0x1, &(0x7f0000000440)) (async)
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x40000, 0x0)
ioctl$COMEDI_INSNLIST(r0, 0x8010640b, &(0x7f00001859c0)={0x1, &(0x7f0000000040)=[{0xa000002, 0x0, 0x0, 0xfffeffff, 0x1ff}]}) (async, rerun: 64)
close(0x3) (async, rerun: 64)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000006793000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = socket$netlink(0x10, 0x3, 0x0) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, <r3=>0x0}, &(0x7f0000000100)=0xc)
sendmsg$netlink(r1, &(0x7f0000001280)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="2c0000002d000100fcffffff8000000008000400", @ANYRES32=r3, @ANYBLOB="1400e2b3e836ad49683fdc28efb407000000aa1ad28da5460215664b"], 0x2c}], 0x1, 0x0, 0x0, 0x4}, 0x5) (async)
r4 = socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300) (async)
setsockopt$packet_add_memb(r4, 0x107, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 32)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000300)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xb, 0x8, 0x9}, {0x4, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r8}, {}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0x7, 0x8}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x501400, 0x10)
mknodat(r10, &(0x7f0000000240)='./file2\x00', 0x1, 0x9)

11.04089217s ago: executing program 2 (id=4402):
mkdir(&(0x7f0000000000)='./file1\x00', 0x130)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x70bd2d, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder-control\x00', 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000040))
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000a00050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xcf, 0x69, 0x54, 0x10, 0x403, 0xf850, 0x17b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x17, 0x0, 0x0, 0x5, 0x7d, 0x44}}]}}]}}, 0x0)

10.599797459s ago: executing program 0 (id=4406):
pipe2$9p(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setrlimit(0x0, 0x0)
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$inet_int(r2, 0x0, 0x22, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
unshare(0x2c020400)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000240)=<r5=>0x0)
openat$ttynull(0xffffff9c, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0x8, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x104, 0x0, 0x1})
io_uring_enter(r3, 0x351e, 0x483, 0x0, 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff0480000008003950"], 0x15)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB, @ANYBLOB="2c636163ae1d1e8e6170406a80000000001fa08313c0e8f76c3cb06743a7980ad76ef3359c91c2d2c9caeb85619be82ab116f845c3a22e2f6a751449927d2052d8a62938bb62c9aa9d21b1bbfdedcf356f11c80667f4c72bc889940a0acc14e7746a5f3e169b991969e253414bf825a1ecfc"])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r6 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
write$binfmt_misc(r6, &(0x7f0000000400)=' ', 0x1)
creat(&(0x7f0000000200)='./file0\x00', 0xbb)

8.304580597s ago: executing program 2 (id=4410):
socket(0x80000000000000a, 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'geneve1\x00', <r3=>0x0})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r4, 0x8008ae9d, &(0x7f0000000240))
sendto$packet(0xffffffffffffffff, &(0x7f0000000480)="86", 0x1, 0x404c880, &(0x7f00000000c0)={0x11, 0x15, r3, 0x1, 0x0, 0x6, @random="000000008000"}, 0x14)
syz_open_procfs(0x0, &(0x7f0000000040)='children\x00')
syz_pidfd_open(0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
preadv(r5, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/235, 0xeb}], 0x1, 0x2, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f91b4847f70e06d038e7ff7fc6e5539b3f6d078b089b3b083848090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31300d095da736cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465f41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f097e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f028dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff8f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db56c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadbbf5c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000", 0x1000}}, 0x1006)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r9, @ANYBLOB="7a14"], 0x1f}, 0x1, 0x0, 0x0, 0x40}, 0x80)

7.656013051s ago: executing program 1 (id=4411):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="a11f49623b9293a36a1ed56b82c5d18cbf9c69f908e51f5e513b09a075d931bc4299d0e8e1ee7b7b5c15e1d88d2e25f351b085094c677f4136d291515f9534891d38f9e74d0bed4a218612812d20cd5475f7e2e6", 0x54}], 0x1}}], 0x2, 0x8008801)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)="11", 0x1}], 0x1}, 0xfe800000}], 0x1, 0x0)

7.511644549s ago: executing program 0 (id=4413):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000fbff0000", @ANYRES32=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000)
read(r2, &(0x7f0000000200)=""/209, 0x128)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040), 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000140)={0x8, 0x1, 0x1, 0x7, 0xf, 0x2, 0xb5, 0x4}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x80, &(0x7f00000004c0)={0x4b5a9da54893e123, 0x3, 0x18}, 0x8, 0x2, 0x8, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000200000000000000000000100200000000000000010000050098485a14e7ebafa47f0000000000000001000000000000000000eb415483e8a54f5d283082ee760b1428604a"], 0x0, 0x3e}, 0x20)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x2082)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$netlink(0x10, 0x3, 0x13)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001d00070f000200000000000007000000", @ANYRES32=r7], 0x24}}, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08004500007400000000fd019078ac1e0001ac1414aa0305907800050001462406860067fff9072f1000e000000164010102830ff7e0000002e0000001ac1414354404b3d0832f7100ac1414aae0000002ac141441ac1414aaac141432e0000002ac141415640101000a0101e4ac1414390000"], 0x0)
gettid()

7.49954159s ago: executing program 5 (id=4414):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3001}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41f}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x82, 0x2, "c9a7"}, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000a00)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)={0x20, 0x84, 0x2, "46e2"}, 0x0})
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x224400, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f00000004c0)={0x1082b344cdcc653b, 0x0, 0x13, "9ad68da4ebb7cbc0fe25a236c876e417bd2eb5"}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x10}, 0x0, &(0x7f00000005c0)={0x20, 0x82, 0x2, "25fa"}, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000b80)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="208102000000b858e4"], 0x0, 0x0, 0x0, 0x0})

6.581390656s ago: executing program 1 (id=4417):
r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20420, &(0x7f0000000840)=ANY=[@ANYBLOB="6d706f6c3d696e7465726c656176653d72656c61746976652c00462d4218b2619580174cba9413d9ca0257c9b40ec3a2d05519b4425897441832e0ab1596dade1b8cef0d561529083d29fdbef121fba8312b239af5f4eac6127191670951c8b3ecf2c9ae4527230e220f54996e0b30f20871e65a25356e424588bea67f6a526e5e3639b73bca4c239d675fd522f5af2729714443e561c8b84a90a1076d19", @ANYBLOB="5ea63893c7165c00f1621dac4c9674fb0ce602bf2b781a89f1829a7a04c0a852cf21e0781e3d49731cc6bd", @ANYRESDEC])
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x24020000)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000180)={@private0, <r3=>0x0}, &(0x7f00000001c0)=0x14)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000040))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x400800, 0x30)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000004c0)=@generic={&(0x7f0000000480)='./file0\x00', 0x0, 0x10}, 0x18)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000007f000000060000007fffffff00200000", @ANYRES32, @ANYBLOB="0200000200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000003000000040000000900"/28], 0x50)
r7 = socket(0x22, 0x803, 0x3419)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
close(r8)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'bridge_slave_1\x00', 0x7101})
r9 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70ad2b, 0xffffffff, {0x0, 0x0, 0x0, r10, {0xd, 0x4}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2, 0x1}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
r11 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=@deltaction={0xd4, 0x31, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5503}}]}, @TCA_ACT_TAB={0x90, 0x1, [{0x14, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x101}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @TCA_ACT_TAB={0x20, 0x1, [{0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8c}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x10}, 0x4)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e08003354584abea360e0000100000055457fb8", @ANYRES32, @ANYBLOB="0100003d00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000000000000020000000700000000000000", @ANYRES64, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x0, &(0x7f0000000040), &(0x7f0000000080)='syzkaller\x00', 0x9, 0xbb, &(0x7f00000000c0)=""/187, 0xe1780, 0x20, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x8, 0x2, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[r4, r5, r6, r12, 0x1], 0x0, 0x10, 0x7}, 0x94)
r13 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r14 = syz_pidfd_open(r13, 0x0)
setns(r14, 0x24020000)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)

6.525384232s ago: executing program 5 (id=4418):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2083, 0x525c6}, [@IFLA_LINKMODE={0x5, 0x11, 0xff}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004050}, 0x4000880) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@nfs_export_on}]}) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000a3b0330e9e1d8694000052000000000000", @ANYRES32=0x0, @ANYBLOB="02000000141000001c00128009000100626f6e64000000000c00028005000e0000000000"], 0x77}, 0x1, 0x0, 0x0, 0x40000}, 0x84) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)

6.324361195s ago: executing program 1 (id=4420):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000080)=@in={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x804c040}, 0x4040814)
r3 = socket$inet6(0xa, 0x3, 0x3e)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000ffff08000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
shutdown(0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4040040)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bind$ax25(r0, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000", @ANYRES32=0x0, @ANYBLOB="20001d802dfd008005000c000000000006000500000000000000060000000000302b1e083297f9ab81b885159bfa5a25cce5d3eb83e32e1d508ec6b900b981297633abdec80130239ec214309abf7d298aab8614d6372fc0812c69468b92f9abd88f3ba28f3c48b75ab348bc67dc6e37af9ab892c235b73dfdd5a9baebdb55b37095520a188b6677cc3010f6bc6f665ed9a10fb0377c6f210b8e446f1900d47f8e944dbbea7c94028c65398452b30df8633b54e1b3ca2959bfc92fa568218efd9d1634fe79aed8adaf37c4dc3d1124a3e80dde51d4eb93d6756f228b5208f370973f10be47d37ed0e69f3920b59e6394af50ec86870709ea1250e80c1b2555df78faaa521826cadd1a359fbb511826fc4574b2ec2507714b327211cc9e54bf148ebe32baeb59bd7026dd6c"], 0x3c}}, 0x0)

5.968963737s ago: executing program 0 (id=4422):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10031, 0xffffffffffffffff, 0x65be1000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000180)={0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x5, 0x13, 0x1, 0x8, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5, 0x6}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0xffffff01, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0x2, 0x0, 0x4}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x5, 0x7fff, 0x1000200004, 0x4, 0x2, 0x0, 0x1], 0x8080000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_PIT2(r3, 0x4070aea0, 0x0)
r5 = syz_socket_connect_nvme_tcp()
recvmsg$inet_nvme(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000540)=""/137, 0x89}, {&(0x7f0000000600)=""/141, 0x8d}, {&(0x7f00000006c0)=""/185, 0xb9}], 0x3, &(0x7f0000000780)=""/26, 0x1a}, 0x40010061)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000240)=@gcm_128={{}, "ecb9d06d2d6e459d", "9ab7e8da5fbd3fc91d33e32cd9f5bddb", "6973ca9e", "e80ebfa5ac114dfa"}, 0x28)

5.52554098s ago: executing program 5 (id=4423):
pipe2$9p(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setrlimit(0x0, 0x0)
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$inet_int(r2, 0x0, 0x22, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
unshare(0x2c020400)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000240)=<r5=>0x0)
openat$ttynull(0xffffff9c, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0x8, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x104, 0x0, 0x1})
io_uring_enter(r3, 0x351e, 0x483, 0x0, 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff0480000008003950"], 0x15)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB, @ANYBLOB="2c636163ae1d1e8e6170406a80000000001fa08313c0e8f76c3cb06743a7980ad76ef3359c91c2d2c9caeb85619be82ab116f845c3a22e2f6a751449927d2052d8a62938bb62c9aa9d21b1bbfdedcf356f11c80667f4c72bc889940a0acc14e7746a5f3e169b991969e253414bf825a1ecfc"])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r6 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
write$binfmt_misc(r6, &(0x7f0000000400)=' ', 0x1)
creat(&(0x7f0000000200)='./file0\x00', 0xbb)

3.844466251s ago: executing program 2 (id=4426):
socket(0x80000000000000a, 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'geneve1\x00', <r3=>0x0})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r4, 0x8008ae9d, &(0x7f0000000240))
sendto$packet(0xffffffffffffffff, &(0x7f0000000480)="86", 0x1, 0x404c880, &(0x7f00000000c0)={0x11, 0x15, r3, 0x1, 0x0, 0x6, @random="000000008000"}, 0x14)
syz_open_procfs(0x0, &(0x7f0000000040)='children\x00')
syz_pidfd_open(0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
preadv(r5, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/235, 0xeb}], 0x1, 0x2, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f91b4847f70e06d038e7ff7fc6e5539b3f6d078b089b3b083848090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31300d095da736cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465f41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f097e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f028dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff8f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db56c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadbbf5c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000", 0x1000}}, 0x1006)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r9, @ANYBLOB="7a14"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

3.733091253s ago: executing program 4 (id=4427):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="7c0100001a0001000000000000000000fc0000ff800000000000000000000000ff01000000000000000000000000000100000000000008000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000000000000010000800330000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000440000f4ffffff00890001006d643500000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000e000000000000000000000802"], 0x17c}}, 0x0)

