last executing test programs:

3m30.765796827s ago: executing program 1 (id=1289):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FICLONE(r0, 0x40049409, r0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000400000004"], 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r4}, &(0x7f0000000700), &(0x7f0000000740)=r5, 0x2}, 0x20)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCALLUSERDATA(r6, 0x89e5, &(0x7f0000000940)={0xffffffdf, "bcacb9fb76b30bc1fb5ab3c4fdd278ffdc926bb258e993aee46639e2741705ab752f5e57227e35498f9bfb8dbd4604e2f0f524ec50d8c8a0ebfa4d01cb062fba6ca628f3ef380e534c569102748283d05822f385b3aed8df7ceaac9e28e3a4e66bd321d388417b7adcb9d88f59f591e763a191fb7d00"})
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)

3m29.563821414s ago: executing program 1 (id=1297):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r1, 0x4068aea3, &(0x7f0000001500))

3m27.875947568s ago: executing program 1 (id=1302):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x7d2e, &(0x7f0000002380)={0x0, 0xffffffff, 0x1046, 0x700})

3m26.825860403s ago: executing program 1 (id=1306):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000540), 0x401, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r1, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f0000001f00)={0x2, 0x0, {&(0x7f00000004c0)=""/110, 0x6e, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48)

3m25.938917949s ago: executing program 1 (id=1310):
mkdir(&(0x7f0000000080)='./file1\x00', 0x18)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r1}, './file0\x00'})

3m25.199763302s ago: executing program 1 (id=1313):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)

3m9.683854152s ago: executing program 32 (id=1313):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)

56.874566274s ago: executing program 2 (id=2126):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)

55.775499572s ago: executing program 2 (id=2133):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000140), 0x3, 0x800)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r0, 0xc1004111, &(0x7f00000004c0)={0x2, [0x0, 0x9, 0x10], [{0x2, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x40, 0x100, 0x0, 0x1}, {0x5, 0x80000001, 0x0, 0x0, 0x0, 0x1}, {0x4, 0x80000000, 0x1, 0x0, 0x1, 0x1}, {0x6, 0x10000, 0x1, 0x1, 0x0, 0x1}, {0x2, 0x5, 0x1, 0x0, 0x1}, {0x6, 0x9, 0x1, 0x0, 0x1}, {0x7ff, 0x62, 0x0, 0x0, 0x1, 0x1}, {0x80000007, 0x1000, 0x0, 0x0, 0x0, 0x1}, {0x7, 0x3, 0x0, 0x1, 0x1, 0x1}, {0x3, 0x9, 0x1, 0x0, 0x1, 0x1}, {0x6, 0x7, 0x1, 0x1, 0x1}], 0x4})

50.050726024s ago: executing program 2 (id=2153):
r0 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='\x04S{O', &(0x7f0000000500)='\x1e\x00\xedgt\x9a\xbet_\xbf\xc4\xa3k\xb0p\xe5\xe0\xd5\r:\xde}', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000f40)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0\xab\xb8~\xd9ymx\x00\x00\x01\x00\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5\x89\x86B\xb9!\xbbG\x86\xa9\xf2~zx\xc8w\x89\x84 !\\\x04\xbcnG\xf7B\xde\xaaE\\Sz\'\x04\x00\xa7\x11l\xfb\xb9\x9au\x99ci&\xd8n\xea\xdb\xd7\xab\xeaR\xde\xf5\x14\x01\x15q\x99\x010\xf2{N\xf9j\xa2kDP\xa1\xaev\xb6\xd4\x1d\xaa\xd4s_\xa1l\x8d\x95\xee\x14\tl;\xca-\t\xae\xc1lN\xccq\xa4)\x84\xc7\x81\xed\xef&#\xea\xab\x1e\xabf\fy\xda\xa9\xd7J\xad\nW\xc6U?M\xcdS\x88\xc9E\x93\x96y\x8e\b\x7fWO\xdf\xa9\x19\xa7\t\rq\xb7T<`\x8b \x19\x15\xde\xef\xae\x06\x00\x00\x00I\xe3\xf0\xcf<\x83\x0fl\xdc\x86\r\x19\xab\x1e14\xe55\xf6\xc5\\\x17\xee\xef\xfaab\x7f\xceP\xb9v*\x05\xd0\x16xt(\x04\xafj]CN\v\x17)\x878GuX9\xe4Y)\xd9\xd0\x94\'\x85\x84\xe0\x985\x14\x17\x19\xf8k\xbb\xf8-7\r\x16Pg\xc4\xb1\xbd\xa0N\x13\xb0\xe6\x91 ', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='\x00', &(0x7f0000000dc0)='dE\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f00000000c0)='dE\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000007c0)='{)+}@@!}\x00', &(0x7f0000000140)='dU|\xcbM\xe6\x91q\xe0', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000ec0)='\xcfD\xbc\xbf\x95@\xd6j\'$\x1d\x14\xb7!\x8b\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\x04[\x02\xa9[>\xf9\x9c\x83@\x1e\x99\xcah\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby\xe1\xdf\x1a\xae\xd6ez\xe5\xa8\xe1\'', 0x0, r0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, 0x0, &(0x7f0000000b40)="b2", 0x1)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000200)='\x00', 0x0, r0)

49.53250211s ago: executing program 3 (id=2155):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000001c00)={0x3, 0x0, 0x98, &(0x7f0000001b40)={0xf, 0x7fffffffffffffff, 0x14}})

49.511764536s ago: executing program 2 (id=2156):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000004c0)=@nat={'nat\x00', 0x670, 0x5, 0x4e8, 0x450, 0x2c0, 0xffffffff, 0x3a8, 0x2c0, 0x450, 0x450, 0xffffffff, 0x450, 0x450, 0x5, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x228, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'kmp\x00', "0d01d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@dev={0xfe, 0x80, '\x00', 0x10}, [0xffffff00, 0xff000000, 0x0, 0xffffff00], @ipv4=@dev={0xac, 0x14, 0x14, 0x29}, [0x0, 0xffffff00, 0xff000000, 0xffffffff], @ipv6=@local, [0xff000000, 0xff, 0x0, 0xff], @ipv4=@broadcast, [0xffffffff, 0xffffff00, 0xff], 0x3ff, 0x1, 0x5c, 0x4e20, 0x4e22, 0x4e24, 0x4e24, 0x804, 0x20c0}, 0x80, 0x2}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x801, {0x0, @broadcast, @multicast2, @port=0x1, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@multicast2, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0xa0, 0xe8, 0x0, {}, [@common=@addrtype={{0x30}, {0x890, 0x218, 0x0, 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @rand_addr, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)

49.461270348s ago: executing program 2 (id=2157):
mkdir(&(0x7f0000000080)='./file1\x00', 0x18)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r1}, './file0\x00'})

49.37973266s ago: executing program 3 (id=2158):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)

49.264072699s ago: executing program 2 (id=2159):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000180)=@v3={0x3000000, [{0x4, 0x3}, {0xffff, 0xc2}]}, 0x18, 0x1)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

48.491149672s ago: executing program 3 (id=2162):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
socket(0x25, 0x5, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x8201)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$inet_smc(0x2b, 0x1, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x388}, 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

46.213544219s ago: executing program 3 (id=2168):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000004c0)=@nat={'nat\x00', 0x670, 0x5, 0x4e8, 0x450, 0x2c0, 0xffffffff, 0x3a8, 0x2c0, 0x450, 0x450, 0xffffffff, 0x450, 0x450, 0x5, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x228, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'kmp\x00', "0d01d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@dev={0xfe, 0x80, '\x00', 0x10}, [0xffffff00, 0xff000000, 0x0, 0xffffff00], @ipv4=@dev={0xac, 0x14, 0x14, 0x29}, [0x0, 0xffffff00, 0xff000000, 0xffffffff], @ipv6=@local, [0xff000000, 0xff, 0x0, 0xff], @ipv4=@broadcast, [0xffffffff, 0xffffff00, 0xff], 0x3ff, 0x1, 0x5c, 0x4e20, 0x4e22, 0x4e24, 0x4e24, 0x804, 0x20c0}, 0x80, 0x2}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x801, {0x0, @broadcast, @multicast2, @port=0x1, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@multicast2, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0xa0, 0xe8, 0x0, {}, [@common=@addrtype={{0x30}, {0x890, 0x218, 0x0, 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @rand_addr, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)

46.093597969s ago: executing program 3 (id=2169):
mkdir(&(0x7f0000000080)='./file1\x00', 0x18)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r1}, './file0\x00'})

45.979817336s ago: executing program 3 (id=2170):
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x10a00, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
socket$kcm(0x11, 0x200000000000002, 0x300)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000000)=0x800000)
write$dsp(r4, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/custom1\x00', 0x802, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, r1, 0x2, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
dup(r7)

37.667860881s ago: executing program 0 (id=2211):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)

36.710432987s ago: executing program 0 (id=2218):
r0 = socket(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0xc060, 0x8}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_STATE={0x5, 0x1, 0x2}]}}}]}, 0x44}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
syz_emit_ethernet(0x3a, &(0x7f0000000080)={@empty, @random="6a2ddcf6177a", @val={@void, {0x8100, 0x1, 0x1, 0x1}}, {@ipv4={0x8864, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x57, 0x0, 0x6, 0x0, @private=0xa010100, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x5}}}}}}, 0x0)

36.518141596s ago: executing program 0 (id=2219):
timer_create(0x0, 0x0, &(0x7f0000000040))
timer_settime(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x2, r1})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r1, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000080)={0x18, r1})

36.176794726s ago: executing program 0 (id=2220):
r0 = syz_io_uring_setup(0x5c0, 0x0, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x5, &(0x7f00000000c0)=0xfffffff8, 0x0, 0x4)
io_uring_enter(r0, 0x6e2, 0x600, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000300)="026f12539a2bf1aa25e772b1be469725efd5b13beffb79197c48afc293bcce1bcdc89b6480e75496998efba9dd9c6e81603d624c946e62233c35f2d84f65f8ad6112d8a76d33ec495daedfad341e14e50a137b39d366f34d817cc4b6098031cc89666941b45d9f93b748531a249f96d986e8eac1b0657d7f8958d40bf2d82bdc1f159f3cce3b6b05d4828643", 0x8c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

35.659862398s ago: executing program 0 (id=2222):
mkdir(&(0x7f0000000080)='./file1\x00', 0x18)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, 0x0)

35.61675964s ago: executing program 0 (id=2224):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x16c}}, 0x24)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000157b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1, 0xffffffffffffffff, 0x500}, 0x57)

33.705795294s ago: executing program 33 (id=2159):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000180)=@v3={0x3000000, [{0x4, 0x3}, {0xffff, 0xc2}]}, 0x18, 0x1)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

30.499048971s ago: executing program 34 (id=2170):
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x10a00, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
socket$kcm(0x11, 0x200000000000002, 0x300)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000000)=0x800000)
write$dsp(r4, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/custom1\x00', 0x802, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, r1, 0x2, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
dup(r7)

20.58276834s ago: executing program 35 (id=2224):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x16c}}, 0x24)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000157b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1, 0xffffffffffffffff, 0x500}, 0x57)

5.383173244s ago: executing program 5 (id=2343):
socket$qrtr(0x2a, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600), 0x0)

4.851865031s ago: executing program 5 (id=2346):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000073000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x82400, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000001c0))
close_range(r1, 0xffffffffffffffff, 0x0)

4.851471116s ago: executing program 7 (id=2347):
r0 = socket$kcm(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000002f000000b7090000000000001801000020646c0a00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000d00)=r2, 0x4)
socket(0x10, 0x803, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000240)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0xfffc, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @empty=0xac1414aa}}}}}}, 0x0)

4.789925446s ago: executing program 4 (id=2348):
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
socket$inet(0x2, 0x1, 0x100)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)

4.153054829s ago: executing program 5 (id=2349):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x3, 0x300)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000001c0)={0x28, 0x7, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
r2 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
ioctl$CEC_S_MODE(r2, 0x40046109, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
syz_emit_ethernet(0x100, &(0x7f00000007c0)={@empty, @local, @val={@void}, {@mpls_uc={0x8847, {[], @ipv6=@tcp={0x0, 0x6, "5c030a", 0xc6, 0x6, 0xff, @loopback, @remote, {[], {{0x4e22, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0xd}, {"da3aee2497e6406fee7c233d4a38714a4f24a37c2841a3f1da4d75d0000f5b8fe1cc3ff05dd52067e6945933e249dbde857545f96ff472265d65db5b7330f76b079c70988bad368dbbe29b918946d64173315605dfdcba187d2c59d3512c6d7d363d91b31fd5224cb7d69803277bad8ec5908dc988a0b63ce534971c61e549dbba9b645f5eeaaca27acc175734309de181ad1c6716c2b536c78af43bbfe3e202a191cb7d386a8e480ee883bbcf017dadcfc9"}}}}}}}}, 0x0)
r3 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='x', 0x1, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f0000000340), 0x584, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r3, r4, r4}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-generic\x00'}})

4.056599494s ago: executing program 8 (id=2350):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000500)="43dd93573829", 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x1, &(0x7f0000000000)=[{0x6, 0xfe, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