3.496523387s ago: executing program 4 (id=4428):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
tgkill(0x0, 0x0, 0x12)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0xe58, 0x2, [@TCA_FW_ACT={0xe54, 0x4, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0xdcdc, 0x5fa8, 0x5, 0x839, 0x7}, 0x7, 0xb}, [{0x4, 0x2, 0x5d0, 0x8, 0x100, 0xfd}, {0x9, 0xf2, 0x688d, 0x7, 0x1, 0x2}, {0x7f, 0x8, 0xdcdc, 0x400, 0x2557, 0x462}, {0x2, 0x0, 0x8001, 0xffc00000, 0xc9}, {0x8001, 0x6, 0x7f, 0x5, 0x7fff, 0x7ffffeff}, {0x2, 0x7ff, 0xfffffffe, 0x7, 0xfffffc00, 0x3}, {0x8, 0x710, 0x80000001, 0x8, 0x4, 0x3000000}, {0xc000000, 0x400, 0x80, 0x100, 0x3, 0x12}, {0x6, 0x9, 0xa, 0xfffffffe, 0x100007, 0x6}, {0x0, 0x2, 0x0, 0xff, 0x67, 0x5}, {0x0, 0x80000000, 0x0, 0xd, 0x9, 0x1}, {0x6, 0xd7, 0x0, 0x56d, 0x4, 0x80000000}, {0x8001, 0x6, 0x1, 0x1, 0x4, 0x9}, {0x3, 0x3, 0x200, 0x7ff, 0x273, 0x2207}, {0x332400, 0x2, 0x5, 0x4d1, 0xfffffffe, 0x2}, {0x7, 0x6, 0x4, 0x5, 0x1, 0x2}, {0xe, 0xfffffffb, 0x7, 0x3ff, 0x4, 0x8}, {0x5, 0x7, 0x1, 0x1, 0x3ff, 0x3ff}, {0x0, 0xffff0001, 0x9, 0x102, 0xa0a, 0x5}, {0x7, 0x4, 0x13ca4b9a, 0xfffffffa, 0xffff, 0x9}, {0x1, 0x2, 0x7fffffff, 0x7, 0x7, 0x200}, {0x0, 0x0, 0x40, 0xffff352c, 0x5, 0x6}, {0x200, 0x3, 0x34e, 0xc, 0x4, 0x1}, {0x1, 0x9, 0x1, 0x8, 0xe163, 0x72e00000}, {0x9ee4, 0x7, 0x5, 0x0, 0x7, 0x5}, {0x9, 0xda, 0x0, 0x5, 0xf, 0x7}, {0x4, 0x6e, 0xa, 0x8, 0x826, 0x5}, {0x9, 0x2, 0x7fff, 0xfffffff7, 0x4, 0x8}, {0xff, 0x131e, 0x5, 0x9, 0x3}, {0x6, 0x8, 0xd781, 0x7, 0xdce0, 0x101}, {0x0, 0x1ff, 0x0, 0x9, 0xfff, 0x8}, {0x8, 0x2, 0x3, 0x4, 0x69, 0x5149dc08}, {0x1, 0x0, 0x6, 0x101, 0x8, 0x18000}, {0x0, 0x9, 0x1, 0x5, 0xc}, {0x3, 0x9, 0x9, 0xe68, 0x2, 0xffff}, {0x9, 0x62, 0xe2f, 0xa, 0x44, 0x7}, {0xfffffff9, 0x7f, 0xffffffff, 0x3, 0x341, 0x3}, {0x6, 0x6, 0x4, 0x40000, 0x2, 0xa155}, {0x6d3, 0x3, 0x9, 0x9, 0xfffffffd, 0xfffffffa}, {0xd47, 0x3ff, 0x800, 0x40, 0x80000001, 0x4}, {0x5c2e, 0x8, 0x0, 0x76, 0x7}, {0xac77, 0x5, 0x0, 0x101, 0xb2a, 0x1ff}, {0x8, 0xfffffffa, 0x8, 0x4, 0xf771, 0x800}, {0xc, 0x8001, 0xfff, 0x4, 0x6, 0x1}, {0x4, 0x8, 0x149, 0xfffffff7, 0x2, 0xfff}, {0xc2ea, 0xd, 0x1, 0x101, 0x6}, {0x1000, 0xfffffffb, 0x268f, 0x80000001, 0xdf, 0x4}, {0x4, 0x0, 0x101, 0x1, 0x7, 0x9}, {0x9, 0x3, 0x20004, 0x0, 0x9, 0x8}, {0x400, 0xfe8, 0x2, 0x112, 0x10001, 0x7ff}, {0x4399, 0x0, 0x8, 0x2d1, 0x3ff}, {0xd8d2053, 0x7fffffff, 0x401, 0x4, 0x4, 0x6}, {0x3, 0x5, 0x205, 0x8, 0x6, 0xe7e1}, {0x550, 0x200, 0x344, 0x9, 0x8, 0x7}, {0x2, 0x7fffffff, 0x2, 0x8, 0x800, 0x3}, {0x4, 0xed22, 0x3, 0x2, 0x2}, {0x1, 0x5d9, 0x4, 0xffffffff, 0x9, 0xac}, {0x7, 0x6, 0x7, 0xff, 0x4, 0x3}, {0x0, 0x5c6c, 0x8, 0x2, 0xffffffff, 0x4}, {0x40, 0xaa, 0x4, 0x6, 0xfffffff8, 0x3}, {0xfffffffc, 0xfffffffd, 0x7e0, 0xc, 0x7, 0x401}, {0xffff, 0x3, 0x5, 0x8, 0x47, 0xf9d}, {0xfffffbff, 0x0, 0x4, 0x0, 0x9, 0xffff}, {0xffffffff, 0x6, 0xfffffffa, 0x2, 0x8000, 0xbde}, {0x6af, 0x8001, 0x7f, 0x7, 0x7, 0x516}, {0x33, 0x8, 0x7, 0x8, 0x2, 0x80000001}, {0x9, 0x2, 0x9, 0x8000, 0x8, 0x3}, {0x6, 0x9, 0x6, 0x400, 0x1, 0xf}, {0xd424, 0x3, 0x7, 0xec, 0xb, 0x4}, {0x7, 0x7, 0xd7a, 0x80000001, 0xb137, 0x5}, {0xdcb, 0x10000, 0xe1, 0x6, 0x7, 0xfffffffb}, {0x4, 0x5, 0x0, 0x8, 0xe, 0x7}, {0x10010, 0x6, 0x80, 0x2, 0x8, 0x6}, {0x0, 0x4, 0x8, 0x33000000, 0x100, 0x800}, {0x1000, 0x800, 0x0, 0x101, 0x8, 0x6}, {0x2, 0xffffffff, 0xb, 0x5, 0x5399, 0x4f4}, {0x5, 0x2, 0x7, 0x7, 0x1, 0x5}, {0x800, 0xde, 0x9, 0x6, 0x7, 0x3fb}, {0x1, 0x6, 0x2, 0xfffffff7, 0x0, 0xfffff000}, {0xfffffe01, 0xdc76, 0x1, 0x2, 0x2, 0xf}, {0xa, 0x1, 0xcf69, 0x0, 0x457, 0x1}, {0x0, 0x573, 0x4, 0x5, 0x5, 0x4}, {0x6, 0x1, 0xeb1, 0x80, 0xe6, 0x5}, {0x1ff, 0xa601, 0xffff7fff, 0x5, 0xfe, 0x4}, {0x5, 0x2, 0x87d, 0x2, 0x8, 0x9627}, {0x81, 0xffff, 0x4, 0xee46, 0x4, 0x6ed}, {0xa4, 0x30000000, 0x200, 0x9, 0x2f056e5b, 0x4}, {0x3, 0x7, 0x3, 0x7fffffff, 0xd, 0xd}, {0x6, 0x6, 0x4, 0x100, 0x200, 0x8}, {0x40, 0xd00e, 0x22c, 0x2133ecfa, 0xffffff81, 0x1}, {0xfffffe00, 0x2, 0x10, 0x7f, 0x200}, {0x3, 0x10000, 0x4000, 0x3, 0xfb23, 0x8}, {0x8, 0xfff, 0x2, 0x7, 0x4, 0x3}, {0x8001, 0x4, 0x3, 0x1, 0x4, 0x17e3862}, {0x1, 0xe, 0x6, 0x5, 0x4, 0x1}, {0xcb67, 0x7, 0xc08c, 0x1, 0x3, 0x101}, {0x7, 0x401, 0x4, 0x3, 0x1, 0xe85}, {0x7fffffff, 0x0, 0x3, 0x10001, 0x3}, {0x8, 0x2, 0x59211cb1, 0x9, 0x1, 0x4}, {0x6, 0x3, 0x1, 0x7, 0x7, 0x100}, {0x7, 0x4, 0x2, 0x6, 0x400, 0x7}, {0xe, 0x6, 0x24, 0x3, 0x5, 0x1ff}, {0x1ff, 0x3fb, 0x2, 0x5, 0x7fff, 0x4}, {0x3ff, 0xa81, 0x5, 0x0, 0x5, 0x6}, {0xc, 0x76, 0x0, 0x2d0f3c09, 0x1, 0xbe9}, {0xffffbfb8, 0x7fff, 0x0, 0x1450e18b, 0x68c12bef, 0x6}, {0x4, 0x0, 0xc, 0x69, 0x6, 0x9}, {0x10, 0xf09, 0x1, 0x4, 0x1, 0x5}, {0xfffffffc, 0x9, 0x5, 0x4, 0xca, 0xffffffdf}, {0x0, 0x3, 0x8, 0x4f2f, 0x2, 0x1}, {0x7fff, 0xc9, 0x82, 0x80, 0x5}, {0x7, 0x4, 0x9, 0x5, 0x2, 0x9}, {0x4516, 0x3, 0x0, 0x8, 0x4, 0x1000}, {0xe4, 0xd, 0xffff, 0xc84, 0xc, 0x3}, {0xfffffffa, 0x0, 0x3, 0x9, 0xffff0000, 0xffffffff}, {0x400, 0x5, 0x9, 0x1, 0xd, 0x3}, {0x1, 0x2b, 0x45, 0xfffffff1, 0x3, 0x1}, {0x7fffffff, 0x5, 0x9, 0x80, 0x9, 0xd450}, {0x20000, 0x7ff, 0x61, 0x4, 0x8, 0x7}, {0xff, 0x1, 0x1, 0xa68b, 0x10, 0x60000}, {0x8, 0x0, 0x8, 0xf7f, 0x120000, 0xfffffff8}, {0x28e, 0x1, 0xff, 0x10000, 0xb3f2, 0x1}, {0x7, 0x4, 0x400040, 0x4, 0x9, 0x2}, {0x9, 0x8, 0xd, 0xe, 0x3, 0xd842}, {0x8, 0x8, 0x7, 0x0, 0xfffffff1, 0x2}, {0xffff9c2f, 0x84d, 0x4, 0x400, 0x7, 0x58}, {0x3, 0xffffffa2, 0x6, 0x2, 0x8, 0x1ff}, {0x8, 0xc5, 0x9, 0x1, 0x7ff, 0xff}], [{0x2, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x4}, {0x7, 0x1}, {0x3}, {0x2, 0x1}, {0x2}, {0x3, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x5}, {0x1, 0x1}, {0x3}, {0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x5}, {0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {}, {0x2, 0x1}, {0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x7, 0x1}, {0x3}, {0x0, 0x1}, {0x1}, {0x1}, {0x4}, {0x2, 0x1}, {0x2}, {0x5}, {0x3, 0x1}, {0x2}, {0x2, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {0x4}, {0x2, 0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x5}, {0x4}, {0x4}, {0x5, 0x1}, {0x2}, {0x3}, {0x1}, {}, {0x2}, {0x2}, {0x5, 0x1}, {}, {0x3}, {}, {0x2}, {0x0, 0x3}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x3}, {0x0, 0x1}, {0x2}, {0x0, 0x1}, {0x2, 0x4e2ac20550e7fa09}, {0x1}, {0x0, 0x1}, {0x5}, {0x2}, {0x3, 0x1}, {0x1}, {}, {0x2, 0x1}, {0x2}, {0x3}, {0x3}, {0x4}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x2}, {0x4, 0x1}, {0x3}, {0xf, 0x1}, {0x5, 0x1}, {0x5}, {0x0, 0x1}, {0x5}, {0x1}, {0x2, 0x1}, {}, {0x2}, {0x1}, {0x3}, {0x5}, {}, {0x0, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x3}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x5}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x1}, {0x5}, {0x0, 0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x1}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x1}, 0x800)

3.419833467s ago: executing program 5 (id=4429):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r1, 0x40096101, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000340)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xd}, 0x18)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a80000000060a010400000000000000000a0000010900010073797a3100000000541f0480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a32000000001400"], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)

2.995976392s ago: executing program 5 (id=4430):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000080)=@in={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x804c040}, 0x4040814)
r3 = socket$inet6(0xa, 0x3, 0x3e)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001000000000000001c000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
shutdown(0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4040040)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bind$ax25(r0, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000", @ANYRES32=0x0, @ANYBLOB="20001d802dfd008005000c000000000006000500000000000000060000000000302b1e083297f9ab81b885159bfa5a25cce5d3eb83e32e1d508ec6b900b981297633abdec80130239ec214309abf7d298aab8614d6372fc0812c69468b92f9abd88f3ba28f3c48b75ab348bc67dc6e37af9ab892c235b73dfdd5a9baebdb55b37095520a188b6677cc3010f6bc6f665ed9a10fb0377c6f210b8e446f1900d47f8e944dbbea7c94028c65398452b30df8633b54e1b3ca2959bfc92fa568218efd9d1634fe79aed8adaf37c4dc3d1124a3e80dde51d4eb93d6756f228b5208f370973f10be47d37ed0e69f3920b59e6394af50ec86870709ea1250e80c1b2555df78faaa521826cadd1a359fbb511826fc4574b2ec2507714b327211cc9e54bf148ebe32baeb59bd7026dd6c"], 0x3c}}, 0x0)

2.888993671s ago: executing program 4 (id=4431):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, 0x0, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x4000000, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xff}, 0x0, 0x1}}, @TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1ff, 0x0, 0xfffffc80, 0x0, 0x6, 0xf9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x1, 0x3f, 0x0, 0x0, 0x0, 0x5e3cf17, 0x2, 0xafd, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffd, 0x6, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0xfffffffd, 0x400000, 0x3, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xb484, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7fffffff, 0x0, 0xffffffff, 0x0, 0x3, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xf1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x100, 0x0, 0x4, 0xfffffffd, 0x0, 0x0, 0x3ff, 0xfffffffe, 0x0, 0x5d1, 0x1, 0x0, 0x0, 0x8, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7, 0xfffffffd]}]}}]}, 0x45c}}, 0x0)

2.707665662s ago: executing program 1 (id=4432):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000ffff2dbd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="b02e000000000200240012800b1201006970766c616e0000140002800600010002000000060002000200000008000500", @ANYRES32=r1], 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2.67429486s ago: executing program 4 (id=4433):
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="14000000100001000000fffffff400000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000180100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008740000000c0a95c900000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e7465720004000280140001800c0001"], 0xe4}}, 0x0)

2.09322678s ago: executing program 4 (id=4434):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)=ANY=[@ANYBLOB="140000001000010000000000000300000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000a4000000060a010400000000000000000100000008000b40000000007c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000440001800c0001006269747769736500340002800800034000000002080001400000001408000240000000120c00058004000100040002800c000800000001008a9500000900010073797a30"], 0x118}, 0x1, 0x0, 0x0, 0x4000881}, 0x0)

1.975887942s ago: executing program 0 (id=4435):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000bc0))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000640)={0x1, 0x1, 0x0, &(0x7f0000000540)=""/35, &(0x7f00000005c0)=""/84, 0xeeee0000})
dup(r1)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@ra={0x94, 0x4, 0x1}]}}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0xfe}}}}}}}, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042406024424"], 0x0)
syz_usb_connect(0x4, 0x41, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x40, 0x7f, 0xe3, 0xff, 0x4d8, 0x82, 0xefc0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2f, 0x1, 0x9, 0x2, 0x80, 0x1, [{{0x9, 0x4, 0xf4, 0x80, 0x0, 0xc8, 0x74, 0x8f, 0x2, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x101}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x2, 0xf012, 0xc}, {0x6, 0x24, 0x1a, 0x40, 0x20}}]}}]}}]}}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c00000058", @ANYBLOB="000000bb44"], 0x1c}, 0x1, 0x0, 0x0, 0xc15300485f7bf36a}, 0x480b1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_kvm_add_vcpu$x86(0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000800)=ANY=[@ANYBLOB, @ANYRES64=0x0])
openat$kvm(0xffffff9c, 0x0, 0x80800, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
ioctl$SNAPSHOT_UNFREEZE(0xffffffffffffffff, 0x3302)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$nl802154(&(0x7f0000007e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ef030000000f000008", @ANYRES32, @ANYBLOB="1c00128009000100766c959e602f23046e0000"], 0x44}}, 0x4004850)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r3, &(0x7f0000000100)={0x1f, @none}, 0x8)

1.61845891s ago: executing program 1 (id=4436):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket(0x8, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000140)={0x1, 0xbdbf, 0xa, 0x4, 0x6c6, 0x9, 0xc, 0x2, r2}, &(0x7f0000000180)=0x20)

1.385063559s ago: executing program 4 (id=4437):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x10, 0x2a43, &(0x7f0000006680))
fchown(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x497, &(0x7f0000000340)={0x0, 0x9013, 0x2, 0x3, 0x165}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000180)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x3, 0x8})
io_uring_enter(r4, 0x3517, 0x173d, 0x42, 0x0, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_io_uring_setup(0x49f, 0x0, 0x0, 0x0)
r7 = userfaultfd(0x801)
r8 = getpid()
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_WRITEPROTECT(r7, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)

1.383560896s ago: executing program 1 (id=4438):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f00000000c0), 0x8, &(0x7f00000002c0)={[{@grpquota}]})
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
clock_adjtime(0x5, &(0x7f0000000f80)={0x9, 0x80, 0x8000000000000001, 0x3, 0x6, 0x8, 0x31d3, 0xb0e8, 0x1000, 0x7, 0xb, 0xfffffffffffffffe, 0x10000, 0xcf, 0x0, 0x70, 0x8, 0x80000000, 0x5, 0x1000, 0x7e6, 0x14, 0x5, 0x9, 0xfffffffffffff894, 0x7ba})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="3a7f083eb4fa00f032866a40053180d6fe7c06f37e3a01372f665f49fc6b7c309137e1ab4c24b94b49afd2a73c98f01eda277552761636f20dc9b8a4f2a68de7df12dc0c03226d9f2d943b68c37f7b7db00014191f9517de36357a3c2164ac8b51d75a4156ce8fbe3f9d173fb7372235d784308349b5395cc77299dae925a5430126bfca24877bef963163dd1193ce0f3e1c945e94c403d7919d8733b9fb8a1b6d3fd05739ed0ffb6022126572d95877375ca2a6a66a9e5f5cca313e6e", @ANYRES16=r4, @ANYBLOB="31832abd7000000000001900000018000180140002007369743000"/38], 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x4886)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="0c3abdc0a51af2bc96fda4a568719e865001f22442da92f5b2f8c24b8ade8c2ee9da8b387f62b37877a66fd81baf99c57c9c8564917e3295bb3c407bbc2d362fe09e9ff228ee995194e4aa4b4af79987f81e73d292c9d4899e3f40af6d12dc2a05c54f4ef0a026b9a93599951e312fcd5db044f1e532918b73ff6631e3075c4126a7af527ca96d6786ef6d477445631582b8c2", @ANYRES16=r0, @ANYBLOB="01000000000000000000020000000900010073797a3000000000"], 0x20}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x3}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x9af33139c2c4eaae}, 0x20)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r11, r10, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r11}, &(0x7f0000000000), &(0x7f0000000080)=r7}, 0x20)
recvmsg(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000001c40)=""/4096, 0x8ec0}], 0x1}, 0x0)
sendmsg$inet(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f00000001c0)={'batadv_slave_1\x00', {0x2, 0x4e20, @empty}})
write$cgroup_int(r12, &(0x7f0000000000), 0xffffff6a)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000008c0)={0x2c, &(0x7f0000000740)={0x40, 0x23, 0xb0, {0xb0, 0x11, "3b178a7283cdfa15a8cd367606e291fa2a42803eb6b6e225abd3ada414f504e18a922a1ba4a1d8cb7bf08a7a5d25093167965104ce1b25a2bdeaeec58cca25adc8e073762b1236419e767d5de24f07ccd313a34d897e35f02e36ffe4060671ea9a9bd6cc16f783c26c358d0af85af909284ee8fda3edc86167ddcc79309f2c0de1de1d2f3edcd64e555d7c44246df2d7e690ff5755445cd1eeff909faf5ade14a1f619efd55d2c56ff54a0f08b9f"}}, &(0x7f0000000300)={0x0, 0x3, 0x9, @string={0x9, 0x3, "23822b858ba53c"}}, &(0x7f0000000800)={0x0, 0xf, 0x1f, {0x5, 0xf, 0x1f, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x0, 0x7, 0xff01}, @ssp_cap={0x10, 0x10, 0xa, 0xb, 0x1, 0x107, 0xf00, 0xbbc4, [0x0]}]}}, &(0x7f0000000840)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x80, 0x10, 0x3, "f768ed39", "84190167"}}, &(0x7f0000000880)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x21, 0x3, 0x3, 0xe7, 0x4, 0x4, 0x7}}}, &(0x7f0000000e00)={0x84, &(0x7f0000000940)=ANY=[@ANYBLOB="200cf0000000dae95ea5dfceaa8d28a3172b5e9c4d463273e2f01365899587e4dd17cb6ab523fdf6740bc84a7b8637a4902c0b05b2079500c27666367e3d7fc53a0f59cebefb20f3bbe0a2de04a897ff750a4d5a4dc175be819a7a17c88ed3409a137f811e327cb9ae48043583ad78138206478401e312430b69dc61a412f93e7ced373ab2a3fea9368cba55e0cedee499bfa3cfb210221fde5728a758eb70d6b9dbfc7a6582070a63561f621630fbb3cbd676d339bb7531b0dd7ba7a00e2e280c9efb94b296c30b94845823d7fecd954be67718e855ecdda7d5c7c02727d50800000000000000002a1161840e3633976e298919f5ee"], &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000a80)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000ac0)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000b00)={0x20, 0x0, 0x4, {0xc0, 0x1}}, &(0x7f0000000b40)={0x40, 0x7, 0x2, 0xfffa}, &(0x7f0000000b80)={0x40, 0x9, 0x1, 0x4}, &(0x7f0000000bc0)={0x40, 0xb, 0x2, "1cb0"}, &(0x7f0000000c00)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000000c40)={0x40, 0x13, 0x6, @random="206c0623a147"}, &(0x7f0000000c80)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000cc0)={0x40, 0x19, 0x2, '\"W'}, &(0x7f0000000d00)={0x40, 0x1a, 0x2, 0xc}, &(0x7f0000000d40)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000000d80)={0x40, 0x1e, 0x1, 0x6}, &(0x7f0000000dc0)={0x40, 0x21, 0x1, 0x7}})
sendfile(r6, r12, 0x0, 0xffffffff000)

1.358723729s ago: executing program 5 (id=4439):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="9da87938a806d86179f3e2b77db152b9244e94"], 0x0}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10031, 0xffffffffffffffff, 0x65be1000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x1)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x5, 0x13, 0x1, 0x8, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5, 0x6}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0xffffff01, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0x2, 0x0, 0x4}]})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x5, 0x7fff, 0x1000200004, 0x4, 0x2, 0x0, 0x1], 0x8080000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_PIT2(r4, 0x4070aea0, 0x0)
r6 = syz_socket_connect_nvme_tcp()
recvmsg$inet_nvme(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000540)=""/137, 0x89}, {&(0x7f0000000600)=""/141, 0x8d}, {&(0x7f00000006c0)=""/185, 0xb9}], 0x3, &(0x7f0000000780)=""/26, 0x1a}, 0x40010061)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TLS_TX(r7, 0x6, 0x1, &(0x7f0000000240)=@gcm_128={{}, "ecb9d06d2d6e459d", "9ab7e8da5fbd3fc91d33e32cd9f5bddb", "6973ca9e", "e80ebfa5ac114dfa"}, 0x28)

444.332229ms ago: executing program 0 (id=4440):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_clone(0xba05d480, 0x0, 0x11, 0x0, 0x0, 0x0)
r2 = openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r5, 0x0, r7, 0x0, 0x88000cc, 0x0)
fcntl$setpipe(r6, 0x407, 0x100004)
write$eventfd(r6, &(0x7f0000000240), 0xffffff14)
sendmsg$nl_route_sched(r3, 0x0, 0x2400c800)
write$6lowpan_control(r2, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
r8 = inotify_init1(0x80800)
r9 = socket$inet6(0xa, 0x5, 0x5)
setsockopt$inet6_int(r9, 0x29, 0x1000000000021, 0x0, 0x0)
inotify_add_watch(r8, &(0x7f0000000180)='./control\x00', 0x64000ba6)
inotify_add_watch(r4, 0x0, 0xa4000960)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000080))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x122}}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)

0s ago: executing program 2 (id=4441):
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x48004)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(0x0, 0x0)
keyctl$setperm(0x5, 0x0, 0x30925)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