4.000189542s ago: executing program 7 (id=2351):
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x9, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f00000000c0)=0x3ff, 0x4)
mmap(&(0x7f0000516000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
socket(0x28, 0xa, 0x8000)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x14, 0x39, 0x9, 0xfffffffd, 0xfffffffe, {0x1}}, 0x14}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb, 0x1d}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000005b00)=ANY=[@ANYBLOB="2c00000012009702600000000000000007000000", @ANYRESHEX=r2], 0x2c}}, 0x400)
r3 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000340)={'syz', 0x0}, &(0x7f00000006c0)='Z', 0x1, r3)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x8}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x4000000)
r5 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r4, r5, r5}, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x54}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x20}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
lseek(r6, 0x289e0cb5, 0x0)

3.59176599s ago: executing program 4 (id=2353):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$sock_int(r0, 0x1, 0x12, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
shutdown(0xffffffffffffffff, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7000000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500))
pipe2(&(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x100000)
r3 = io_uring_setup(0xaae, &(0x7f00000003c0)={0x0, 0xffffeffa, 0x2, 0x4, 0x5})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r2, 0x0, &(0x7f0000000200)=""/132}, 0x20)
syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
r4 = syz_open_dev$cec(&(0x7f0000000300), 0x0, 0x82)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000100), 0x0, &(0x7f00000006c0)=ANY=[@ANYRESHEX, @ANYBLOB="b657194a8c64b8212c3c5278f2096dee1080f199463373b113bfb5828d95abd96bf7db210dbfcaba370555623c893ec8199e4b4ad4936f7ba4da2eaee7e8110bacb4f8f67f1086255097ddea9258e725a04bd4586766f01cbc2d1628767724cb2fed37e6e97fdfb22418d279d333b0614191dffad1791388fb06abefffa47f6a770c361a0ceb", @ANYBLOB="2c77d95346646e", @ANYRESHEX=r4])

3.322798901s ago: executing program 8 (id=2355):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000002300)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000380)=[{&(0x7f00000002c0)="a4d3", 0x2}], 0x1}}], 0x1, 0x2000c000)
setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0xc, &(0x7f0000000040)=@gcm_256={{0x304}, "7ae878920c9e4f9c", "62f5081ebfe2a840263b713e9dd90eb60602881763e63218f76de2681c3bd4d0", "e2ea08b3", "a56f96c8efe8db46"}, 0x38)

3.19297395s ago: executing program 7 (id=2356):
socket$qrtr(0x2a, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)

2.867919187s ago: executing program 6 (id=2357):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETBE(r0, 0x400454de, 0x0)

2.86540144s ago: executing program 8 (id=2358):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2002)
r1 = dup(r0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=f', @ANYRESHEX=r3, @ANYBLOB=',wfdno', @ANYRESHEX=r4])
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
ioctl$NBD_SET_SOCK(r0, 0xab00, r2)
ioctl$NBD_DO_IT(r0, 0xab03)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

2.793498793s ago: executing program 7 (id=2359):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001b80), r3)
sendmsg$IEEE802154_LIST_IFACE(r3, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001bc0)={0x14, r4, 0x50be6fea6f3bdfbb, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)

2.787977486s ago: executing program 4 (id=2360):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000002c0)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x1000000, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000140)="d2ffb49ede31518d65a476b76e4a4e0b75db47c327ab5b7233ac3507e16db41df04709094056af33a6db1e301a74db81f27f6aa6a8ca9d22a565ff96d46e88fa99b284c26c46494072fc2e47da240c71"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0})

2.527988108s ago: executing program 6 (id=2361):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2.510114784s ago: executing program 6 (id=2362):
syz_emit_ethernet(0x3e, &(0x7f0000000240)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0xfffc, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @empty=0xac1414aa}}}}}}, 0x0)

2.463213003s ago: executing program 6 (id=2363):
prlimit64(0x0, 0x5, &(0x7f0000000140)={0xa, 0x2000000000000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a)
accept4(r0, 0x0, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x80, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000004c0)=@nat={'nat\x00', 0x670, 0x5, 0x4e8, 0x450, 0x2c0, 0xffffffff, 0x3a8, 0x2c0, 0x450, 0x450, 0xffffffff, 0x450, 0x450, 0x5, 0x0, {[{{@uncond, 0x0, 0x1f0, 0x228, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'kmp\x00', "0d01d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@dev={0xfe, 0x80, '\x00', 0x10}, [0xffffff00, 0xff000000, 0x0, 0xffffff00], @ipv4=@dev={0xac, 0x14, 0x14, 0x29}, [0x0, 0xffffff00, 0xff000000, 0xffffffff], @ipv6=@local, [0xff000000, 0xff, 0x0, 0xff], @ipv4=@broadcast, [0xffffffff, 0xffffff00, 0xff], 0x3ff, 0x1, 0x5c, 0x4e20, 0x4e22, 0x4e24, 0x4e24, 0x804, 0x20c0}, 0x80, 0x2}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x801, {0x0, @broadcast, @multicast2, @port=0x1, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@multicast2, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0xa0, 0xe8, 0x0, {}, [@common=@addrtype={{0x30}, {0x890, 0x218, 0x0, 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @rand_addr, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x548)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="38000000032201002cbd7000fedbdf250900020073797a32000000000800410072786500140033006970766c616e31000000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x40000000)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000003e000701fcfffffffd9bdf25037c0000040038800c000180080003"], 0x24}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

1.987157059s ago: executing program 5 (id=2364):
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x4)
r2 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r2, 0x0, 0x0)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x48201)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)

1.899789799s ago: executing program 8 (id=2365):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
times(&(0x7f00000001c0))
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x8, 0x1)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
sendfile(r3, r3, 0x0, 0x1)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
r5 = syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x0)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_DEL(r7, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000240)={0x34, r6, 0x6ae3e61d32b8160b, 0x0, 0x0, {0x4a}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x4000)
ioctl$CEC_DQEVENT(r5, 0xc0506107, 0x0)
ioctl$CEC_DQEVENT(r5, 0xc0506107, 0x0)
ioctl$IOC_PR_PREEMPT(r5, 0x40046109, &(0x7f0000000040)={0xd0, 0xfffffffffffffffe})
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r8, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @pic={0x2d, 0x7, 0x3, 0x1, 0x4, 0x8, 0x0, 0x75, 0x62, 0x0, 0x49, 0x7, 0x40, 0x1, 0x4, 0x24}})
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa", 0x45}], 0x1)

1.775080537s ago: executing program 7 (id=2366):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x44014)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(0xffffffffffffffff, 0x26c8, 0x0, 0x1, 0x0, 0x10)
r3 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4091, 0xffb}, {&(0x7f0000002580)=""/4096}, {&(0x7f00000014c0)=""/155}, {&(0x7f00000024c0)=""/170}], 0x1}}], 0x40000000000013e, 0x2, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080))
ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r0, 0x8982, 0x0)