: partition table beyond EOD, truncated
[ 1015.139035][T22014] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[ 1015.139035][T22014] 
) failed (rc=-5)
[ 1015.635927][T22035] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1015.635951][T22035] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1015.716329][T22035] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1015.716352][T22035] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1016.872679][T22067] netlink: 'syz.0.3284': attribute type 10 has an invalid length.
[ 1016.932593][T22067] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1016.997696][T22067] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1017.152126][   T30] audit: type=1400 audit(1757361817.146:3070): avc:  denied  { read } for  pid=22065 comm="syz.0.3284" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 1017.590378][   T30] audit: type=1400 audit(1757361817.146:3071): avc:  denied  { open } for  pid=22065 comm="syz.0.3284" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 1018.485131][   T30] audit: type=1400 audit(1757361818.172:3072): avc:  denied  { write } for  pid=22086 comm="syz.5.3288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1019.648928][T22102] syzkaller0: entered promiscuous mode
[ 1019.654422][T22102] syzkaller0: entered allmulticast mode
[ 1019.666589][T13561] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1020.271737][T13561] usb 2-1: Using ep0 maxpacket: 8
[ 1020.356858][T13561] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1020.979618][T13561] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.279964][ T5923] kworker/1:5 (5923) used greatest stack depth: 18536 bytes left
[ 1021.290001][T13561] usb 2-1: config 0 descriptor??
[ 1021.541169][T13561] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1021.579180][T13545] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1022.046879][T13545] usb 3-1: Using ep0 maxpacket: 16
[ 1022.091424][T22104] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1022.101406][T13545] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1022.110089][T13545] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1022.395098][T13545] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1022.444842][   T30] audit: type=1400 audit(1757361822.124:3073): avc:  denied  { accept } for  pid=22103 comm="syz.1.3292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[ 1022.493967][T13545] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1022.504291][T13545] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1022.512552][T13545] usb 3-1: Product: syz
[ 1022.519963][T13545] usb 3-1: Manufacturer: syz
[ 1022.563371][T13561] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1022.587209][T13561] asix 2-1:0.0: probe with driver asix failed with error -71
[ 1022.594936][T13545] usb 3-1: SerialNumber: syz
[ 1022.611491][ T7169] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1022.635550][T13561] usb 2-1: USB disconnect, device number 45
[ 1022.801922][ T7169] usb 5-1: Using ep0 maxpacket: 8
[ 1022.817747][ T7169] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1022.828143][ T7169] usb 5-1: config 179 has no interface number 0
[ 1022.848508][ T7169] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1022.875776][ T7169] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1022.939747][ T7169] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1022.951462][ T7169] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1022.973613][ T7169] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1023.001899][ T7169] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1023.099485][ T7169] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1023.144128][T13545] usb 3-1: 0:2 : does not exist
[ 1023.194089][T22147] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1023.759282][T22185] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3302'.
[ 1023.782831][T22185] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3302'.
[ 1023.955683][T22193] binder: BINDER_SET_CONTEXT_MGR already set
[ 1023.961915][T22193] binder: 22191:22193 ioctl 4018620d 200000000040 returned -16
[ 1023.978815][T22147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1025.014263][T22147] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1025.050634][T13561] usb 3-1: USB disconnect, device number 68
[ 1025.537891][   T30] audit: type=1400 audit(1757361825.030:3074): avc:  denied  { connect } for  pid=22208 comm="syz.0.3305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1026.038901][T22235] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[ 1026.245780][T22238] netlink: 'syz.2.3309': attribute type 10 has an invalid length.
[ 1026.245807][T22238] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3309'.
[ 1026.548352][T22238] team0: Port device geneve0 added
[ 1027.289477][ T5930] usb 5-1: USB disconnect, device number 49
[ 1027.295431][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1027.295474][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1028.075902][ T5862] Bluetooth: hci5: command 0x0406 tx timeout
[ 1028.692770][T22271] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1028.768077][T22299] FAULT_INJECTION: forcing a failure.
[ 1028.768077][T22299] name failslab, interval 1, probability 0, space 0, times 0
[ 1028.783239][T22299] CPU: 1 UID: 0 PID: 22299 Comm: syz.0.3321 Not tainted syzkaller #0 PREEMPT(full) 
[ 1028.783264][T22299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1028.783274][T22299] Call Trace:
[ 1028.783281][T22299]  <TASK>
[ 1028.783288][T22299]  dump_stack_lvl+0x16c/0x1f0
[ 1028.783315][T22299]  should_fail_ex+0x512/0x640
[ 1028.783337][T22299]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1028.783358][T22299]  should_failslab+0xc2/0x120
[ 1028.783379][T22299]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1028.783397][T22299]  ? init_file+0x5d/0x4c0
[ 1028.783418][T22299]  ? security_file_alloc+0x34/0x2b0
[ 1028.783448][T22299]  security_file_alloc+0x34/0x2b0
[ 1028.783483][T22299]  init_file+0x93/0x4c0
[ 1028.783505][T22299]  alloc_empty_file+0x73/0x1e0
[ 1028.783529][T22299]  path_openat+0xda/0x2cb0
[ 1028.783546][T22299]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1028.783573][T22299]  ? __pfx_path_openat+0x10/0x10
[ 1028.783605][T22299]  do_filp_open+0x20b/0x470
[ 1028.783626][T22299]  ? __pfx_do_filp_open+0x10/0x10
[ 1028.783664][T22299]  ? alloc_fd+0x471/0x7d0
[ 1028.783691][T22299]  do_sys_openat2+0x11b/0x1d0
[ 1028.783715][T22299]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1028.783741][T22299]  ? __fget_files+0x20e/0x3c0
[ 1028.783765][T22299]  __x64_sys_openat+0x174/0x210
[ 1028.783789][T22299]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1028.783811][T22299]  ? ksys_write+0x1ac/0x250
[ 1028.783835][T22299]  do_syscall_64+0xcd/0x4c0
[ 1028.783860][T22299]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1028.783878][T22299] RIP: 0033:0x7f794a98ebe9
[ 1028.783893][T22299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1028.783910][T22299] RSP: 002b:00007f794b861038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1028.783928][T22299] RAX: ffffffffffffffda RBX: 00007f794abc5fa0 RCX: 00007f794a98ebe9
[ 1028.783940][T22299] RDX: 0000000000002040 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1028.783952][T22299] RBP: 00007f794b861090 R08: 0000000000000000 R09: 0000000000000000
[ 1028.783962][T22299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1028.783973][T22299] R13: 00007f794abc6038 R14: 00007f794abc5fa0 R15: 00007ffe865a9ac8
[ 1028.783997][T22299]  </TASK>
[ 1029.571950][T13545] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1031.723624][T22340] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3327'.
[ 1032.483231][T22365] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3332'.
[ 1033.682474][ T5930] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1034.160771][ T5930] usb 3-1: device descriptor read/64, error -71
[ 1035.137217][ T5930] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1035.533770][ T5930] usb 3-1: device descriptor read/64, error -71
[ 1035.593946][T22421] tipc: Can't bind to reserved service type 0
[ 1035.673571][ T5930] usb usb3-port1: attempt power cycle
[ 1036.267300][ T5930] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1036.280679][T22437] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3345'.
[ 1036.299577][ T5930] usb 3-1: device descriptor read/8, error -71
[ 1036.332518][   T30] audit: type=1400 audit(1757361835.183:3075): avc:  denied  { map } for  pid=22436 comm="syz.4.3345" path="socket:[60910]" dev="sockfs" ino=60910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1036.356850][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1037.010720][ T5930] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1037.065490][T13545] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1037.087237][ T5930] usb 3-1: device descriptor read/8, error -71
[ 1037.681348][ T5930] usb usb3-port1: unable to enumerate USB device
[ 1037.782128][T13545] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1037.793004][T13545] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1037.803985][T13545] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1037.817305][T13545] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1037.826520][T13569] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 1037.826537][T13545] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1037.851720][T13545] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1037.879835][T13545] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2
[ 1037.889352][T21211] udevd[21211]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1038.002804][T13569] usb 2-1: Using ep0 maxpacket: 16
[ 1038.139675][T13545] usb 5-1: USB disconnect, device number 51
[ 1038.170171][T13569] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1038.195873][T13569] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1038.284843][T13569] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1038.296642][T22503] fuse: Bad value for 'fd'
[ 1038.305203][T13569] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1038.919295][T22504] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3354'.
[ 1039.130940][T13569] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1039.223031][T13569] usb 2-1: Product: syz
[ 1039.245965][T13569] usb 2-1: Manufacturer: syz
[ 1039.277417][T13569] usb 2-1: SerialNumber: syz
[ 1039.664269][ T5957] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1039.830007][T13569] usb 2-1: 0:2 : does not exist
[ 1039.854438][T13569] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 1040.015448][ T5957] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1040.343332][T22492] Bluetooth: hci1: command 0x0406 tx timeout
[ 1040.447150][T13569] usb 2-1: USB disconnect, device number 46
[ 1040.453517][ T5957] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1040.466472][ T5957] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1040.498317][T21211] udevd[21211]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1040.574664][ T5957] usb 1-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1040.589261][T22548] FAULT_INJECTION: forcing a failure.
[ 1040.589261][T22548] name failslab, interval 1, probability 0, space 0, times 0
[ 1040.608336][T22548] CPU: 1 UID: 0 PID: 22548 Comm: syz.1.3358 Not tainted syzkaller #0 PREEMPT(full) 
[ 1040.608357][T22548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1040.608367][T22548] Call Trace:
[ 1040.608373][T22548]  <TASK>
[ 1040.608379][T22548]  dump_stack_lvl+0x16c/0x1f0
[ 1040.608405][T22548]  should_fail_ex+0x512/0x640
[ 1040.608427][T22548]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[ 1040.608446][T22548]  should_failslab+0xc2/0x120
[ 1040.608467][T22548]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[ 1040.608486][T22548]  ? __d_alloc+0x32/0xae0
[ 1040.608511][T22548]  __d_alloc+0x32/0xae0
[ 1040.608536][T22548]  d_alloc_parallel+0x111/0x1480
[ 1040.608569][T22548]  ? find_held_lock+0x2b/0x80
[ 1040.608593][T22548]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 1040.608622][T22548]  ? __d_lookup+0x266/0x4a0
[ 1040.608651][T22548]  lookup_open.isra.0+0x665/0x1580
[ 1040.608687][T22548]  ? __pfx_lookup_open.isra.0+0x10/0x10
[ 1040.608726][T22548]  ? __pfx_down_write+0x10/0x10
[ 1040.608749][T22548]  ? mnt_get_write_access+0x20c/0x300
[ 1040.608778][T22548]  path_openat+0x893/0x2cb0
[ 1040.608807][T22548]  ? __pfx_path_openat+0x10/0x10
[ 1040.608832][T22548]  do_filp_open+0x20b/0x470
[ 1040.608851][T22548]  ? __pfx_do_filp_open+0x10/0x10
[ 1040.608885][T22548]  ? alloc_fd+0x471/0x7d0
[ 1040.608907][T22548]  do_sys_openat2+0x11b/0x1d0
[ 1040.608930][T22548]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1040.608955][T22548]  ? __fget_files+0x20e/0x3c0
[ 1040.608977][T22548]  __x64_sys_openat+0x174/0x210
[ 1040.609000][T22548]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1040.609020][T22548]  ? ksys_write+0x1ac/0x250
[ 1040.609045][T22548]  do_syscall_64+0xcd/0x4c0
[ 1040.609068][T22548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.609085][T22548] RIP: 0033:0x7fae0418ebe9
[ 1040.609099][T22548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1040.609113][T22548] RSP: 002b:00007fae050c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1040.609128][T22548] RAX: ffffffffffffffda RBX: 00007fae043c5fa0 RCX: 00007fae0418ebe9
[ 1040.609139][T22548] RDX: 0000000000002040 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1040.609149][T22548] RBP: 00007fae050c8090 R08: 0000000000000000 R09: 0000000000000000
[ 1040.609159][T22548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1040.609169][T22548] R13: 00007fae043c6038 R14: 00007fae043c5fa0 R15: 00007ffd0f842a88
[ 1040.609193][T22548]  </TASK>
[ 1040.929960][ T5957] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1040.949376][ T5957] usb 1-1: config 0 descriptor??
[ 1040.975686][T22555] Bluetooth: MGMT ver 1.23
[ 1041.248749][T22560] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3360'.
[ 1041.300095][T22512] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1041.572087][T22512] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1041.643495][   T30] audit: type=1800 audit(1757361840.172:3076): pid=22512 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3355" name="bus" dev="overlay" ino=308 res=0 errno=0
[ 1041.980822][ T5957] usbhid 1-1:0.0: can't add hid device: -71
[ 1041.988373][ T5957] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1042.028343][ T5957] usb 1-1: USB disconnect, device number 66
[ 1042.103081][   T30] audit: type=1804 audit(1757361840.172:3077): pid=22512 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3355" name="/newroot/54/bus/bus" dev="overlay" ino=308 res=1 errno=0
[ 1042.900005][T22598] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1042.912290][T22598] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1043.056726][T22600] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3365'.
[ 1043.496271][ T5957] IPVS: starting estimator thread 0...
[ 1043.633299][T22602] IPVS: using max 82 ests per chain, 196800 per kthread
[ 1043.667782][   T30] audit: type=1400 audit(1757361842.079:3078): avc:  denied  { create } for  pid=22607 comm="syz.2.3368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[ 1043.741332][T22618] netlink: '#! ./file0
[ 1043.741332][T22618] ': attribute type 1 has an invalid length.
[ 1043.892554][T22618] netlink: 16 bytes leftover after parsing attributes in process `#! ./file0
[ 1043.892554][T22618] '.
[ 1044.344380][T13564] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 1044.460223][T22624] netlink: 'syz.5.3370': attribute type 11 has an invalid length.
[ 1044.508083][T13564] usb 2-1: Using ep0 maxpacket: 16
[ 1044.551936][T13564] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1044.560796][T13564] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1044.573538][T13564] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1044.586929][T13564] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1044.599967][T13564] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1044.609072][T13564] usb 2-1: Product: syz
[ 1044.615738][T13564] usb 2-1: Manufacturer: syz
[ 1044.620419][T13564] usb 2-1: SerialNumber: syz
[ 1045.322760][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[ 1045.330110][T13564] usb 2-1: 0:2 : does not exist
[ 1045.335275][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[ 1045.342769][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[ 1045.350531][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[ 1045.376626][T13564] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 1045.839756][T13564] usb 2-1: USB disconnect, device number 47
[ 1047.516542][   T30] audit: type=1400 audit(1757361845.666:3079): avc:  denied  { shutdown } for  pid=22671 comm="syz.4.3378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1047.553208][T22678] netlink: 'syz.5.3380': attribute type 10 has an invalid length.
[ 1047.561104][T22678] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3380'.
[ 1047.572505][T22678] team0: entered promiscuous mode
[ 1047.577553][T22678] team_slave_0: entered promiscuous mode
[ 1047.592800][T22678] team_slave_1: entered promiscuous mode
[ 1047.597138][   T30] audit: type=1400 audit(1757361845.666:3080): avc:  denied  { map } for  pid=22671 comm="syz.4.3378" path="socket:[61148]" dev="sockfs" ino=61148 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1047.654924][   T30] audit: type=1400 audit(1757361845.666:3081): avc:  denied  { read accept } for  pid=22671 comm="syz.4.3378" path="socket:[61148]" dev="sockfs" ino=61148 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1047.679221][T22678] team0: entered allmulticast mode
[ 1047.684358][T22678] team_slave_0: entered allmulticast mode
[ 1047.700670][T22678] team_slave_1: entered allmulticast mode
[ 1047.707095][T22678] bridge0: port 3(team0) entered blocking state
[ 1047.727623][T22678] bridge0: port 3(team0) entered disabled state
[ 1047.837476][T22688] netlink: 'syz.2.3381': attribute type 21 has an invalid length.
[ 1047.845684][T22688] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3381'.
[ 1048.132818][T22678] bridge0: port 3(team0) entered blocking state
[ 1048.139244][T22678] bridge0: port 3(team0) entered forwarding state
[ 1048.360221][   T30] audit: type=1400 audit(1757361846.483:3082): avc:  denied  { write } for  pid=22695 comm="syz.4.3383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1048.381649][T22688] netlink: 'syz.2.3381': attribute type 5 has an invalid length.
[ 1048.392401][T22688] netlink: 'syz.2.3381': attribute type 6 has an invalid length.
[ 1048.408076][T22688] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3381'.
[ 1050.343868][   T30] audit: type=1400 audit(1757362104.277:3083): avc:  denied  { create } for  pid=22733 comm="syz.5.3391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1050.662808][T22747] fuse: Bad value for 'fd'
[ 1050.689524][   T30] audit: type=1326 audit(1757362104.576:3084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22737 comm="syz.1.3393" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae0418ebe9 code=0x0
[ 1050.799170][T22748] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3394'.
[ 1051.469156][T22767] QAT: failed to copy from user cfg_data.
[ 1051.493677][T22769] netlink: 'syz.5.3398': attribute type 4 has an invalid length.
[ 1051.583572][T22772] netlink: 'syz.5.3398': attribute type 4 has an invalid length.
[ 1051.700705][   T30] audit: type=1400 audit(1757362105.605:3085): avc:  denied  { relabelfrom } for  pid=22771 comm="syz.2.3401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1051.835086][   T30] audit: type=1400 audit(1757362105.605:3086): avc:  denied  { relabelto } for  pid=22771 comm="syz.2.3401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1052.311135][T22789] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3403'.
[ 1053.038181][T22795] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[ 1053.048275][T22795] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[ 1053.057496][T22795] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[ 1053.530238][T22815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3407'.
[ 1054.125493][T13545] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1054.874519][T13545] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1054.884907][T13545] usb 3-1: config 0 has no interface number 0
[ 1054.891837][T13545] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1054.903192][T13545] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1054.915848][T13545] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1055.005095][T13545] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[ 1055.014915][T13545] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1055.052137][T13545] usb 3-1: config 0 descriptor??
[ 1055.414666][T13564] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 1055.533730][T13545] usbhid 3-1:0.1: can't add hid device: -71
[ 1055.539727][T13545] usbhid 3-1:0.1: probe with driver usbhid failed with error -71
[ 1055.568756][T13545] usb 3-1: USB disconnect, device number 73
[ 1055.583308][T13564] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1056.076987][T13564] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1056.088919][T13564] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1056.139859][T13564] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1056.165433][T13564] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1056.183763][T13564] usb 5-1: config 0 descriptor??
[ 1056.472639][T22834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1056.485637][T22834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1056.918390][T13564] usbhid 5-1:0.0: can't add hid device: -71
[ 1056.932184][   T30] audit: type=1800 audit(1757362110.133:3087): pid=22834 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.3412" name="bus" dev="overlay" ino=617 res=0 errno=0
[ 1056.956315][   T30] audit: type=1804 audit(1757362110.142:3088): pid=22834 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.3412" name="/newroot/113/bus/bus" dev="overlay" ino=617 res=1 errno=0
[ 1056.982910][T13564] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1057.015430][T22880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3418'.
[ 1057.025170][T13564] usb 5-1: USB disconnect, device number 52
[ 1057.378834][T22474] libceph: connect (1)[c::]:6789 error -101
[ 1057.385755][T22474] libceph: mon0 (1)[c::]:6789 connect error
[ 1057.531440][T22890] vxfs: WRONG superblock magic 00000000 at 1
[ 1057.539592][T22890] vxfs: WRONG superblock magic 00000000 at 8
[ 1057.546118][T22890] vxfs: can't find superblock.
[ 1057.885236][T22886] ceph: No mds server is up or the cluster is laggy
[ 1058.824592][T22908] new mount options do not match the existing superblock, will be ignored
[ 1059.301007][T22919] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3423'.
[ 1059.410071][   T30] audit: type=1400 audit(1757362112.817:3089): avc:  denied  { map } for  pid=22923 comm="syz.5.3425" path="socket:[62032]" dev="sockfs" ino=62032 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1059.518076][T22934] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3428'.
[ 1059.574879][T13564] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1059.782625][T22943] overlayfs: failed to clone upperpath
[ 1060.249827][T13564] usb 2-1: device descriptor read/64, error -71
[ 1060.720519][T13564] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1060.803378][T22951] mkiss: ax0: crc mode is auto.
[ 1060.877410][T13564] usb 2-1: device descriptor read/64, error -71
[ 1062.117779][T13564] usb usb2-port1: attempt power cycle
[ 1062.286906][T22966] netlink: 'syz.2.3434': attribute type 10 has an invalid length.
[ 1062.296958][T22966] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3434'.