1.751757581s ago: executing program 4 (id=2367):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r3, 0x25, 0x0, @void}, 0x10)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r4=>0x0}, 0x8)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r4, 0x4)

1.520923268s ago: executing program 6 (id=2368):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$tipc(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r4, {0xfff9, 0x7}, {}, {0x1, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @TCA_FLOWER_KEY_IPV6_DST_MASK={0x14, 0x11, [0xffffff, 0xffffff00, 0xffffffff, 0xff]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x800)

1.125142643s ago: executing program 4 (id=2369):
socket$qrtr(0x2a, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)

1.098028846s ago: executing program 5 (id=2370):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000002300)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000380)=[{&(0x7f00000002c0)="a4d3", 0x2}], 0x1}}], 0x1, 0x2000c000)
setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0xc, &(0x7f0000000040)=@gcm_256={{0x304}, "7ae878920c9e4f9c", "62f5081ebfe2a840263b713e9dd90eb60602881763e63218f76de2681c3bd4d0", "e2ea08b3", "a56f96c8efe8db46"}, 0x38)

1.01808164s ago: executing program 8 (id=2371):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000000)={{0xa, 0x4e24, 0x100, @private0, 0x5}, {0xa, 0x4e22, 0x4, @loopback, 0xffffffff}, 0x0, {[0x4, 0x4d3, 0x0, 0x1, 0x2, 0xfffffffe, 0xd, 0x5]}}, 0x5c)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x1c3425, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8=N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']})

852.075997ms ago: executing program 6 (id=2372):
socket$inet(0x2, 0x1, 0x100)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r2, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1)
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000000c0)={<r3=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x1, r3})
r4 = socket(0xa, 0x1, 0x0)
ioctl(r4, 0x8916, &(0x7f0000000000))
ioctl(r4, 0x8936, &(0x7f0000000000))

586.742324ms ago: executing program 4 (id=2373):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0xffffffffffffffff, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

158.704261ms ago: executing program 5 (id=2374):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r1, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r3}, 0x47)
shutdown(r3, 0x0)
recvfrom$unix(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/bus/input/devices\x00', 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x301100)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r8 = dup(r7)
bind$bt_l2cap(r8, &(0x7f0000000080)={0x1f, 0x7}, 0xe)
listen(r7, 0x9)
accept4$vsock_stream(r8, 0x0, 0x58, 0x0)
read$FUSE(r5, &(0x7f0000004100)={0x2020}, 0x2020)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x7)
process_vm_writev(0x0, &(0x7f0000000600)=[{&(0x7f0000000440)=""/137, 0x89}], 0x1, &(0x7f0000000ac0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

59.561519ms ago: executing program 8 (id=2375):
rseq(&(0x7f0000000000)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0xf3a, 0x0)
write(r0, 0x0, 0x0)

0s ago: executing program 7 (id=2376):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000002680), 0x0, 0x0)
shutdown(r0, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x6, &(0x7f0000000180), 0x0)
read$msr(r1, 0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r4, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)

kernel console output (not intermixed with test programs):

1-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  383.873108][ T5893] usb 2-1: config 0 has an invalid interface number: 231 but max is 0
[  383.950505][ T5921] usb 1-1: USB disconnect, device number 29
[  383.957618][ T5921] ch341 1-1:0.0: device disconnected
[  384.040358][ T5893] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  384.053028][ T5893] usb 2-1: config 0 has no interface number 0
[  384.059174][ T5893] usb 2-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  384.105760][ T5893] usb 2-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  384.161335][ T5893] usb 2-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  384.178151][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.584020][T10079] Can't find a SQUASHFS superblock on nullb0
[  384.850857][ T5893] usb 2-1: Product: syz
[  385.160190][ T5893] usb 2-1: Manufacturer: syz
[  385.175837][ T5893] usb 2-1: SerialNumber: syz
[  385.196942][ T5893] usb 2-1: config 0 descriptor??
[  385.268968][T10049] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  385.280008][ T5893] usb-storage 2-1:0.231: USB Mass Storage device detected
[  385.569650][ T5893] usb 2-1: USB disconnect, device number 26
[  385.882831][T10101] Can't find a SQUASHFS superblock on nullb0
[  387.324294][ T5893] libceph: connect (1)[c::]:6789 error -101
[  387.335527][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  387.351146][T10103] ceph: No mds server is up or the cluster is laggy
[  387.467895][T10098] netlink: 596 bytes leftover after parsing attributes in process `syz.1.996'.
[  387.531633][   T30] audit: type=1326 audit(1750682884.430:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10088 comm="syz.0.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa49c38e929 code=0x7fc00000
[  387.559007][T10115] netlink: 4 bytes leftover after parsing attributes in process `syz.4.997'.
[  387.587969][T10115] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[  387.607777][T10098] netlink: ct family unspecified
[  387.678347][   T30] audit: type=1326 audit(1750682884.600:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10088 comm="syz.0.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa49c38e929 code=0x7fc00000
[  387.701961][T10098] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  387.714913][T10115] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  387.732586][   T30] audit: type=1326 audit(1750682884.600:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10088 comm="syz.0.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa49c38e929 code=0x7fc00000
[  387.796728][T10115] bridge0: port 3(netdevsim0) entered disabled state
[  387.818206][T10122] binder: 10112:10122 ioctl c0306201 200000000240 returned -11
[  388.203497][T10115] bridge_slave_1: left allmulticast mode
[  388.209466][T10115] bridge_slave_1: left promiscuous mode
[  388.215249][T10115] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.236711][T10115] bridge_slave_0: left allmulticast mode
[  388.250491][T10115] bridge_slave_0: left promiscuous mode
[  388.258619][T10115] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.387053][T10123] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  388.396676][T10123] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  388.407730][T10123] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  388.500171][ T5872] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  388.513954][T10131] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1001'.
[  388.519566][   T30] audit: type=1400 audit(1750682885.330:613): avc:  denied  { firmware_load } for  pid=10116 comm="syz.3.1000" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  388.547185][T10127] netlink: 'syz.2.1001': attribute type 10 has an invalid length.
[  388.616915][T10127] bond0: (slave wlan1): Opening slave failed
[  388.763877][T10146] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1006'.
[  388.781157][T10146] netlink: ct family unspecified
[  388.786230][T10146] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  388.868812][T10148] Can't find a SQUASHFS superblock on nullb0
[  389.239956][ T5872] usb 2-1: Using ep0 maxpacket: 32
[  389.294924][ T5872] usb 2-1: device descriptor read/all, error -71
[  389.298443][ T5921] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  389.498509][ T5921] usb 3-1: Using ep0 maxpacket: 32
[  389.526540][ T5921] usb 3-1: config 0 has an invalid interface number: 231 but max is 0
[  389.939351][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  390.451417][   T24] libceph: connect (1)[c::]:6789 error -101
[  390.468563][ T5921] usb 3-1: config 0 has no interface number 0
[  390.502085][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  390.513107][ T5921] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  390.561253][ T5921] usb 3-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  390.579056][ T5921] usb 3-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  390.589363][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.599465][ T5921] usb 3-1: Product: syz
[  390.603705][ T5921] usb 3-1: Manufacturer: syz
[  390.609583][ T5921] usb 3-1: SerialNumber: syz
[  390.657001][ T5921] usb 3-1: config 0 descriptor??
[  390.687119][T10167] ceph: No mds server is up or the cluster is laggy
[  390.786322][T10146] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  390.800773][ T5921] usb-storage 3-1:0.231: USB Mass Storage device detected
[  391.922853][   T43] usb 3-1: USB disconnect, device number 24
[  391.962324][T10191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1014'.
[  392.017144][T10191] binder: 10188:10191 ioctl 4018620d 0 returned -22
[  392.094840][T10196] fuse: Bad value for 'group_id'
[  392.101253][T10196] fuse: Bad value for 'group_id'
[  394.115809][ T5893] libceph: connect (1)[c::]:6789 error -101
[  394.355204][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  394.462855][T10223] ceph: No mds server is up or the cluster is laggy
[  395.462845][T10240] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1027'.
[  395.472896][T10240] netlink: 'syz.4.1027': attribute type 10 has an invalid length.
[  397.269281][T10271] Can't find a SQUASHFS superblock on nullb0
[  397.451214][T10276] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1038'.
[  397.462026][T10276] netlink: 'syz.2.1038': attribute type 10 has an invalid length.
[  397.538504][ T5893] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  397.968665][   T10] libceph: connect (1)[c::]:6789 error -101
[  397.974795][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  398.126277][T10279] ceph: No mds server is up or the cluster is laggy
[  398.185972][ T5893] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  398.275971][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.302831][ T5893] usb 5-1: Product: syz
[  398.322598][   T94] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  398.438194][ T5893] usb 5-1: Manufacturer: syz
[  398.532429][ T5893] usb 5-1: SerialNumber: syz
[  398.554328][ T5893] usb 5-1: config 0 descriptor??
[  398.580254][ T5893] ch341 5-1:0.0: ch341-uart converter detected
[  398.689307][   T94] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  398.704044][   T94] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  398.718577][   T94] usb 3-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  398.728902][   T94] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.807470][   T94] usb 3-1: config 0 descriptor??
[  399.459122][T10299] Can't find a SQUASHFS superblock on nullb0
[  399.855629][   T94] usb 3-1: USB disconnect, device number 25
[  400.510854][ T5893] usb 5-1: failed to send control message: -71
[  400.625023][ T5893] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  400.644888][ T5893] usb 5-1: USB disconnect, device number 22
[  400.653594][ T5893] ch341 5-1:0.0: device disconnected
[  400.926388][ T5893] kernel write not supported for file /cpu/0/msr (pid: 5893 comm: kworker/0:6)
[  403.312214][T10329] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  406.417685][T10364] 9pnet_fd: Insufficient options for proto=fd
[  408.379404][ T5893] libceph: connect (1)[c::]:6789 error -101
[  408.388258][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  408.565748][T10388] ceph: No mds server is up or the cluster is laggy
[  409.228431][ T5893] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  409.374855][T10406] Can't find a SQUASHFS superblock on nullb0
[  409.407844][T10407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1068'.
[  409.448477][ T5893] usb 5-1: Using ep0 maxpacket: 8
[  409.476907][ T5893] usb 5-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 64
[  409.551877][T10407] binder: 10403:10407 ioctl c0306201 0 returned -14