[ 1062.513066][T13564] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1062.611382][T22976] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3436'.
[ 1062.623689][T22976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3436'.
[ 1062.807882][T13564] usb 2-1: device not accepting address 50, error -71
[ 1062.817463][T22966] geneve0: entered promiscuous mode
[ 1063.026057][T22986] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1063.035434][T22983] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3438'.
[ 1063.982339][T23013] overlayfs: failed to clone upperpath
[ 1064.077774][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1064.091401][T22997] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1064.098886][T22997] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1064.168333][T22997] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1064.217584][T22997] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1064.369973][T22997] bond0: (slave batadv0): Releasing backup interface
[ 1064.707894][T23026] ptrace attach of "./syz-executor exec"[20238] was attempted by ""[23026]
[ 1064.758085][T23026] netlink: 'syz.2.3446': attribute type 21 has an invalid length.
[ 1064.767883][T23026] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3446'.
[ 1064.777305][T23026] netlink: 'syz.2.3446': attribute type 4 has an invalid length.
[ 1064.786167][T23026] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3446'.
[ 1064.796799][T23026] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3446'.
[ 1064.806204][T23026] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3446'.
[ 1064.846739][T23028] fuse: Bad value for 'fd'
[ 1064.940442][T23033] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3445'.
[ 1065.308907][T23036] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1065.316394][T23036] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1065.901296][T23036] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1065.945487][T23042] QAT: failed to copy from user cfg_data.
[ 1065.966143][T23036] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1066.349265][T23044] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3451'.
[ 1066.431091][T23045] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3449'.
[ 1067.667053][   T30] audit: type=1400 audit(1757362120.553:3090): avc:  denied  { write } for  pid=23082 comm="syz.0.3458" name="usbmon6" dev="devtmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1067.772773][T13545] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 1067.946077][T13545] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1067.959345][T13545] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1068.015499][T13545] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1068.139566][T13545] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1068.164994][T13545] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1068.640094][T13545] usb 5-1: config 0 descriptor??
[ 1069.587525][T23100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1069.604296][T23100] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1069.905163][   T30] audit: type=1800 audit(1757362122.639:3091): pid=23077 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.3456" name="bus" dev="overlay" ino=667 res=0 errno=0
[ 1069.927136][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1070.231457][   T30] audit: type=1804 audit(1757362122.723:3092): pid=23077 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.3456" name="/newroot/121/bus/bus" dev="overlay" ino=667 res=1 errno=0
[ 1070.280182][T13545] usbhid 5-1:0.0: can't add hid device: -71
[ 1070.318709][T13545] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1070.463936][T13545] usb 5-1: USB disconnect, device number 53
[ 1072.100705][ T5853] Bluetooth: hci2: command 0x0406 tx timeout
[ 1072.193583][T23182] netlink: 'syz.1.3467': attribute type 4 has an invalid length.
[ 1072.208742][T23182] netlink: 'syz.1.3467': attribute type 17 has an invalid length.
[ 1072.508268][T23194] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3468'.
[ 1072.537129][T23197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3470'.
[ 1072.641070][T23199] ptrace attach of "./syz-executor exec"[19413] was attempted by "./syz-executor exec"[23199]
[ 1072.978240][T23213] SELinux:  Context system_u:object_r:fixed_disk_device_t:s0 is not valid (left unmapped).
[ 1073.074926][   T30] audit: type=1400 audit(1757362125.548:3093): avc:  denied  { relabelto } for  pid=23210 comm="syz.4.3472" name="file0" dev="tmpfs" ino=683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fixed_disk_device_t:s0"
[ 1073.104067][T23230] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1073.168038][   T30] audit: type=1400 audit(1757362125.548:3094): avc:  denied  { associate } for  pid=23210 comm="syz.4.3472" name="file0" dev="tmpfs" ino=683 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fixed_disk_device_t:s0"
[ 1073.199304][   T30] audit: type=1400 audit(1757362125.604:3095): avc:  denied  { setattr } for  pid=23210 comm="syz.4.3472" name="file0" dev="tmpfs" ino=683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fixed_disk_device_t:s0"
[ 1073.233051][T23237] netlink: 'syz.2.3474': attribute type 10 has an invalid length.
[ 1073.240978][T23237] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3474'.
[ 1073.249949][T23237] geneve0: left promiscuous mode
[ 1073.254860][T23237] geneve0: entered allmulticast mode
[ 1073.268015][T23230] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1073.313841][   T30] audit: type=1400 audit(1757362125.829:3096): avc:  denied  { unlink } for  pid=16969 comm="syz-executor" name="file0" dev="tmpfs" ino=683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fixed_disk_device_t:s0"
[ 1073.543804][ T5957] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1074.182175][ T5957] usb 2-1: Using ep0 maxpacket: 8
[ 1074.198720][ T5957] usb 2-1: config index 0 descriptor too short (expected 19222, got 18)
[ 1074.213221][ T5957] usb 2-1: config 28 has too many interfaces: 241, using maximum allowed: 32
[ 1074.252880][ T5957] usb 2-1: config 28 has 1 interface, different from the descriptor's value: 241
[ 1074.253342][T23246] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1074.330018][T23249] netlink: 'syz.5.3477': attribute type 4 has an invalid length.
[ 1074.910921][ T5957] usb 2-1: config 28 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 14
[ 1074.948547][ T5957] usb 2-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=62.0d
[ 1075.014244][ T5957] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1075.039854][T23266] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3480'.
[ 1075.054847][ T5957] usb 2-1: Product: syz
[ 1075.071696][ T5957] usb 2-1: Manufacturer: syz
[ 1075.124749][T23270] fuse: Bad value for 'fd'
[ 1075.127592][ T5957] usb 2-1: SerialNumber: syz
[ 1075.787368][T13564] usb 2-1: USB disconnect, device number 52
[ 1076.019302][T23298] netlink: 'syz.5.3484': attribute type 10 has an invalid length.
[ 1076.039931][T23298] bridge0: port 3(team0) entered disabled state
[ 1076.048884][T23298] team0: left allmulticast mode
[ 1076.054877][T23298] team_slave_0: left allmulticast mode
[ 1076.062441][T23298] team_slave_1: left allmulticast mode
[ 1076.071855][T23298] team0: left promiscuous mode
[ 1076.077575][T23298] team_slave_0: left promiscuous mode
[ 1076.085082][T23298] team_slave_1: left promiscuous mode
[ 1076.091132][T23298] bridge0: port 3(team0) entered disabled state
[ 1076.148945][T23298] 8021q: adding VLAN 0 to HW filter on device team0
[ 1076.163884][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.171052][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.177920][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.197140][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.204035][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.211012][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.217889][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.224774][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.231782][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.238651][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.240055][T23298] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1076.245567][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.261767][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.268574][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.275455][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.283462][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.290281][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.297117][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.303974][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.310774][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.317636][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.328372][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.335154][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.342008][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.348851][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.355668][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.362532][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.370185][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.376972][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.383858][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.390682][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.397453][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.404298][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.411138][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.417923][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.424775][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.431560][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.438364][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.445218][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.452013][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.458835][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.465693][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.472493][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.484572][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.491637][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.498875][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.505762][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.512734][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.528515][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.535333][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.542952][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.549786][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.556570][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.563423][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.570193][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.577509][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.586465][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.593317][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.604414][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.611227][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.618134][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.625762][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.632965][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.639803][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.646588][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1076.653376][T22492] Bluetooth: hci4: unexpected event for opcode 0x2010
[ 1077.532057][T23338] QAT: failed to copy from user cfg_data.
[ 1078.386785][   T30] audit: type=1326 audit(1757362130.571:3097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23360 comm="syz.5.3499" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdac7d8ebe9 code=0x0
[ 1079.969512][T23381] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3503'.
[ 1081.959486][T23392] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3506'.
[ 1082.590219][T23430] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3515'.
[ 1082.637002][T23430] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3515'.
[ 1082.782925][T23430] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3515'.
[ 1082.972499][T23423] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1083.916272][T13568] usb 2-1: new full-speed USB device number 53 using dummy_hcd
[ 1084.184109][T13568] usb 2-1: config 0 has an invalid interface number: 23 but max is 0
[ 1084.192497][T13568] usb 2-1: config 0 has no interface number 0
[ 1084.229795][T13568] usb 2-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1084.250915][T13568] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1084.278887][T13568] usb 2-1: Product: syz
[ 1084.521884][T13568] usb 2-1: Manufacturer: syz
[ 1084.525507][T23487] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3519'.
[ 1084.587431][T13568] usb 2-1: SerialNumber: syz
[ 1084.622788][T13568] usb 2-1: config 0 descriptor??
[ 1084.647668][T13568] ftdi_sio 2-1:0.23: FTDI USB Serial Device converter detected
[ 1084.656467][T13568] usb 2-1: Detected SIO
[ 1084.667488][T13568] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1084.976805][T23511] tipc: Started in network mode
[ 1085.135830][T23511] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1085.166436][T23511] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1085.360370][T13564] usb 2-1: USB disconnect, device number 53
[ 1085.392733][T13564] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1085.437174][T13564] ftdi_sio 2-1:0.23: device disconnected
[ 1085.443710][T23520] program syz.4.3523 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1085.454752][   T30] audit: type=1400 audit(1757362137.166:3098): avc:  denied  { append } for  pid=23513 comm="syz.4.3523" name="sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1086.182945][T23532] 9pnet_fd: Insufficient options for proto=fd
[ 1086.556209][T13545] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1086.738099][T13545] usb 2-1: Using ep0 maxpacket: 16
[ 1086.795111][T13545] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1087.054087][T13545] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1087.071935][T23545] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3528'.
[ 1087.082214][T23545] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3528'.
[ 1087.099469][T13545] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1087.115802][T13545] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1087.138092][T13545] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1087.158436][T13545] usb 2-1: Product: syz
[ 1087.162597][T13545] usb 2-1: Manufacturer: syz
[ 1087.180014][T13545] usb 2-1: SerialNumber: syz
[ 1087.243429][T23558] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3531'.
[ 1087.401470][T23562] overlayfs: failed to clone upperpath
[ 1087.435361][ T5930] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1087.645743][T13545] usb 2-1: 0:2 : does not exist
[ 1087.660389][T13545] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 1087.689455][ T5930] usb 5-1: Using ep0 maxpacket: 8
[ 1087.756172][ T5930] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1087.765219][ T5930] usb 5-1: config 64 has an invalid interface number: 9 but max is 0
[ 1087.773264][ T5930] usb 5-1: config 64 has no interface number 0
[ 1088.217912][ T5930] usb 5-1: config 64 interface 9 altsetting 9 endpoint 0x4 has an invalid bInterval 185, changing to 7
[ 1088.247087][T13545] usb 2-1: USB disconnect, device number 54
[ 1088.253069][ T5930] usb 5-1: config 64 interface 9 has no altsetting 0
[ 1088.282737][ T5930] usb 5-1: string descriptor 0 read error: -22
[ 1088.302632][ T5930] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a7b, bcdDevice=3c.a7
[ 1088.316735][T23572] fuse: Bad value for 'fd'
[ 1088.341074][ T5930] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1088.601305][ T5930] usb 5-1: USB disconnect, device number 54
[ 1088.743482][T23619] fuse: Bad value for 'fd'
[ 1088.906559][T23624] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3541'.
[ 1089.306974][T23641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3545'.
[ 1089.324966][T23641] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3545'.
[ 1089.469875][ T5930] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1089.472042][T23645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3546'.
[ 1089.528245][T13545] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1089.645817][ T5930] usb 2-1: Using ep0 maxpacket: 16
[ 1089.677616][ T5930] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1089.761398][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1089.779572][T13545] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[ 1089.790828][ T5930] usb 2-1: Product: syz
[ 1089.795780][T13545] usb 1-1: config 1 has no interface number 0
[ 1089.802595][ T5930] usb 2-1: Manufacturer: syz
[ 1089.810190][T13545] usb 1-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[ 1089.823108][ T5930] usb 2-1: SerialNumber: syz
[ 1089.846458][ T5930] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1089.852882][T13545] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 1089.866103][ T5930] r8152-cfgselector 2-1: config 0 descriptor??
[ 1089.902012][T13545] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1089.931401][T13545] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 1089.960446][T13545] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1089.989052][T13545] usb 1-1: Product: syz
[ 1089.997120][T13545] usb 1-1: Manufacturer: syz
[ 1090.009252][T13545] usb 1-1: SerialNumber: syz
[ 1090.019283][T23634] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1090.887004][T23634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3544'.
[ 1090.902309][T23671] overlayfs: failed to clone upperpath
[ 1090.928081][ T5930] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1091.012371][ T5930] r8152-cfgselector 2-1: bad CDC descriptors
[ 1091.020796][T23634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1091.043819][ T5930] r8152-cfgselector 2-1: USB disconnect, device number 55
[ 1091.054099][T23634] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1091.095044][   T30] audit: type=1400 audit(1757362398.462:3099): avc:  denied  { bind } for  pid=23633 comm="syz.0.3544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1091.181321][T23689] lo: left promiscuous mode
[ 1091.191705][T23689] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1091.665952][T23698] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3554'.
[ 1091.676479][T23634] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1091.902075][T13545] usb 1-1: Incompatible driver and firmware versions
[ 1091.925813][T13545] usb 1-1: USB disconnect, device number 67
[ 1093.135862][T23723] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1093.143410][T23723] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1093.228647][T23736] ptrace attach of "./syz-executor exec"[19413] was attempted by "./syz-executor exec"[23736]
[ 1093.394459][T23736] create_pit_timer: 11 callbacks suppressed
[ 1093.394476][T23736] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1094.195869][ T5957] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1094.371054][ T5957] usb 5-1: Using ep0 maxpacket: 16
[ 1094.377765][ T5957] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1094.400181][ T5957] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1094.413942][ T5957] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1094.470516][ T5957] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[ 1094.479909][ T5957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1094.491689][ T5957] usb 5-1: Product: syz
[ 1094.500421][ T5957] usb 5-1: Manufacturer: syz
[ 1094.509454][ T5957] usb 5-1: SerialNumber: syz
[ 1094.609974][ T5957] usb 5-1: config 0 descriptor??
[ 1094.623701][ T5957] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[ 1094.632057][ T5957] gspca_stv06xx: st6422 sensor detected
[ 1094.839127][T23745] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1094.908833][T23748] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=33040 sclass=netlink_route_socket pid=23748 comm=syz.4.3557
[ 1094.930479][T23735] : entered promiscuous mode
[ 1094.939283][ T1206] syz1: Port: 1 Link DOWN
[ 1094.939318][ T7790] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1094.966047][ T5957] STV06xx 5-1:0.0: probe with driver STV06xx failed with error -71
[ 1094.974172][ T7790] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1095.001053][ T7790] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1095.016113][ T5957] usb 5-1: USB disconnect, device number 55
[ 1095.051583][ T7790] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1099.083638][T23818] netlink: 204 bytes leftover after parsing attributes in process `syz.1.3574'.
[ 1099.130718][ T5853] Bluetooth: hci0: command 0x0406 tx timeout
[ 1099.162241][T23825] 9pnet_fd: Insufficient options for proto=fd
[ 1099.491815][T13564] usb 2-1: new full-speed USB device number 56 using dummy_hcd
[ 1099.561270][T23840] netlink: 'syz.0.3577': attribute type 1 has an invalid length.
[ 1099.645762][T13564] usb 2-1: device descriptor read/64, error -71
[ 1099.688173][T23844] 9pnet_fd: Insufficient options for proto=fd
[ 1099.869597][T23840] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1099.903202][T23845] bond1: (slave batadv0): Opening slave failed
[ 1099.972989][T13564] usb 2-1: new full-speed USB device number 57 using dummy_hcd
[ 1100.112189][T13564] usb 2-1: device descriptor read/64, error -71
[ 1100.192645][T23890] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3579'.
[ 1100.220109][T23890] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3579'.
[ 1100.234119][T13564] usb usb2-port1: attempt power cycle
[ 1100.584831][ T5957] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1100.631719][T23904] bridge0: port 3(gretap0) entered blocking state
[ 1100.639060][T23904] bridge0: port 3(gretap0) entered disabled state
[ 1100.647948][T23904] gretap0: entered allmulticast mode
[ 1100.656568][T23904] gretap0: entered promiscuous mode
[ 1100.657160][T13564] usb 2-1: new full-speed USB device number 58 using dummy_hcd
[ 1100.663709][T23904] bridge0: port 3(gretap0) entered blocking state
[ 1100.676051][T23904] bridge0: port 3(gretap0) entered forwarding state
[ 1100.690928][T23910] gretap0: left allmulticast mode
[ 1100.696065][T13564] usb 2-1: device descriptor read/8, error -71
[ 1100.703108][T23910] gretap0: left promiscuous mode
[ 1100.709492][T23910] bridge0: port 3(gretap0) entered disabled state
[ 1100.756703][ T5957] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1100.769442][ T5957] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1100.781109][ T5957] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1100.794147][ T5957] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1100.803383][ T5957] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1100.825219][ T5957] usb 5-1: config 0 descriptor??
[ 1100.967209][T13564] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[ 1100.989003][T13564] usb 2-1: device descriptor read/8, error -71
[ 1101.097581][T23896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1101.107535][T13564] usb usb2-port1: unable to enumerate USB device
[ 1101.117799][T23896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1101.146638][   T30] audit: type=1800 audit(1757362407.863:3100): pid=23896 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.3581" name="bus" dev="overlay" ino=818 res=0 errno=0
[ 1101.177075][   T30] audit: type=1804 audit(1757362407.863:3101): pid=23896 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.3581" name="/newroot/149/bus/bus" dev="overlay" ino=818 res=1 errno=0
[ 1101.431641][ T5957] usbhid 5-1:0.0: can't add hid device: -71
[ 1101.439888][ T5957] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1101.466287][ T5957] usb 5-1: USB disconnect, device number 56