[  409.575881][ T5893] usb 5-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  409.601578][T10407] binder: 10403:10407 ioctl c0306201 200000000240 returned -11
[  409.647058][ T5893] usb 5-1: config 1 interface 0 has no altsetting 0
[  409.687415][ T5893] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  409.710272][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.717619][T10410] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1069'.
[  409.728356][ T5893] usb 5-1: Manufacturer: Э
[  409.733582][ T5893] usb 5-1: SerialNumber: syz
[  409.762949][T10386] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  409.948914][T10410] netlink: ct family unspecified
[  409.954257][T10410] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  410.238128][T10422] Can't find a SQUASHFS superblock on nullb0
[  411.025598][ T5893] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 23 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8
[  411.054660][ T5893] usb 5-1: USB disconnect, device number 23
[  411.096344][ T5893] usblp0: removed
[  411.121272][   T43] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  411.198368][ T5921] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  411.836164][   T43] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  411.845818][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.859531][ T5921] usb 3-1: Using ep0 maxpacket: 32
[  411.864765][   T43] usb 1-1: Product: syz
[  411.869186][   T43] usb 1-1: Manufacturer: syz
[  411.874131][   T43] usb 1-1: SerialNumber: syz
[  411.879721][ T5921] usb 3-1: config 0 has an invalid interface number: 231 but max is 0
[  411.889890][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  411.900980][   T43] usb 1-1: config 0 descriptor??
[  411.919434][   T43] ch341 1-1:0.0: ch341-uart converter detected
[  411.928368][ T5921] usb 3-1: config 0 has no interface number 0
[  411.947819][ T5921] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  411.970219][ T5921] usb 3-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  412.085641][ T5921] usb 3-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  412.102896][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.119720][ T5921] usb 3-1: Product: syz
[  412.159963][ T5921] usb 3-1: Manufacturer: syz
[  412.181552][ T5921] usb 3-1: SerialNumber: syz
[  412.218626][ T5921] usb 3-1: config 0 descriptor??
[  412.257178][T10439] Can't find a SQUASHFS superblock on nullb0
[  412.410400][T10410] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  412.559482][ T5921] usb-storage 3-1:0.231: USB Mass Storage device detected
[  412.753568][ T5921] usb 3-1: USB disconnect, device number 26
[  412.941074][   T43] usb 1-1: failed to send control message: -71
[  412.973399][   T43] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  413.013182][T10446] fuse: Bad value for 'group_id'
[  413.032437][   T43] usb 1-1: USB disconnect, device number 30
[  413.059736][T10446] fuse: Bad value for 'group_id'
[  413.075396][   T43] ch341 1-1:0.0: device disconnected
[  413.187164][T10449] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1078'.
[  413.353073][T10448] netlink: ct family unspecified
[  413.362297][T10448] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  413.628433][ T5921] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  413.981611][T10457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1081'.
[  413.988435][ T5921] usb 5-1: Using ep0 maxpacket: 32
[  413.990616][T10457] bridge_slave_1: left allmulticast mode
[  414.003480][T10457] bridge_slave_1: left promiscuous mode
[  414.009440][T10457] bridge0: port 2(bridge_slave_1) entered disabled state
[  414.019228][T10457] bridge_slave_0: left allmulticast mode
[  414.021248][ T5921] usb 5-1: config 0 has an invalid interface number: 231 but max is 0
[  414.033298][T10457] bridge_slave_0: left promiscuous mode
[  414.033481][T10457] bridge0: port 1(bridge_slave_0) entered disabled state
[  414.044944][ T5921] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  414.061810][ T5921] usb 5-1: config 0 has no interface number 0
[  414.071475][ T5921] usb 5-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  414.087531][ T5921] usb 5-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  414.103098][ T5921] usb 5-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  414.118986][T10463] binder: 10456:10463 ioctl c0306201 0 returned -14
[  414.126401][T10463] binder: 10456:10463 ioctl c0306201 200000000240 returned -11
[  414.160031][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.177430][ T5921] usb 5-1: Product: syz
[  414.189107][ T5921] usb 5-1: Manufacturer: syz
[  414.196705][ T5921] usb 5-1: SerialNumber: syz
[  414.363370][ T5921] usb 5-1: config 0 descriptor??
[  414.847410][T10448] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  414.895038][ T5921] usb-storage 5-1:0.231: USB Mass Storage device detected
[  414.938398][ T5872] kernel write not supported for file /cpu/0/msr (pid: 5872 comm: kworker/0:3)
[  415.696872][   T94] usb 5-1: USB disconnect, device number 24
[  416.514140][T10488] Can't find a SQUASHFS superblock on nullb0
[  416.533258][   T30] audit: type=1800 audit(1750682913.430:614): pid=10492 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.1085" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  417.247228][T10497] Can't find a SQUASHFS superblock on nullb0
[  418.569862][T10523] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1094'.
[  418.652297][ T5872] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  418.778757][T10523] binder: 10519:10523 ioctl c0306201 200000000240 returned -11
[  419.411545][ T5872] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  419.420677][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.448459][ T5872] usb 1-1: Product: syz
[  419.452680][ T5872] usb 1-1: Manufacturer: syz
[  419.528526][ T5872] usb 1-1: SerialNumber: syz
[  419.549460][ T5872] usb 1-1: config 0 descriptor??
[  419.569547][ T5872] ch341 1-1:0.0: ch341-uart converter detected
[  419.581011][T10533] fuse: Bad value for 'group_id'
[  419.585997][T10533] fuse: Bad value for 'group_id'
[  421.075599][ T7591] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  422.076602][T10560] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1102'.
[  422.094957][T10560] netlink: ct family unspecified
[  422.104016][T10560] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  422.147755][ T5872] usb 1-1: failed to send control message: -71
[  422.174712][ T5872] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  422.216843][ T5872] usb 1-1: USB disconnect, device number 31
[  422.225942][ T5872] ch341 1-1:0.0: device disconnected
[  422.378703][ T5921] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  422.558494][ T5921] usb 3-1: Using ep0 maxpacket: 32
[  422.610943][T10569] Can't find a SQUASHFS superblock on nullb0
[  422.735180][ T5921] usb 3-1: config 0 has an invalid interface number: 231 but max is 0
[  422.865980][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  422.971129][ T5921] usb 3-1: config 0 has no interface number 0
[  422.983911][ T5921] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  423.023783][ T5921] usb 3-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  423.276932][ T5921] usb 3-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  423.299724][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.325371][ T5921] usb 3-1: Product: syz
[  423.351682][ T5921] usb 3-1: Manufacturer: syz
[  423.374003][ T5921] usb 3-1: SerialNumber: syz
[  423.388356][T10574] fuse: Bad value for 'group_id'
[  423.413919][T10574] fuse: Bad value for 'group_id'
[  423.442306][ T5921] usb 3-1: config 0 descriptor??
[  423.483330][T10560] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  423.600384][ T5921] usb-storage 3-1:0.231: USB Mass Storage device detected
[  423.756125][T10581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1107'.
[  423.835131][T10577] binder: 10576:10577 ioctl c0306201 200000000240 returned -11
[  423.845932][ T5921] usb 3-1: USB disconnect, device number 27
[  424.190610][ T5816] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  424.381026][ T5816] usb 1-1: Using ep0 maxpacket: 8
[  424.437414][ T5816] usb 1-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 64
[  424.457531][ T5816] usb 1-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  424.509003][ T5816] usb 1-1: config 1 interface 0 has no altsetting 0
[  424.551880][ T5816] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  424.562676][ T5816] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.572816][ T5816] usb 1-1: Product: Г
[  424.578396][ T5816] usb 1-1: SerialNumber: syz
[  424.662388][T10587] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  425.440426][T10604] Can't find a SQUASHFS superblock on nullb0
[  425.612958][ T5816] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 32 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8
[  425.700731][T10612] 9pnet_fd: Insufficient options for proto=fd
[  425.985413][ T5816] usb 1-1: USB disconnect, device number 32
[  426.063169][ T5816] usblp0: removed
[  426.285381][T10623] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1118'.
[  426.306309][T10623] binder: 10616:10623 ioctl c0306201 200000000240 returned -11
[  427.664633][T10633] netlink: 596 bytes leftover after parsing attributes in process `syz.0.1120'.
[  428.070583][T10633] netlink: ct family unspecified
[  428.075601][T10633] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  428.448374][ T5816] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  428.901266][ T5893] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  428.953686][ T5816] usb 1-1: Using ep0 maxpacket: 32
[  428.963608][ T5816] usb 1-1: config 0 has an invalid interface number: 231 but max is 0
[  428.974340][ T5816] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  428.987083][ T5816] usb 1-1: config 0 has no interface number 0
[  428.995062][ T5816] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  429.006427][ T5816] usb 1-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  429.020141][T10655] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1128'.
[  429.026484][ T5816] usb 1-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  429.040088][T10655] netlink: ct family unspecified
[  429.045786][T10655] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  429.047548][ T5816] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.060135][ T5893] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  429.070094][ T5816] usb 1-1: Product: syz
[  429.074003][ T5893] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  429.077152][ T5816] usb 1-1: Manufacturer: syz
[  429.088195][ T5893] usb 2-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  429.103404][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.112266][ T5816] usb 1-1: SerialNumber: syz
[  429.176079][ T5893] usb 2-1: config 0 descriptor??
[  429.176085][ T5816] usb 1-1: config 0 descriptor??
[  429.176670][T10633] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  429.319357][ T5816] usb-storage 1-1:0.231: USB Mass Storage device detected
[  429.348409][   T94] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  429.528700][   T94] usb 4-1: Using ep0 maxpacket: 32
[  429.676120][   T94] usb 4-1: config 0 has an invalid interface number: 231 but max is 0
[  429.689508][ T5893] libceph: connect (1)[c::]:6789 error -101
[  429.791701][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  429.810211][   T94] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  429.857380][ T5893] usb 2-1: USB disconnect, device number 29
[  429.871540][ T5816] usb 1-1: USB disconnect, device number 33
[  429.876930][   T94] usb 4-1: config 0 has no interface number 0
[  429.908741][   T94] usb 4-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  429.938360][   T94] usb 4-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  429.967049][   T94] usb 4-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  429.977633][   T94] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.985867][   T94] usb 4-1: Product: syz
[  429.990371][   T94] usb 4-1: Manufacturer: syz
[  429.994963][   T94] usb 4-1: SerialNumber: syz
[  430.001631][   T94] usb 4-1: config 0 descriptor??
[  430.007049][T10655] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  430.016284][   T94] usb-storage 4-1:0.231: USB Mass Storage device detected
[  430.059561][T10665] ceph: No mds server is up or the cluster is laggy
[  430.129362][   T24] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  430.287285][   T43] usb 4-1: USB disconnect, device number 23
[  430.390940][T10680] Can't find a SQUASHFS superblock on nullb0
[  430.777529][   T24] usb 5-1: Using ep0 maxpacket: 8
[  430.785813][   T24] usb 5-1: config 1 interface 0 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 64
[  430.810082][   T24] usb 5-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  430.828454][   T24] usb 5-1: config 1 interface 0 has no altsetting 0
[  430.840059][   T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  430.849445][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.857506][   T24] usb 5-1: Product: Г
[  430.861988][   T24] usb 5-1: SerialNumber: syz
[  430.874387][T10672] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  430.894330][T10685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1133'.
[  430.916132][T10682] binder: 10681:10682 ioctl c0306201 0 returned -14
[  430.924519][T10682] binder: 10681:10682 ioctl c0306201 200000000240 returned -11
[  431.343847][T10692] Can't find a SQUASHFS superblock on nullb0
[  432.179191][   T24] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 25 if 0 alt 1 proto 1 vid 0x0525 pid 0xA4A8
[  432.212710][   T24] usb 5-1: USB disconnect, device number 25
[  432.288360][   T24] usblp0: removed
[  432.632993][T10707] Can't find a SQUASHFS superblock on nullb0
[  433.870240][T10713] ceph: No mds server is up or the cluster is laggy
[  433.879299][   T94] libceph: connect (1)[c::]:6789 error -101
[  433.953713][   T94] libceph: mon0 (1)[c::]:6789 connect error
[  434.481322][T10730] Can't find a SQUASHFS superblock on nullb0
[  435.218463][   T94] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  435.737668][T10741] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1146'.
[  435.841424][   T94] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  435.842781][T10743] binder: 10736:10743 ioctl c0306201 200000000240 returned -11
[  435.853235][   T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.866895][   T94] usb 1-1: Product: syz
[  435.871196][   T94] usb 1-1: Manufacturer: syz
[  435.875788][   T94] usb 1-1: SerialNumber: syz
[  435.892161][   T94] usb 1-1: config 0 descriptor??
[  435.910373][   T94] ch341 1-1:0.0: ch341-uart converter detected
[  436.648337][ T5921] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  436.997428][ T5921] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  437.021652][ T5921] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  437.114715][ T5921] usb 2-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  437.146011][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.189874][ T5921] usb 2-1: config 0 descriptor??
[  437.288511][T10767] Can't find a SQUASHFS superblock on nullb0
[  437.587808][ T5921] usb 2-1: USB disconnect, device number 30
[  437.748674][   T94] usb 1-1: failed to send control message: -71
[  437.754916][   T94] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  437.784816][   T94] usb 1-1: USB disconnect, device number 34
[  437.799705][   T94] ch341 1-1:0.0: device disconnected
[  437.885458][T10771] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1153'.
[  437.912862][T10771] netlink: ct family unspecified
[  437.917850][T10771] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  438.818345][ T5893] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  439.049109][ T5893] usb 4-1: Using ep0 maxpacket: 32
[  439.056446][ T5893] usb 4-1: config 0 has an invalid interface number: 231 but max is 0
[  439.080468][ T5893] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  439.096269][ T5893] usb 4-1: config 0 has no interface number 0
[  439.541151][ T5893] usb 4-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  439.574019][ T5893] usb 4-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  439.596946][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  439.603436][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  439.640052][ T5893] usb 4-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  439.652915][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.662422][ T5893] usb 4-1: Product: syz
[  439.764570][ T5893] usb 4-1: Manufacturer: syz
[  439.769389][ T5893] usb 4-1: SerialNumber: syz
[  439.776800][ T5893] usb 4-1: config 0 descriptor??
[  439.885225][T10771] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  439.906524][ T5893] usb-storage 4-1:0.231: USB Mass Storage device detected
[  440.093821][T10797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1159'.
[  440.188816][T10797] binder: 10791:10797 ioctl c0306201 200000000240 returned -11
[  440.377861][T10803] Can't find a SQUASHFS superblock on nullb0
[  440.393158][ T5893] usb 4-1: USB disconnect, device number 24
[  441.072139][T10813] Can't find a SQUASHFS superblock on nullb0