[ 1101.940781][T23931] netlink: 'syz.0.3588': attribute type 10 has an invalid length.
[ 1101.948591][T23931] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3588'.
[ 1101.976515][T23931] team0: Port device geneve0 added
[ 1104.711584][T24013] new mount options do not match the existing superblock, will be ignored
[ 1105.256963][   T30] audit: type=1400 audit(1757362411.689:3102): avc:  denied  { link } for  pid=24015 comm="syz.1.3608" name="#36" dev="tmpfs" ino=678 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1105.821905][   T30] audit: type=1400 audit(1757362411.698:3103): avc:  denied  { rename } for  pid=24015 comm="syz.1.3608" name="#37" dev="tmpfs" ino=678 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1105.907791][T24022] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3610'.
[ 1105.926042][T24022] team1: entered promiscuous mode
[ 1105.931133][T24022] team1: entered allmulticast mode
[ 1106.623435][   T30] audit: type=1400 audit(1757362412.979:3104): avc:  denied  { mount } for  pid=24058 comm="syz.1.3611" name="/" dev="autofs" ino=64763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1106.791660][T24067] netlink: 'syz.2.3613': attribute type 21 has an invalid length.
[ 1107.300806][T24067] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3613'.
[ 1107.312529][T24067] netlink: 'syz.2.3613': attribute type 5 has an invalid length.
[ 1107.320269][T24067] netlink: 'syz.2.3613': attribute type 6 has an invalid length.
[ 1107.327987][T24067] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3613'.
[ 1107.700255][   T30] audit: type=1400 audit(1757362413.990:3105): avc:  denied  { unmount } for  pid=17924 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1107.904159][T24098] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1107.919052][T24098] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3621'.
[ 1110.215865][T24163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3637'.
[ 1110.270933][T24163] bond0: entered promiscuous mode
[ 1110.277581][T24163] bond_slave_0: entered promiscuous mode
[ 1110.287159][T24163] bond_slave_1: entered promiscuous mode
[ 1110.298345][T24163] 8021q: adding VLAN 0 to HW filter on device macvlan0
[ 1110.307813][T24163] bond0: left promiscuous mode
[ 1110.313456][T24163] bond_slave_0: left promiscuous mode
[ 1110.319145][T24163] bond_slave_1: left promiscuous mode
[ 1111.029956][T24179] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3639'.
[ 1111.763359][T24183] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3640'.
[ 1112.684710][T24213] No control pipe specified
[ 1113.152684][T24226] netlink: 'syz.1.3648': attribute type 1 has an invalid length.
[ 1113.175338][T24226] netlink: 'syz.1.3648': attribute type 6 has an invalid length.
[ 1113.185108][T24226] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3648'.
[ 1114.756252][T24259] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3655'.
[ 1114.766363][T24259] 0�X��D: renamed from macvtap0 (while UP)
[ 1114.831785][T24259] 0�X��D: entered allmulticast mode
[ 1114.837183][T24259] veth0_macvtap: entered allmulticast mode
[ 1114.867741][T24259] A link change request failed with some changes committed already. Interface 
30�X��D may have been left with an inconsistent configuration, please check.
[ 1114.995945][T24259] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3655'.
[ 1116.804316][   T30] audit: type=1400 audit(1757362934.511:3106): avc:  denied  { ioctl } for  pid=24295 comm="syz.2.3668" path="socket:[66077]" dev="sockfs" ino=66077 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1117.077847][T24311] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3669'.
[ 1118.374177][T24323] sctp: [Deprecated]: syz.4.3673 (pid 24323) Use of int in max_burst socket option deprecated.
[ 1118.374177][T24323] Use struct sctp_assoc_value instead
[ 1118.594723][T13564] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1118.768665][T13564] usb 1-1: config 76 has an invalid interface number: 209 but max is 1
[ 1118.790775][T13564] usb 1-1: config 76 has an invalid interface number: 33 but max is 1
[ 1118.814597][T13564] usb 1-1: config 76 has an invalid interface number: 100 but max is 1
[ 1118.833153][T13564] usb 1-1: config 76 has 3 interfaces, different from the descriptor's value: 2
[ 1118.849907][T13564] usb 1-1: config 76 has no interface number 0
[ 1118.858750][T13564] usb 1-1: config 76 has no interface number 1
[ 1118.872360][T13564] usb 1-1: config 76 has no interface number 2
[ 1118.885486][T13564] usb 1-1: config 76 interface 209 altsetting 70 endpoint 0x3 has an invalid bInterval 121, changing to 10
[ 1118.897716][T13564] usb 1-1: config 76 interface 209 altsetting 70 endpoint 0x8 has invalid maxpacket 7737, setting to 64
[ 1118.911301][T13564] usb 1-1: config 76 interface 209 altsetting 70 endpoint 0x4 has an invalid bInterval 23, changing to 8
[ 1118.960321][T24341] lo: entered promiscuous mode
[ 1118.961667][T13564] usb 1-1: config 76 interface 33 altsetting 12 has a duplicate endpoint with address 0x3, skipping
[ 1118.978187][T13564] usb 1-1: config 76 interface 33 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1118.998037][T24341] lo: entered allmulticast mode
[ 1119.000302][T13564] usb 1-1: too many endpoints for config 76 interface 100 altsetting 155: 129, using maximum allowed: 30
[ 1119.017946][T13564] usb 1-1: config 76 interface 100 altsetting 155 has an invalid descriptor for endpoint zero, skipping
[ 1119.031514][T13564] usb 1-1: config 76 interface 100 altsetting 155 has an invalid descriptor for endpoint zero, skipping
[ 1119.052409][T13564] usb 1-1: config 76 interface 100 altsetting 155 has 2 endpoint descriptors, different from the interface descriptor's value: 129
[ 1119.053582][T24341] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1119.094697][T13564] usb 1-1: config 76 interface 209 has no altsetting 0
[ 1119.108176][T13564] usb 1-1: config 76 interface 33 has no altsetting 0
[ 1119.115215][T13564] usb 1-1: config 76 interface 100 has no altsetting 0
[ 1119.132751][T13564] usb 1-1: New USB device found, idVendor=1740, idProduct=3701, bcdDevice=e7.c1
[ 1119.142193][T13564] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1119.157638][T13564] usb 1-1: Product: syz
[ 1119.162087][T13564] usb 1-1: Manufacturer: syz
[ 1119.167832][T13564] usb 1-1: SerialNumber: syz
[ 1119.641063][T13564] usb 1-1: USB disconnect, device number 68
[ 1120.470112][T24381] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3680'.
[ 1122.940947][   T30] audit: type=1400 audit(1757362940.220:3107): avc:  denied  { getopt } for  pid=24444 comm="syz.4.3695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1123.283558][   T30] audit: type=1400 audit(1757362940.220:3108): avc:  denied  { ioctl } for  pid=24444 comm="syz.4.3695" path="socket:[65182]" dev="sockfs" ino=65182 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1124.036649][T13569] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1124.623229][T13569] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1124.641796][T13569] usb 5-1: config 5 has an invalid interface number: 203 but max is 0
[ 1124.651473][T13569] usb 5-1: config 5 has no interface number 0
[ 1124.672021][T13569] usb 5-1: config 5 interface 203 altsetting 219 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1124.683582][T13569] usb 5-1: config 5 interface 203 altsetting 219 bulk endpoint 0x4 has invalid maxpacket 0
[ 1124.694990][T13569] usb 5-1: config 5 interface 203 altsetting 219 bulk endpoint 0xA has invalid maxpacket 1024
[ 1124.705598][T13569] usb 5-1: config 5 interface 203 has no altsetting 0
[ 1124.722232][T13569] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0027, bcdDevice=74.20
[ 1124.732807][T13569] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1124.741048][T13569] usb 5-1: Product: syz
[ 1124.746238][T13569] usb 5-1: Manufacturer: syz
[ 1124.757036][T13569] usb 5-1: SerialNumber: syz
[ 1124.788101][T24470] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1126.435560][T24519] tipc: Started in network mode
[ 1126.440567][T24519] tipc: Node identity 00000000000000110000000000000001, cluster identity 4711
[ 1126.533833][T24519] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1128.165137][T13569] kvaser_usb 5-1:5.203: error -ENODEV: Cannot get usb endpoint(s)
[ 1128.468873][T13569] usb 5-1: USB disconnect, device number 57
[ 1129.274076][T24562] fuse: Bad value for 'fd'
[ 1129.939437][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1130.151816][T24579] ptrace attach of "./syz-executor exec"[21201] was attempted by "./syz-executor exec"[24579]
[ 1130.214244][T24576] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3715'.
[ 1130.588471][T24586] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24586 comm=syz.4.3716
[ 1131.433311][T24598] netlink: 'syz.0.3719': attribute type 4 has an invalid length.
[ 1131.852379][T24596] netlink: 'syz.0.3719': attribute type 4 has an invalid length.
[ 1133.694121][T24641] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3730'.
[ 1135.409652][T24653] 9pnet_fd: Insufficient options for proto=fd
[ 1135.592925][T24661] overlayfs: failed to clone upperpath
[ 1135.602244][T24662] ptrace attach of "./syz-executor exec"[19413] was attempted by "./syz-executor exec"[24662]
[ 1136.546527][T24713] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 1136.546527][T24713] The task syz.5.3742 (24713) triggered the difference, watch for misbehavior.
[ 1136.780329][T24708] 9pnet: Could not find request transport: 0xffffffffffffffff
[ 1138.315804][T24739] QAT: failed to copy from user cfg_data.
[ 1138.632653][T24745] netlink: 'syz.4.3749': attribute type 21 has an invalid length.
[ 1138.641111][T24745] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3749'.
[ 1138.651041][T24745] netlink: 'syz.4.3749': attribute type 5 has an invalid length.
[ 1138.663568][T24745] netlink: 'syz.4.3749': attribute type 6 has an invalid length.
[ 1138.671416][T24745] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3749'.
[ 1139.280682][T13568] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1139.444330][T13568] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1139.462274][T13568] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1139.482312][T13568] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1139.506586][T13568] usb 1-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1139.537299][T13568] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1139.585265][T13568] usb 1-1: config 0 descriptor??
[ 1139.817957][T24753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1139.850782][T24753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1139.907464][   T30] audit: type=1800 audit(1757363212.119:3109): pid=24753 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3752" name="bus" dev="overlay" ino=698 res=0 errno=0
[ 1140.087660][   T30] audit: type=1804 audit(1757363212.119:3110): pid=24753 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3752" name="/newroot/127/bus/bus" dev="overlay" ino=698 res=1 errno=0
[ 1140.160117][T13568] usbhid 1-1:0.0: can't add hid device: -71
[ 1140.166183][T13568] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1140.634866][T13568] usb 1-1: USB disconnect, device number 69
[ 1140.646324][T24766] overlayfs: failed to clone upperpath
[ 1140.956378][T24797] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3760'.
[ 1141.558561][   T30] audit: type=1400 audit(1757363213.662:3111): avc:  denied  { mount } for  pid=24806 comm="syz.5.3763" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1
[ 1143.478770][T24810] infiniband syz!: set active
[ 1143.484535][T24810] infiniband syz!: added team_slave_0
[ 1143.492332][T24810] syz!: rxe_create_cq: returned err = -12
[ 1143.498722][T24810] infiniband syz!: Couldn't create ib_mad CQ
[ 1143.507766][T24810] infiniband syz!: Couldn't open port 1
[ 1143.558560][T24810] RDS/IB: syz!: added
[ 1143.562588][T24810] smc: adding ib device syz! with port count 1
[ 1143.568818][T24810] smc:    ib device syz! port 1 has pnetid 
[ 1145.609603][T24821] fuse: Unknown parameter '0x00000000000000030x0000000000000005'
[ 1145.690590][T24838] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[ 1145.697119][T24838] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1145.704715][T24838] vhci_hcd vhci_hcd.0: Device attached
[ 1145.898281][T13564] vhci_hcd: vhci_device speed not set
[ 1145.962469][T13569] usb 5-1: new low-speed USB device number 58 using dummy_hcd
[ 1145.970122][T13564] usb 41-1: new full-speed USB device number 2 using vhci_hcd
[ 1146.095994][T24854] overlayfs: failed to clone upperpath
[ 1146.147601][T13569] usb 5-1: config 0 has no interfaces?
[ 1146.153563][T13569] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1146.408614][T13569] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1146.420732][T13569] usb 5-1: config 0 descriptor??
[ 1146.906718][T24876] syz!: rxe_newlink: already configured on team_slave_0
[ 1147.557442][T24840] vhci_hcd: unknown pdu 2
[ 1147.576560][   T30] audit: type=1800 audit(1757363219.228:3112): pid=24878 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.3771" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1147.880375][T24877] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1147.909007][T13564] vhci_hcd: vhci_device speed not set
[ 1147.909214][   T37] vhci_hcd: stop threads
[ 1147.947164][   T37] vhci_hcd: release socket
[ 1148.060044][T13564] usb 41-1: device descriptor read/64, error -71
[ 1148.068983][   T37] vhci_hcd: disconnect device
[ 1148.114930][T24919] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3781'.
[ 1148.204769][T24922] syz!: rxe_newlink: already configured on team_slave_0
[ 1148.258918][T13564] vhci_hcd: vhci_device speed not set
[ 1148.952328][T24933] 9pnet_fd: Insufficient options for proto=fd
[ 1149.061893][T13545] usb 5-1: USB disconnect, device number 58
[ 1149.378440][T24946] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3785'.
[ 1149.975969][T24957] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1150.557968][T24961] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3791'.
[ 1150.768335][   T30] audit: type=1400 audit(1757363222.277:3113): avc:  denied  { setopt } for  pid=24959 comm="syz.1.3791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1151.019038][T13545] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1151.721841][T13545] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1151.733874][T13545] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1151.744008][T13545] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1151.757063][T13545] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1151.769865][T13545] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.797373][T24996] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3798'.
[ 1151.807764][T13545] usb 5-1: config 0 descriptor??
[ 1151.816604][T24996] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3798'.
[ 1152.050874][T24964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1152.062123][T24964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1152.140972][   T30] audit: type=1800 audit(1757363223.531:3114): pid=24964 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.3792" name="bus" dev="overlay" ino=994 res=0 errno=0
[ 1152.255136][   T30] audit: type=1804 audit(1757363223.531:3115): pid=24964 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.3792" name="/newroot/181/bus/bus" dev="overlay" ino=994 res=1 errno=0
[ 1152.311497][T24994] ceph: No mds server is up or the cluster is laggy
[ 1152.320653][ T1206] libceph: connect (1)[c::]:6789 error -101
[ 1152.372769][T13545] usbhid 5-1:0.0: can't add hid device: -71
[ 1152.383043][T13545] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1152.391469][ T1206] libceph: mon0 (1)[c::]:6789 connect error
[ 1152.426884][T13545] usb 5-1: USB disconnect, device number 59
[ 1153.044251][T25046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3802'.
[ 1153.861682][T25064] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3806'.
[ 1155.206729][T25079] netlink: 'syz.4.3809': attribute type 21 has an invalid length.
[ 1155.214884][T25079] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3809'.
[ 1155.223976][T25079] netlink: 'syz.4.3809': attribute type 5 has an invalid length.
[ 1155.231725][T25079] netlink: 'syz.4.3809': attribute type 6 has an invalid length.
[ 1155.239426][T25079] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3809'.
[ 1155.754498][T13545] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1156.058745][T25114] comedi comedi1: comedi_config --init_data is deprecated
[ 1156.071046][T25114] lo: left allmulticast mode
[ 1156.176904][T13545] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1156.396315][T13545] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1156.493720][T13545] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1156.507640][T13545] usb 1-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1156.516757][T13545] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.525189][T25114] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1156.546806][T13545] usb 1-1: config 0 descriptor??
[ 1156.792533][T25100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1156.825736][T25100] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.117711][   T30] audit: type=1800 audit(1757363228.199:3116): pid=25100 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3813" name="bus" dev="overlay" ino=773 res=0 errno=0
[ 1157.189871][   T30] audit: type=1804 audit(1757363228.208:3117): pid=25100 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3813" name="/newroot/140/bus/bus" dev="overlay" ino=773 res=1 errno=0
[ 1157.351621][T13545] usbhid 1-1:0.0: can't add hid device: -71
[ 1157.357670][T13545] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1157.866634][T13545] usb 1-1: USB disconnect, device number 70
[ 1158.201650][T25153] ptrace attach of "./syz-executor exec"[21201] was attempted by "./syz-executor exec"[25153]
[ 1158.252274][   T30] audit: type=1400 audit(1757363229.274:3118): avc:  denied  { shutdown } for  pid=25144 comm="syz.1.3821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1158.324322][   T30] audit: type=1400 audit(1757363229.274:3119): avc:  denied  { read } for  pid=25144 comm="syz.1.3821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1158.554365][T25160] netlink: 'syz.4.3824': attribute type 1 has an invalid length.
[ 1158.566609][T25160] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3824'.
[ 1158.600478][T25160] netlink: 'syz.4.3824': attribute type 4 has an invalid length.
[ 1158.624283][T25165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1158.645084][T25160] netlink: 'syz.4.3824': attribute type 4 has an invalid length.
[ 1158.677482][T25165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1158.792559][T25165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1158.833365][T25165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1160.315500][   T30] audit: type=1800 audit(1757363231.210:3120): pid=25171 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.3825" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[ 1161.599835][T25182] ptrace attach of "./syz-executor exec"[20238] was attempted by "./syz-executor exec"[25182]
[ 1162.480773][T25186] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3832'.
[ 1162.621361][T25191] overlayfs: failed to clone upperpath
[ 1165.954703][T25238] ptrace attach of "./syz-executor exec"[20238] was attempted by "./syz-executor exec"[25238]
[ 1166.648188][T25244] netlink: 'syz.1.3845': attribute type 10 has an invalid length.
[ 1166.656094][T25244] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3845'.
[ 1166.681549][T25244] team0: Port device geneve0 added
[ 1166.810108][T25248] 
: renamed from bridge_slave_0
[ 1168.242154][T23731] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1168.650352][T23731] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1168.661855][T23731] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1168.776463][T23731] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1168.789705][T23731] usb 5-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1168.801029][T23731] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1168.813461][T23731] usb 5-1: config 0 descriptor??
[ 1168.893400][T13564] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 1169.068915][T13564] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1169.089766][   T30] audit: type=1800 audit(1757363495.415:3121): pid=25253 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.3847" name="bus" dev="overlay" ino=1053 res=0 errno=0
[ 1169.111873][T13564] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1169.129078][T13564] usb 1-1: Product: syz
[ 1169.137778][T25287] ptrace attach of "./syz-executor exec"[17924] was attempted by "./syz-executor exec"[25287]
[ 1169.163538][   T30] audit: type=1804 audit(1757363495.415:3122): pid=25253 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.3847" name="/newroot/191/bus/bus" dev="overlay" ino=1053 res=1 errno=0
[ 1169.163685][T13564] usb 1-1: Manufacturer: syz
[ 1169.201729][T13564] usb 1-1: SerialNumber: syz
[ 1169.238252][T13564] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1169.375185][T23731] usbhid 5-1:0.0: can't add hid device: -71
[ 1169.395198][T25301] 9pnet_fd: Insufficient options for proto=fd
[ 1169.409184][T23731] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1169.428305][T13561] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1169.446348][T23731] usb 5-1: USB disconnect, device number 60
[ 1170.631640][T25311] 9pnet: Could not find request transport: 0xffffffffffffffff
[ 1170.796350][T13561] usb 1-1: Service connection timeout for: 256
[ 1170.803607][T13561] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1170.833683][T13561] ath9k_htc: Failed to initialize the device
[ 1170.856393][T13561] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1171.783997][T13569] usb 1-1: USB disconnect, device number 71
[ 1172.788443][T25350] netlink: 'syz.1.3861': attribute type 4 has an invalid length.
[ 1172.906070][T25352] netlink: 'syz.1.3861': attribute type 17 has an invalid length.
[ 1174.078521][T25381] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3865'.
[ 1175.233156][T25411] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3870'.
[ 1175.288383][T23731] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1175.627839][T23731] usb 5-1: Using ep0 maxpacket: 16
[ 1175.989257][T23731] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 78, changing to 10
[ 1176.001661][T23731] usb 5-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[ 1176.016216][T23731] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.042755][T23731] usb 5-1: config 0 descriptor??
[ 1176.501828][T23731] mcp2200 0003:04D8:00DF.000D: reserved main item tag 0xe
[ 1176.509520][T23731] mcp2200 0003:04D8:00DF.000D: USB HID v0.04 Device [HID 04d8:00df] on usb-dummy_hcd.4-1/input0
[ 1176.802732][   T30] audit: type=1400 audit(1757363502.628:3123): avc:  denied  { read } for  pid=25452 comm="syz.5.3879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1177.038506][T23731] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 1177.222479][T23731] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1177.233704][T23731] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1177.257907][T23731] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1177.275818][T25462] fuse: Bad value for 'fd'
[ 1177.281645][T23731] usb 1-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[ 1177.292542][T25462] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3881'.
[ 1177.316048][T23731] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1177.332910][T23731] usb 1-1: config 0 descriptor??
[ 1177.947870][   T30] audit: type=1800 audit(1757363503.714:3124): pid=25450 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3878" name="bus" dev="overlay" ino=849 res=0 errno=0
[ 1177.973561][   T30] audit: type=1804 audit(1757363503.732:3125): pid=25450 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.3878" name="/newroot/152/bus/bus" dev="overlay" ino=849 res=1 errno=0
[ 1177.974189][T13561] usb 5-1: USB disconnect, device number 61
[ 1178.210438][T25479] netlink: 'syz.1.3884': attribute type 11 has an invalid length.
[ 1178.309269][T23731] usbhid 1-1:0.0: can't add hid device: -71
[ 1178.326656][T23731] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1178.491004][T23731] usb 1-1: USB disconnect, device number 72
[ 1178.806134][   T30] audit: type=1400 audit(1757363504.490:3126): avc:  denied  { read } for  pid=25503 comm="syz.4.3886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1179.308165][   T30] audit: type=1400 audit(1757363504.490:3127): avc:  denied  { connect } for  pid=25503 comm="syz.4.3886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1180.817776][T25532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3893'.
[ 1180.917362][T25538] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3895'.
[ 1181.143055][T25547] 9pnet_fd: Insufficient options for proto=fd
[ 1181.240783][T25550] overlayfs: failed to clone upperpath
[ 1181.418488][T25545] netlink: 'syz.2.3896': attribute type 11 has an invalid length.
[ 1182.091211][T25564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3901'.
[ 1182.131827][T25564] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3901'.
[ 1182.499611][T25578] 9pnet_fd: Insufficient options for proto=fd
[ 1182.768260][T25577] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3904'.
[ 1183.727431][T25593] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3907'.
[ 1184.428043][T25602] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1184.502774][T25605] netlink: 'syz.1.3915': attribute type 10 has an invalid length.
[ 1184.510720][T25605] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3915'.
[ 1185.325234][T25620] fuse: Bad value for 'fd'
[ 1186.401215][T25629] input: syz0 as /devices/virtual/input/input27
[ 1186.670362][T25639] netlink: 348 bytes leftover after parsing attributes in process `syz.0.3920'.
[ 1187.537458][   T30] audit: type=1400 audit(1757363768.290:3128): avc:  denied  { create } for  pid=25645 comm="syz.4.3921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[ 1188.489158][T25651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3924'.
[ 1188.503684][T25651] dummy0: entered promiscuous mode
[ 1188.537935][T25651] dummy0: left promiscuous mode
[ 1188.644946][T25662] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3927'.
[ 1188.654034][T25662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3927'.
[ 1189.298277][T13568] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1189.556676][T13568] usb 5-1: Using ep0 maxpacket: 16
[ 1189.569352][T13568] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1189.580502][   T30] audit: type=1400 audit(1757364026.584:3129): avc:  denied  { nlmsg_write } for  pid=25691 comm="syz.5.3934" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[ 1189.601481][T13568] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1189.614321][T13568] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1189.627175][T13568] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1189.639375][T13568] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.647749][T13568] usb 5-1: Product: syz
[ 1189.651997][T13568] usb 5-1: Manufacturer: syz
[ 1189.656969][T13568] usb 5-1: SerialNumber: syz
[ 1189.870038][T25701] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3936'.
[ 1189.957742][T25705] netlink: 76 bytes leftover after parsing attributes in process `syz.0.3937'.
[ 1190.087551][T25717] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3939'.
[ 1190.177705][T13568] usb 5-1: 0:2 : does not exist
[ 1190.814250][T25720] netlink: 'syz.5.3940': attribute type 11 has an invalid length.
[ 1191.145136][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[ 1191.167036][T13568] usb 5-1: 1:0: failed to get current value for ch 0 (-22)
[ 1191.259424][T13568] usb 5-1: USB disconnect, device number 62
[ 1192.675463][T25778] loop9: detected capacity change from 0 to 7
[ 1192.703009][T25778] buffer_io_error: 9 callbacks suppressed
[ 1192.703054][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.720227][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.733114][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.741766][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.751745][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.762052][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.771944][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.781123][T25778] ldm_validate_partition_table(): Disk read failed.
[ 1192.788810][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.798906][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.809052][T25778] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1192.819028][T25778] Dev loop9: unable to read RDB block 0
[ 1192.829907][T25778]  loop9: unable to read partition table
[ 1192.841589][T25778] loop9: partition table beyond EOD, truncated
[ 1192.847878][T25778] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[ 1192.847878][T25778] 
) failed (rc=-5)
[ 1193.362844][T25779] 9pnet_fd: Insufficient options for proto=fd
[ 1193.736932][T13568] usb 5-1: new full-speed USB device number 63 using dummy_hcd
[ 1194.145524][T13568] usb 5-1: config 0 has an invalid interface number: 38 but max is 0
[ 1194.159787][T13568] usb 5-1: config 0 has no interface number 0
[ 1194.171570][T13568] usb 5-1: config 0 interface 38 altsetting 0 endpoint 0xF has invalid maxpacket 512, setting to 64
[ 1194.281116][T13568] usb 5-1: New USB device found, idVendor=1bad, idProduct=85e0, bcdDevice=be.c3
[ 1194.301449][T13568] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1194.318857][T13568] usb 5-1: Product: syz
[ 1194.328166][T13568] usb 5-1: Manufacturer: syz
[ 1194.462047][T13568] usb 5-1: SerialNumber: syz
[ 1194.469131][T13568] usb 5-1: config 0 descriptor??
[ 1194.481317][T25794] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1194.815036][   T30] audit: type=1400 audit(1757364031.477:3130): avc:  denied  { write } for  pid=25788 comm="syz.4.3951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1194.890846][T25794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1194.956467][T25794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1195.868513][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1197.358155][T25793] delete_channel: no stack
[ 1197.369602][T25850] overlayfs: failed to clone upperpath
[ 1197.376596][T13561] usb 5-1: USB disconnect, device number 63
[ 1197.481026][T25842] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1197.554138][T25865] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3967'.
[ 1197.670981][T25842] syzkaller0: entered promiscuous mode
[ 1197.677665][T25842] syzkaller0: entered allmulticast mode
[ 1198.295887][ T6524] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1198.489576][T25832] tipc: Resetting bearer <eth:syzkaller0>
[ 1198.674505][T13568] tipc: Node number set to 16
[ 1198.800859][T25832] tipc: Disabling bearer <eth:syzkaller0>
[ 1199.418289][   T30] audit: type=1400 audit(1757364035.780:3131): avc:  denied  { mount } for  pid=25896 comm="syz.5.3974" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 1199.475831][T25899] overlayfs: failed to clone lowerpath
[ 1199.490019][T25899] overlayfs: failed to clone lowerpath
[ 1199.512497][   T30] audit: type=1400 audit(1757364035.855:3132): avc:  denied  { mount } for  pid=25896 comm="syz.5.3974" name="/" dev="pstore" ino=3407 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[ 1199.562033][T25899] netlink: 'syz.5.3974': attribute type 10 has an invalid length.
[ 1199.569853][T25899] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3974'.
[ 1200.138820][T13568] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1200.277811][T13568] usb 5-1: device descriptor read/64, error -71
[ 1200.469678][T25922] netlink: 216 bytes leftover after parsing attributes in process `syz.5.3980'.
[ 1200.479389][T25922] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3980'.
[ 1200.493028][T25922] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3980'.
[ 1200.548173][T13568] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 1200.967507][   T30] audit: type=1326 audit(1757364293.232:3133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1200.990995][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1201.012524][T13568] usb 5-1: device descriptor read/64, error -71
[ 1201.117587][   T30] audit: type=1326 audit(1757364293.232:3134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1201.154668][T13568] usb usb5-port1: attempt power cycle
[ 1201.474995][   T30] audit: type=1326 audit(1757364293.232:3135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1201.561536][   T30] audit: type=1326 audit(1757364293.232:3136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1201.688545][   T30] audit: type=1326 audit(1757364293.232:3137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0d88f8d550 code=0x7ffc0000
[ 1201.713504][T13568] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1201.721198][   T30] audit: type=1326 audit(1757364293.232:3138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1201.744850][   T30] audit: type=1326 audit(1757364293.232:3139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1201.768510][   T30] audit: type=1326 audit(1757364293.232:3140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1201.792265][   T30] audit: type=1326 audit(1757364293.232:3141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1201.816209][T13568] usb 5-1: device descriptor read/8, error -71
[ 1201.822780][   T30] audit: type=1326 audit(1757364293.232:3142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.2.3981" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d88f8ebe9 code=0x7ffc0000
[ 1202.073673][T13568] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 1202.106157][T13568] usb 5-1: device descriptor read/8, error -71
[ 1202.232098][T13568] usb usb5-port1: unable to enumerate USB device
[ 1202.250445][T25987] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3986'.
[ 1203.076460][T25995] binder: 25992:25995 ioctl 4018620d 0 returned -22
[ 1203.218627][T26006] SELinux: security_context_str_to_sid () failed with errno=-22
[ 1204.107426][T25995] netlink: 'syz.0.3989': attribute type 11 has an invalid length.
[ 1204.849980][T26028] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3995'.
[ 1206.250751][T26070] ptrace attach of "./syz-executor exec"[17924] was attempted by "./syz-executor exec"[26070]
[ 1206.764694][T26077] ptrace attach of "./syz-executor exec"[19413] was attempted by "./syz-executor exec"[26077]
[ 1206.898029][T26077] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1207.112929][T26084] ptrace attach of "./syz-executor exec"[21201] was attempted by "./syz-executor exec"[26084]
[ 1208.675710][T26087] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1208.689960][T26087] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1208.725492][T26087] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1208.741071][T26087] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1208.767112][T26087] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1208.776631][T26087] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1208.791527][T26087] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1208.891821][T26087] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1209.015132][T26087] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1209.028400][T26087] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1209.705855][T26103] overlay: ./file0 is not a directory
[ 1209.733136][   T30] kauditd_printk_skb: 6 callbacks suppressed
[ 1209.733161][   T30] audit: type=1400 audit(1757364301.409:3149): avc:  denied  { mount } for  pid=26098 comm="syz.4.4011" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[ 1209.882574][T26103] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 1210.063719][T26103] CIFS mount error: No usable UNC path provided in device string!
[ 1210.063719][T26103] 
[ 1210.102572][T26103] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1210.261835][T22492] Bluetooth: hci4: command 0x0406 tx timeout
[ 1210.903252][T22492] Bluetooth: hci5: command 0x0406 tx timeout
[ 1210.999163][T22492] Bluetooth: hci0: command 0x0406 tx timeout
[ 1211.005259][T22492] Bluetooth: hci2: command 0x0406 tx timeout
[ 1211.610095][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[ 1212.090741][T26150] ptrace attach of "./syz-executor exec"[19413] was attempted by "./syz-executor exec"[26150]
[ 1212.292985][T26153] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1212.443124][ T5853] Bluetooth: hci4: command 0x0406 tx timeout
[ 1213.132726][ T5853] Bluetooth: hci5: command 0x0406 tx timeout
[ 1213.213016][ T5853] Bluetooth: hci2: command 0x0406 tx timeout
[ 1213.219137][T22492] Bluetooth: hci0: command 0x0406 tx timeout
[ 1213.810498][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[ 1214.537344][T13564] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1214.943439][T13564] usb 5-1: device descriptor read/64, error -71
[ 1215.221623][T13564] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[ 1215.291523][T26226] netlink: 76 bytes leftover after parsing attributes in process `syz.1.4036'.
[ 1215.381769][T13564] usb 5-1: device descriptor read/64, error -71
[ 1215.538941][T13564] usb usb5-port1: attempt power cycle
[ 1215.707805][   T30] audit: type=1400 audit(1757364307.003:3150): avc:  denied  { write } for  pid=26234 comm="syz.5.4040" path="socket:[70731]" dev="sockfs" ino=70731 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1216.033874][T13564] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1216.052493][   T30] audit: type=1400 audit(1757364307.022:3151): avc:  denied  { read } for  pid=26234 comm="syz.5.4040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1216.102063][T13564] usb 5-1: device descriptor read/8, error -71
[ 1216.134881][   T30] audit: type=1400 audit(1757364307.312:3152): avc:  denied  { create } for  pid=26239 comm="syz.1.4041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1216.158513][   T30] audit: type=1400 audit(1757364307.312:3153): avc:  denied  { write } for  pid=26239 comm="syz.1.4041" path="socket:[70737]" dev="sockfs" ino=70737 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1216.376138][T13564] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1216.416676][T13564] usb 5-1: device descriptor read/8, error -71
[ 1216.536750][T13564] usb usb5-port1: unable to enumerate USB device
[ 1216.688047][T26277] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4044'.
[ 1216.697124][T26277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4044'.
[ 1216.760239][T26279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4046'.
[ 1217.324255][ T5853] Bluetooth: hci2: ACL packet for unknown connection handle 201
[ 1217.437931][T26292] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4049'.
[ 1218.024463][T26319] ptrace attach of "./syz-executor exec"[20238] was attempted by "./syz-executor exec"[26319]
[ 1218.224467][   T30] audit: type=1400 audit(1757364309.380:3154): avc:  denied  { append } for  pid=26320 comm="syz.0.4055" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1219.162730][   T30] audit: type=1400 audit(1757364310.259:3155): avc:  denied  { ioctl } for  pid=19413 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=3674 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1219.187551][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1219.273930][T26333] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1219.439872][T26339] overlayfs: failed to clone upperpath
[ 1219.516191][T26342] netlink: 'syz.0.4062': attribute type 13 has an invalid length.
[ 1219.755567][ T6001] usb 1-1: new full-speed USB device number 73 using dummy_hcd
[ 1219.912369][T26364] netlink: 'syz.4.4065': attribute type 1 has an invalid length.
[ 1219.920378][T26364] netlink: 'syz.4.4065': attribute type 6 has an invalid length.
[ 1219.928491][T26364] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4065'.
[ 1220.043299][T26369] 9pnet_fd: Insufficient options for proto=fd
[ 1220.631842][T26382] fuse: Bad value for 'fd'
[ 1220.638213][T26382] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4070'.
[ 1221.558475][T26419] QAT: failed to copy from user cfg_data.
[ 1222.537735][T26434] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4083'.
[ 1222.547012][T26434] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4083'.
[ 1222.821348][   T30] audit: type=1400 audit(1757364569.668:3156): avc:  denied  { write } for  pid=26432 comm="syz.4.4083" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1223.965628][   T30] audit: type=1400 audit(1757364570.762:3157): avc:  denied  { getopt } for  pid=26441 comm="syz.5.4085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1224.191895][T26457] ptrace attach of "./syz-executor exec"[21201] was attempted by "./syz-executor exec"[26457]
[ 1224.726766][T13561] usb 5-1: new full-speed USB device number 72 using dummy_hcd
[ 1224.935088][T13561] usb 5-1: config 0 has an invalid interface number: 23 but max is 0
[ 1224.961500][T13561] usb 5-1: config 0 has no interface number 0
[ 1225.164316][T13561] usb 5-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1225.233994][T26552] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1225.718289][T13561] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1225.726314][T13561] usb 5-1: Product: syz
[ 1225.743403][T13561] usb 5-1: Manufacturer: syz
[ 1225.749365][T13561] usb 5-1: SerialNumber: syz
[ 1225.769403][T13561] usb 5-1: config 0 descriptor??
[ 1226.158592][T13561] ftdi_sio 5-1:0.23: FTDI USB Serial Device converter detected
[ 1226.248075][T13561] usb 5-1: Detected SIO
[ 1226.346766][T13561] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1227.501110][ T1206] usb 5-1: USB disconnect, device number 72
[ 1227.509448][ T1206] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1227.553604][T26578] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4096'.
[ 1227.583121][ T1206] ftdi_sio 5-1:0.23: device disconnected
[ 1228.097416][T26610] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4102'.
[ 1228.171989][T26613] ptrace attach of "./syz-executor exec"[16969] was attempted by "./syz-executor exec"[26613]
[ 1229.504445][T26629] fuse: Bad value for 'fd'
[ 1231.299857][T26654] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1233.787579][T26709] netlink: 'syz.1.4124': attribute type 1 has an invalid length.
[ 1233.979472][T26709] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1234.198423][T26704] vlan2: entered allmulticast mode
[ 1234.203892][T26704] veth1: entered allmulticast mode
[ 1234.217301][T26704] bond3: (slave vlan2): making interface the new active one
[ 1234.253899][T26704] bond3: (slave vlan2): Enslaving as an active interface with an up link
[ 1234.272317][T26749] netlink: 92 bytes leftover after parsing attributes in process `syz.2.4127'.
[ 1234.286455][T26749] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4127'.
[ 1236.141146][   T30] audit: type=1400 audit(1757364582.063:3158): avc:  denied  { ioctl } for  pid=26784 comm="syz.0.4131" path="socket:[72153]" dev="sockfs" ino=72153 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1236.936008][T26794] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1237.118373][T26802] 9pnet_fd: Insufficient options for proto=fd
[ 1237.329551][T26809] fuse: Bad value for 'fd'
[ 1237.342826][T26809] fuse: Bad value for 'fd'
[ 1237.833864][T26820] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4141'.
[ 1237.982247][T26827] ptrace attach of "./syz-executor exec"[17924] was attempted by "./syz-executor exec"[26827]
[ 1238.181022][T26820] team0: Port device team_slave_0 removed
[ 1238.232923][T26837] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4145'.
[ 1238.924729][T26847] netlink: 76 bytes leftover after parsing attributes in process `syz.5.4149'.
[ 1238.997853][T26852] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4150'.
[ 1239.008117][T26852] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4150'.
[ 1239.162789][T26855] ptrace attach of "./syz-executor exec"[21201] was attempted by "./syz-executor exec"[26855]
[ 1241.429966][T26886] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4156'.
[ 1241.445017][T26889] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4159'.
[ 1241.642681][T26901] overlayfs: failed to clone upperpath
[ 1241.738391][T26905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4164'.
[ 1241.747840][T26905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4164'.
[ 1241.756956][T26905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4164'.
[ 1241.767734][T26905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4164'.
[ 1241.807296][T26905] 9pnet_fd: Insufficient options for proto=fd
[ 1242.909582][T26923] netlink: 'syz.4.4169': attribute type 2 has an invalid length.
[ 1245.557311][T26966] ptrace attach of "./syz-executor exec"[16969] was attempted by "./syz-executor exec"[26966]
[ 1245.620537][T26966] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1245.670892][T26966] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1245.702561][T26966] kvm: requested 13409 ns i8254 timer period limited to 200000 ns
[ 1245.758832][T26966] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[ 1245.779058][T26966] kvm: requested 41904 ns i8254 timer period limited to 200000 ns
[ 1245.840804][T26975] sctp: [Deprecated]: syz.0.4181 (pid 26975) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1245.840804][T26975] Use struct sctp_sack_info instead
[ 1245.864515][T26966] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1245.943930][T26966] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[ 1245.958566][T26966] kvm: requested 114819 ns i8254 timer period limited to 200000 ns
[ 1245.975489][T26966] kvm: requested 118171 ns i8254 timer period limited to 200000 ns
[ 1245.991935][T26966] kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[ 1246.163503][T26983] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4184'.
[ 1246.402510][T26997] overlayfs: failed to clone upperpath
[ 1246.875425][T27000] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1248.785123][T27021] new mount options do not match the existing superblock, will be ignored
[ 1248.899105][T27019] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1249.271227][T27027] netlink: 'syz.4.4196': attribute type 21 has an invalid length.
[ 1249.279272][T27027] netlink: 128 bytes leftover after parsing attributes in process `syz.4.4196'.
[ 1249.288654][T27027] netlink: 'syz.4.4196': attribute type 5 has an invalid length.
[ 1249.296594][T27027] netlink: 'syz.4.4196': attribute type 6 has an invalid length.
[ 1249.304680][T27027] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4196'.
[ 1249.620772][T27031] netlink: 68 bytes leftover after parsing attributes in process `syz.5.4198'.
[ 1249.906743][T27045] overlayfs: failed to clone upperpath
[ 1249.948746][T27048] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4203'.
[ 1250.008797][T27052] netlink: 'syz.5.4204': attribute type 4 has an invalid length.
[ 1250.016934][T27052] netlink: 'syz.5.4204': attribute type 4 has an invalid length.
[ 1250.027467][T27051] ptrace attach of "./syz-executor exec"[19413] was attempted by "./syz-executor exec"[27051]
[ 1251.775439][T27076] fuse: Bad value for 'fd'
[ 1251.790307][T27076] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4210'.
[ 1253.034676][T27088] netlink: 'syz.2.4214': attribute type 4 has an invalid length.
[ 1253.080326][T27088] netlink: 'syz.2.4214': attribute type 17 has an invalid length.
[ 1253.424555][T27102] 9pnet_fd: Insufficient options for proto=fd
[ 1253.565457][T27107] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4219'.
[ 1253.580003][T27107] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4219'.
[ 1253.742573][T27109] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4220'.
[ 1254.721413][T27144] netlink: 'syz.0.4228': attribute type 10 has an invalid length.
[ 1254.729583][T27144] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4228'.
[ 1254.800469][T27144] geneve0: entered promiscuous mode
[ 1256.008894][T27166] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[ 1256.587808][T27174] netlink: 'syz.2.4236': attribute type 10 has an invalid length.
[ 1256.595814][T27174] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4236'.
[ 1256.605076][T27174] geneve0: left allmulticast mode
[ 1257.769649][T27200] binder: 27186:27200 ioctl 4018620d 0 returned -22
[ 1257.782956][T27200] netlink: 'syz.0.4240': attribute type 11 has an invalid length.
[ 1258.088661][T27197] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1258.627951][T27220] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4247'.
[ 1259.402183][T27237] netlink: 52 bytes leftover after parsing attributes in process `syz.5.4249'.
[ 1259.900143][T27243] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1259.907716][T27243] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1260.009786][T27243] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1260.020909][T27243] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1260.867402][T27261] netlink: 'syz.1.4255': attribute type 4 has an invalid length.
[ 1260.953213][T27261] netlink: 'syz.1.4255': attribute type 4 has an invalid length.
[ 1261.130396][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1261.312159][T27266] ptrace attach of "./syz-executor exec"[20238] was attempted by "./syz-executor exec"[27266]
[ 1261.718790][T27272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4258'.
[ 1264.087014][T13564] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[ 1264.290043][T27315] ptrace attach of "./syz-executor exec"[20238] was attempted by "./syz-executor exec"[27315]
[ 1264.417124][T13564] usb 5-1: Using ep0 maxpacket: 32
[ 1264.428803][T13564] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1264.440742][T13564] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1264.478411][T13564] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1264.495768][T13564] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1264.625993][T13564] usb 5-1: config 0 descriptor??
[ 1264.921781][T27325] 9pnet_fd: Insufficient options for proto=fd
[ 1265.191989][T13564] ft260 0003:0403:6030.000E: unknown main item tag 0x0
[ 1265.200371][T13564] ft260 0003:0403:6030.000E: unknown main item tag 0x0
[ 1265.425189][T13564] ft260 0003:0403:6030.000E: chip code: 6424 8183
[ 1265.871795][T13564] usb 5-1: USB disconnect, device number 73
[ 1266.869812][T27356] ptrace attach of "./syz-executor exec"[21201] was attempted by "./syz-executor exec"[27356]
[ 1268.350370][T27377] 9pnet_fd: Insufficient options for proto=fd
[ 1268.492842][T27388] 9pnet_fd: Insufficient options for proto=fd
[ 1268.710030][T13564] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1268.926666][T13564] usb 5-1: Using ep0 maxpacket: 16
[ 1268.939436][T13564] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1268.949635][T13564] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1268.963911][T13564] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1269.050531][T13564] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1269.061565][T13564] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1269.069892][T13564] usb 5-1: Product: syz
[ 1269.074160][T13564] usb 5-1: Manufacturer: syz
[ 1269.079514][T13564] usb 5-1: SerialNumber: syz
[ 1269.109718][T27406] fuse: Bad value for 'group_id'
[ 1269.114763][T27406] fuse: Bad value for 'group_id'
[ 1269.634010][T13564] usb 5-1: 0:2 : does not exist
[ 1270.726784][T13564] usb 5-1: 1:0: failed to get current value for ch 0 (-22)
[ 1270.805189][T13564] usb 5-1: USB disconnect, device number 74
[ 1270.924723][T27439] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4289'.
[ 1270.967805][T26604] udevd[26604]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1271.705644][T27461] netlink: 'syz.5.4294': attribute type 4 has an invalid length.
[ 1271.787325][T27461] netlink: 'syz.5.4294': attribute type 17 has an invalid length.
[ 1272.142034][T27474] rdma_rxe: rxe_newlink: failed to add team_slave_0
[ 1272.675975][T27476] geneve1: entered allmulticast mode
[ 1272.710510][ T6524] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.722841][ T6524] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.732142][ T6524] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.765155][ T6524] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.879571][T27478] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4301'.
[ 1273.108483][T27499] ptrace attach of "./syz-executor exec"[16969] was attempted by "./syz-executor exec"[27499]
[ 1273.146339][T27501] ptrace attach of "./syz-executor exec"[17924] was attempted by "./syz-executor exec"[27501]
[ 1273.838731][T27511] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1273.966123][T27481] netlink: 52 bytes leftover after parsing attributes in process `syz.5.4302'.
[ 1274.206892][T27519] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4310'.
[ 1274.304921][T27519] team0: Port device team_slave_0 removed
[ 1274.314390][ T7790] smc: removing ib device syz!
[ 1277.166467][T27551] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4316'.
[ 1277.322075][T27534] netlink: 'syz.5.4311': attribute type 11 has an invalid length.
[ 1277.827698][T27555] xt_socket: unknown flags 0xe4
[ 1278.162094][T27561] comedi comedi3: comedi_config --init_data is deprecated
[ 1278.258462][T27563] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[ 1279.298115][T13564] usb 5-1: new full-speed USB device number 75 using dummy_hcd
[ 1279.483333][   T30] audit: type=1400 audit(1757364879.096:3159): avc:  denied  { connect } for  pid=27576 comm="syz.0.4322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1279.771533][T27584] netlink: 'syz.2.4320': attribute type 11 has an invalid length.
[ 1280.105329][T13564] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1280.124745][T13564] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1280.262810][   T30] audit: type=1800 audit(1757364880.069:3160): pid=27601 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.4326" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1280.284231][T13564] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1280.284275][T13564] usb 5-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 1280.284295][T13564] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1280.783277][T13564] usb 5-1: config 0 descriptor??
[ 1280.815571][T27571] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1281.018266][T27610] netlink: 100 bytes leftover after parsing attributes in process `syz.0.4330'.
[ 1281.096486][T27610] netlink: 244 bytes leftover after parsing attributes in process `syz.0.4330'.
[ 1281.215363][T27613] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1281.335038][T13564] aureal 0003:0755:2626.000F: unknown main item tag 0x6
[ 1281.342362][T13564] aureal 0003:0755:2626.000F: report_id 29495 is invalid
[ 1281.357861][T13564] aureal 0003:0755:2626.000F: item 0 2 1 8 parsing failed
[ 1281.451827][T13564] aureal 0003:0755:2626.000F: probe with driver aureal failed with error -22
[ 1281.576383][T13564] usb 5-1: USB disconnect, device number 75
[ 1281.609636][T13561] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 1281.822088][T13561] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1282.037047][T13561] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1282.049241][T13561] usb 1-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[ 1282.060059][T13561] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1282.081164][T13561] usb 1-1: config 0 descriptor??
[ 1282.844422][T27641] infiniband syz!: set active
[ 1282.849205][T27641] infiniband syz!: added team_slave_0
[ 1282.976086][T27641] RDS/IB: syz!: added
[ 1282.980192][T27641] smc: adding ib device syz! with port count 1
[ 1282.986852][T27641] smc:    ib device syz! port 1 has pnetid 
[ 1283.612971][   T30] audit: type=1400 audit(1757364883.212:3161): avc:  denied  { ioctl } for  pid=27616 comm="syz.0.4332" path="socket:[73590]" dev="sockfs" ino=73590 ioctlcmd=0x943b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1283.637889][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1283.837673][T13561] nti 0003:0757:0A00.0010: hidraw0: USB HID v0.05 Device [HID 0757:0a00] on usb-dummy_hcd.0-1/input0
[ 1284.496237][T27668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1284.527043][T27668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1284.555738][T13561] usb 1-1: USB disconnect, device number 74
[ 1284.909554][T13564] usb 5-1: new full-speed USB device number 76 using dummy_hcd
[ 1285.409936][T13564] usb 5-1: device descriptor read/64, error -71
[ 1285.670179][T13564] usb 5-1: new full-speed USB device number 77 using dummy_hcd
[ 1285.699443][T27709] QAT: failed to copy from user cfg_data.
[ 1286.182909][T13564] usb 5-1: device descriptor read/64, error -71
[ 1286.300886][T13564] usb usb5-port1: attempt power cycle
[ 1287.042026][T13564] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[ 1287.284173][T13564] usb 5-1: device not accepting address 78, error -71
[ 1287.649094][T27741] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1288.055707][T27741] new mount options do not match the existing superblock, will be ignored
[ 1288.502869][T23731] usb 1-1: new full-speed USB device number 75 using dummy_hcd
[ 1288.581354][T27756] netlink: 76 bytes leftover after parsing attributes in process `syz.2.4358'.
[ 1288.641434][   T30] audit: type=1400 audit(1757364887.908:3162): avc:  denied  { setopt } for  pid=27753 comm="syz.1.4357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1288.652795][T27760] netlink: 'syz.5.4359': attribute type 10 has an invalid length.
[ 1288.668870][T27760] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4359'.
[ 1288.679696][T27760] team0: Port device geneve0 added
[ 1288.685723][ T1028] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1288.721438][ T1028] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1288.728792][T23731] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1288.750350][T23731] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1288.773714][T23731] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1288.794528][ T1028] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1288.804914][T23731] usb 1-1: Product: syz
[ 1288.810592][ T1028] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1288.819360][T23731] usb 1-1: Manufacturer: syz
[ 1288.819380][T23731] usb 1-1: SerialNumber: syz
[ 1289.264254][T23731] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 75 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[ 1289.326677][T23731] usb 1-1: USB disconnect, device number 75
[ 1289.353982][T23731] usblp0: removed
[ 1289.360816][   T30] audit: type=1400 audit(1757364888.591:3163): avc:  denied  { accept } for  pid=27790 comm="syz.2.4364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1289.361950][T27791] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4364'.
[ 1289.544771][T27804] ptrace attach of "./syz-executor exec"[16969] was attempted by "./syz-executor exec"[27804]
[ 1290.947081][T27862] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1291.187091][T27878] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4373'.
[ 1292.663876][   T30] audit: type=1400 audit(1757364891.668:3164): avc:  denied  { write } for  pid=27894 comm="syz.0.4378" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[ 1292.752787][T27905] afs: Unknown parameter '00000000000000000009'
[ 1292.766380][T27905] overlayfs: overlapping lowerdir path
[ 1293.044702][T27911] fuse: Bad value for 'fd'
[ 1293.053659][T27911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4382'.
[ 1293.200223][T27921] QAT: failed to copy from user cfg_data.
[ 1293.390559][T27927] lo speed is unknown, defaulting to 1000
[ 1293.402846][T27927] lo speed is unknown, defaulting to 1000
[ 1293.412536][T27927] lo speed is unknown, defaulting to 1000
[ 1293.859420][T27927] infiniband s
z1: set active
[ 1293.864119][T27927] infiniband s
z1: added lo
[ 1293.870635][T23733] lo speed is unknown, defaulting to 1000
[ 1293.906768][T27927] RDS/IB: s
z1: added
[ 1293.911334][T27927] smc: adding ib device s
z1 with port count 1
[ 1293.917706][T27927] smc:    ib device s
z1 port 1 has pnetid 
[ 1293.924090][T27927] lo speed is unknown, defaulting to 1000
[ 1294.009380][T27927] lo speed is unknown, defaulting to 1000
[ 1294.090533][T27927] lo speed is unknown, defaulting to 1000
[ 1294.171927][T27927] lo speed is unknown, defaulting to 1000
[ 1294.253052][T27927] lo speed is unknown, defaulting to 1000
[ 1294.330752][T23733] lo speed is unknown, defaulting to 1000
[ 1294.387309][T27927] lo speed is unknown, defaulting to 1000
[ 1294.549113][T27942] 9pnet_fd: Insufficient options for proto=fd
[ 1296.510351][T27964] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1296.552268][T27972] netlink: 'syz.2.4395': attribute type 21 has an invalid length.
[ 1296.573039][T27972] netlink: 128 bytes leftover after parsing attributes in process `syz.2.4395'.
[ 1296.718014][T27972] netlink: 'syz.2.4395': attribute type 5 has an invalid length.
[ 1296.727196][T27972] netlink: 'syz.2.4395': attribute type 6 has an invalid length.
[ 1296.735318][T27972] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4395'.
[ 1297.992965][T27998] ptrace attach of "./syz-executor exec"[21201] was attempted by "./syz-executor exec"[27998]
[ 1302.302170][T28092] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4415'.
[ 1302.514774][   T30] audit: type=1400 audit(1757364900.863:3165): avc:  denied  { mount } for  pid=28097 comm="syz.1.4417" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[ 1302.557837][T28102] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4418'.
[ 1302.660151][T28102] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4418'.
[ 1302.746297][   T30] audit: type=1400 audit(1757364900.947:3166): avc:  denied  { associate } for  pid=28107 comm="syz.1.4417" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[ 1303.581597][T28124] ptrace attach of "./syz-executor exec"[19413] was attempted by "./syz-executor exec"[28124]
[ 1303.877810][T28130] fuse: Bad value for 'fd'
[ 1303.982046][T28134] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4424'.
[ 1305.922143][T28163] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4429'.
[ 1306.232423][T28170] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[ 1306.819949][T28177] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4433'.
[ 1306.828973][T28177] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4433'.
[ 1306.857851][T28175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4432'.
[ 1306.910026][T28175] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4432'.
[ 1307.425351][T28188] netlink: 'syz.4.4434': attribute type 8 has an invalid length.
[ 1307.871915][T28203] ptrace attach of "./syz-executor exec"[21201] was attempted by "./syz-executor exec"[28203]
[ 1307.940172][   T30] audit: type=1400 audit(1757364905.914:3167): avc:  denied  { write } for  pid=28196 comm="syz.1.4438" path="socket:[76188]" dev="sockfs" ino=76188 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1308.256540][T28201] cgroup: fork rejected by pids controller in /syz4
[ 1309.093749][T29810] 
[ 1309.096103][T29810] ======================================================
[ 1309.103094][T29810] WARNING: possible circular locking dependency detected
[ 1309.110084][T29810] syzkaller #0 Not tainted
[ 1309.114471][T29810] ------------------------------------------------------
[ 1309.121462][T29810] syz.0.4440/29810 is trying to acquire lock:
[ 1309.127497][T29810] ffff888078b3d068 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[ 1309.135743][T29810] 
[ 1309.135743][T29810] but task is already holding lock:
[ 1309.143076][T29810] ffff88805536c428 (sb_writers#6){.+.+}-{0:0}, at: __do_splice+0x32a/0x360
[ 1309.151670][T29810] 
[ 1309.151670][T29810] which lock already depends on the new lock.
[ 1309.151670][T29810] 
[ 1309.162392][T29810] 
[ 1309.162392][T29810] the existing dependency chain (in reverse order) is:
[ 1309.171381][T29810] 
[ 1309.171381][T29810] -> #3 (sb_writers#6){.+.+}-{0:0}:
[ 1309.178743][T29810]        mnt_want_write+0x6f/0x450
[ 1309.183850][T29810]        ovl_xattr_set+0x137/0x550
[ 1309.188943][T29810]        ovl_own_xattr_set+0x86/0xd0
[ 1309.194207][T29810]        __vfs_removexattr+0x152/0x1c0
[ 1309.199645][T29810]        __vfs_removexattr_locked+0x166/0x480
[ 1309.205689][T29810]        vfs_removexattr+0xd1/0x270
[ 1309.210863][T29810]        path_removexattrat+0x38e/0x5e0
[ 1309.216387][T29810]        __x64_sys_removexattr+0x5b/0x80
[ 1309.221997][T29810]        do_syscall_64+0xcd/0x4c0
[ 1309.227004][T29810]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.233392][T29810] 
[ 1309.233392][T29810] -> #2 (&ovl_i_mutex_dir_key[depth]#2){++++}-{4:4}:
[ 1309.242233][T29810]        down_read+0x9b/0x480
[ 1309.246894][T29810]        walk_component+0x345/0x5b0
[ 1309.252069][T29810]        path_lookupat+0x142/0x6d0
[ 1309.257156][T29810]        filename_lookup+0x224/0x5f0
[ 1309.262419][T29810]        kern_path+0x35/0x50
[ 1309.266985][T29810]        lookup_bdev+0xd8/0x280
[ 1309.271820][T29810]        resume_store+0x1d6/0x460
[ 1309.276821][T29810]        kobj_attr_store+0x55/0x80
[ 1309.281911][T29810]        sysfs_kf_write+0xef/0x150
[ 1309.286999][T29810]        kernfs_fop_write_iter+0x351/0x510
[ 1309.292781][T29810]        vfs_write+0x7d3/0x11d0
[ 1309.297619][T29810]        ksys_write+0x12a/0x250
[ 1309.302443][T29810]        do_syscall_64+0xcd/0x4c0
[ 1309.307455][T29810]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.313847][T29810] 
[ 1309.313847][T29810] -> #1 (&of->mutex){+.+.}-{4:4}:
[ 1309.321032][T29810]        __mutex_lock+0x193/0x1060
[ 1309.326125][T29810]        kernfs_fop_write_iter+0x28f/0x510
[ 1309.331906][T29810]        iter_file_splice_write+0xa24/0x12e0
[ 1309.337861][T29810]        do_splice+0x1478/0x1fc0
[ 1309.342772][T29810]        __do_splice+0x32a/0x360
[ 1309.347685][T29810]        __x64_sys_splice+0x187/0x250
[ 1309.353031][T29810]        do_syscall_64+0xcd/0x4c0
[ 1309.358033][T29810]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.364438][T29810] 
[ 1309.364438][T29810] -> #0 (&pipe->mutex){+.+.}-{4:4}:
[ 1309.371794][T29810]        __lock_acquire+0x12a6/0x1ce0
[ 1309.377152][T29810]        lock_acquire+0x179/0x350
[ 1309.382157][T29810]        __mutex_lock+0x193/0x1060
[ 1309.387245][T29810]        pipe_lock+0x64/0x80
[ 1309.391811][T29810]        iter_file_splice_write+0x1ea/0x12e0
[ 1309.397765][T29810]        do_splice+0x1478/0x1fc0
[ 1309.402678][T29810]        __do_splice+0x32a/0x360
[ 1309.407591][T29810]        __x64_sys_splice+0x187/0x250
[ 1309.412938][T29810]        do_syscall_64+0xcd/0x4c0
[ 1309.417939][T29810]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.424330][T29810] 
[ 1309.424330][T29810] other info that might help us debug this:
[ 1309.424330][T29810] 
[ 1309.434532][T29810] Chain exists of:
[ 1309.434532][T29810]   &pipe->mutex --> &ovl_i_mutex_dir_key[depth]#2 --> sb_writers#6
[ 1309.434532][T29810] 
[ 1309.448240][T29810]  Possible unsafe locking scenario:
[ 1309.448240][T29810] 
[ 1309.455661][T29810]        CPU0                    CPU1
[ 1309.461006][T29810]        ----                    ----
[ 1309.466347][T29810]   rlock(sb_writers#6);
[ 1309.470580][T29810]                                lock(&ovl_i_mutex_dir_key[depth]#2);
[ 1309.478710][T29810]                                lock(sb_writers#6);
[ 1309.485365][T29810]   lock(&pipe->mutex);
[ 1309.489495][T29810] 
[ 1309.489495][T29810]  *** DEADLOCK ***
[ 1309.489495][T29810] 
[ 1309.497613][T29810] 1 lock held by syz.0.4440/29810:
[ 1309.502693][T29810]  #0: ffff88805536c428 (sb_writers#6){.+.+}-{0:0}, at: __do_splice+0x32a/0x360
[ 1309.511728][T29810] 
[ 1309.511728][T29810] stack backtrace:
[ 1309.517592][T29810] CPU: 1 UID: 0 PID: 29810 Comm: syz.0.4440 Not tainted syzkaller #0 PREEMPT(full) 
[ 1309.517609][T29810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1309.517618][T29810] Call Trace:
[ 1309.517623][T29810]  <TASK>
[ 1309.517629][T29810]  dump_stack_lvl+0x116/0x1f0
[ 1309.517648][T29810]  print_circular_bug+0x275/0x350
[ 1309.517669][T29810]  check_noncircular+0x14c/0x170
[ 1309.517688][T29810]  ? stack_trace_save+0x8e/0xc0
[ 1309.517708][T29810]  __lock_acquire+0x12a6/0x1ce0
[ 1309.517730][T29810]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.517745][T29810]  lock_acquire+0x179/0x350
[ 1309.517764][T29810]  ? pipe_lock+0x64/0x80
[ 1309.517779][T29810]  ? __pfx___might_resched+0x10/0x10
[ 1309.517802][T29810]  ? pipe_lock+0x64/0x80
[ 1309.517816][T29810]  __mutex_lock+0x193/0x1060
[ 1309.517833][T29810]  ? pipe_lock+0x64/0x80
[ 1309.517849][T29810]  ? __pfx___mutex_lock+0x10/0x10
[ 1309.517869][T29810]  ? rcu_is_watching+0x12/0xc0
[ 1309.517886][T29810]  ? trace_kmalloc+0x2b/0xd0
[ 1309.517904][T29810]  ? pipe_lock+0x64/0x80
[ 1309.517917][T29810]  pipe_lock+0x64/0x80
[ 1309.517931][T29810]  iter_file_splice_write+0x1ea/0x12e0
[ 1309.517947][T29810]  ? __lock_acquire+0xb97/0x1ce0
[ 1309.517968][T29810]  ? sched_clock+0x38/0x60
[ 1309.517988][T29810]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1309.518003][T29810]  ? __lock_acquire+0xb97/0x1ce0
[ 1309.518024][T29810]  ? rcu_is_watching+0x12/0xc0
[ 1309.518040][T29810]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1309.518061][T29810]  ? __pfx_iter_file_splice_write+0x10/0x10
[ 1309.518075][T29810]  do_splice+0x1478/0x1fc0
[ 1309.518089][T29810]  ? __lock_acquire+0x62e/0x1ce0
[ 1309.518111][T29810]  ? __pfx_do_splice+0x10/0x10
[ 1309.518124][T29810]  ? __pfx_pipe_clear_nowait+0x10/0x10
[ 1309.518137][T29810]  ? find_held_lock+0x2b/0x80
[ 1309.518154][T29810]  __do_splice+0x32a/0x360
[ 1309.518169][T29810]  ? __pfx___do_splice+0x10/0x10
[ 1309.518185][T29810]  __x64_sys_splice+0x187/0x250
[ 1309.518200][T29810]  do_syscall_64+0xcd/0x4c0
[ 1309.518218][T29810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.518231][T29810] RIP: 0033:0x7f794a98ebe9
[ 1309.518242][T29810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1309.518256][T29810] RSP: 002b:00007f794b7fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 1309.518268][T29810] RAX: ffffffffffffffda RBX: 00007f794abc6270 RCX: 00007f794a98ebe9
[ 1309.518277][T29810] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000008
[ 1309.518285][T29810] RBP: 00007f794aa11e19 R08: 00000000088000cc R09: 0000000000000000
[ 1309.518293][T29810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1309.518301][T29810] R13: 00007f794abc6308 R14: 00007f794abc6270 R15: 00007ffe865a9ac8
[ 1309.518314][T29810]  </TASK>
[ 1309.518352][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1309.795011][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1309.810770][T22492] Bluetooth: hci1: command 0x0406 tx timeout
[ 1310.958813][T30072] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1310.967111][T30072] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1310.973452][T30072] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1310.979484][T30072] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1310.985773][T30072] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1312.930854][ T5853] Bluetooth: hci4: command 0x0406 tx timeout
[ 1313.198356][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[ 1313.198418][T22492] Bluetooth: hci0: command 0x0406 tx timeout
[ 1313.204542][ T5862] Bluetooth: hci2: command 0x0406 tx timeout
[ 1313.210370][T22492] Bluetooth: hci5: command 0x0406 tx timeout