[  445.103358][T10849] Can't find a SQUASHFS superblock on nullb0
[  445.786127][T10856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1172'.
[  446.050739][T10856] binder: 10852:10856 ioctl c0306201 0 returned -14
[  447.743888][T10873] fuse: Bad value for 'fd'
[  447.931677][T10881] netlink: 596 bytes leftover after parsing attributes in process `syz.0.1179'.
[  447.944179][T10882] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1178'.
[  447.973690][T10887] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1180'.
[  448.024042][T10881] netlink: ct family unspecified
[  448.030269][T10881] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  448.051454][T10884] binder: 10883:10884 ioctl c0306201 200000000240 returned -11
[  448.060114][T10882] netlink: ct family unspecified
[  448.075766][T10882] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  448.318533][   T10] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  448.405786][T10899] Can't find a SQUASHFS superblock on nullb0
[  448.589298][   T10] usb 1-1: Using ep0 maxpacket: 32
[  448.675524][   T10] usb 1-1: config 0 has an invalid interface number: 231 but max is 0
[  448.731238][   T24] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  448.754411][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  448.767518][   T10] usb 1-1: config 0 has no interface number 0
[  448.775230][   T10] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  448.785542][   T10] usb 1-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  448.898361][   T24] usb 5-1: Using ep0 maxpacket: 32
[  448.905290][   T10] usb 1-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  448.907042][   T24] usb 5-1: config 0 has an invalid interface number: 231 but max is 0
[  448.918765][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.931093][   T10] usb 1-1: Product: syz
[  448.935307][   T10] usb 1-1: Manufacturer: syz
[  448.940008][   T10] usb 1-1: SerialNumber: syz
[  448.948070][   T10] usb 1-1: config 0 descriptor??
[  448.953787][T10881] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  449.544856][   T10] usb-storage 1-1:0.231: USB Mass Storage device detected
[  449.554971][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  449.565684][   T24] usb 5-1: config 0 has no interface number 0
[  449.572600][   T24] usb 5-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  449.583083][   T24] usb 5-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  449.598694][   T24] usb 5-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  449.607744][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.768532][   T24] usb 5-1: Product: syz
[  449.772739][   T24] usb 5-1: Manufacturer: syz
[  449.777338][   T24] usb 5-1: SerialNumber: syz
[  450.060203][T10912] Can't find a SQUASHFS superblock on nullb0
[  450.127309][   T24] usb 5-1: config 0 descriptor??
[  450.145496][T10882] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  450.154568][   T24] usb-storage 5-1:0.231: USB Mass Storage device detected
[  450.246800][   T43] usb 1-1: USB disconnect, device number 35
[  451.206004][   T43] usb 5-1: USB disconnect, device number 26
[  451.213378][T10929] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1187'.
[  451.588030][T10929] binder: 10925:10929 ioctl c0306201 0 returned -14
[  451.769120][T10938] fuse: Bad value for 'group_id'
[  451.793479][T10938] fuse: Bad value for 'group_id'
[  452.005331][T10944] Can't find a SQUASHFS superblock on nullb0
[  452.988485][ T5893] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  453.267381][T10958] Can't find a SQUASHFS superblock on nullb0
[  453.273831][T10959] Can't find a SQUASHFS superblock on nullb0
[  453.436299][ T5893] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  453.450584][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.463554][ T5893] usb 3-1: Product: syz
[  453.467755][ T5893] usb 3-1: Manufacturer: syz
[  453.472703][ T5893] usb 3-1: SerialNumber: syz
[  453.481647][ T5893] usb 3-1: config 0 descriptor??
[  454.016764][ T5893] ch341 3-1:0.0: ch341-uart converter detected
[  455.769633][T10994] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1202'.
[  455.780324][ T5893] usb 3-1: failed to send control message: -71
[  455.817341][ T5893] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  455.822471][T10994] binder: 10988:10994 ioctl c0306201 0 returned -14
[  455.835931][T10992] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1203'.
[  455.858623][ T5893] usb 3-1: USB disconnect, device number 28
[  455.881473][ T5893] ch341 3-1:0.0: device disconnected
[  455.893504][T10992] netlink: ct family unspecified
[  455.902473][T10992] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  455.990536][T10998] fuse: Bad value for 'group_id'
[  455.995557][T10998] fuse: Bad value for 'group_id'
[  456.218483][   T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  456.286852][T11002] Can't find a SQUASHFS superblock on nullb0
[  456.929184][   T10] usb 5-1: Using ep0 maxpacket: 32
[  456.938911][   T10] usb 5-1: config 0 has an invalid interface number: 231 but max is 0
[  456.957247][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  456.967705][   T10] usb 5-1: config 0 has no interface number 0
[  456.973953][   T10] usb 5-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  457.330141][   T10] usb 5-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  457.543918][   T10] usb 5-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  457.557162][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.587070][   T10] usb 5-1: Product: syz
[  457.595699][   T10] usb 5-1: Manufacturer: syz
[  457.605643][   T10] usb 5-1: SerialNumber: syz
[  457.620286][   T10] usb 5-1: config 0 descriptor??
[  457.809306][T10992] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  457.851174][   T10] usb-storage 5-1:0.231: USB Mass Storage device detected
[  457.891627][T11015] Can't find a SQUASHFS superblock on nullb0
[  459.222605][T11019] ceph: No mds server is up or the cluster is laggy
[  459.229445][ T5872] libceph: connect (1)[c::]:6789 error -101
[  459.261099][ T5872] libceph: mon0 (1)[c::]:6789 connect error
[  459.373093][   T30] audit: type=1400 audit(1750682956.300:615): avc:  denied  { setopt } for  pid=11028 comm="syz.0.1212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  459.429523][   T10] usb 5-1: USB disconnect, device number 27
[  459.437785][T11026] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1210'.
[  459.530505][T11026] netlink: ct family unspecified
[  459.535767][T11026] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  459.788582][ T5872] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  459.958484][ T5872] usb 4-1: Using ep0 maxpacket: 32
[  459.976449][ T5872] usb 4-1: config 0 has an invalid interface number: 231 but max is 0
[  459.995225][ T5872] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  460.018234][ T5872] usb 4-1: config 0 has no interface number 0
[  460.040125][ T5872] usb 4-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  460.061671][ T5872] usb 4-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  460.093483][ T5872] usb 4-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  460.114856][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.139556][ T5872] usb 4-1: Product: syz
[  460.147999][ T5872] usb 4-1: Manufacturer: syz
[  460.164953][ T5872] usb 4-1: SerialNumber: syz
[  460.194192][ T5872] usb 4-1: config 0 descriptor??
[  460.266241][T11026] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  460.352866][ T5872] usb-storage 4-1:0.231: USB Mass Storage device detected
[  460.889624][ T5921] usb 4-1: USB disconnect, device number 25
[  461.569817][   T30] audit: type=1400 audit(1750682958.490:616): avc:  denied  { read write } for  pid=11055 comm="syz.0.1219" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  461.689493][   T30] audit: type=1400 audit(1750682958.530:617): avc:  denied  { open } for  pid=11055 comm="syz.0.1219" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  461.738734][   T30] audit: type=1400 audit(1750682958.530:618): avc:  denied  { ioctl } for  pid=11055 comm="syz.0.1219" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  462.337847][   T30] audit: type=1400 audit(1750682959.260:619): avc:  denied  { connect } for  pid=11062 comm="syz.1.1223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  462.520860][T11078] smc: net device bond0 applied user defined pnetid SYZ1
[  463.432036][   T30] audit: type=1400 audit(1750682960.360:620): avc:  denied  { create } for  pid=11083 comm="syz.3.1229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  464.561737][   T30] audit: type=1400 audit(1750682961.210:621): avc:  denied  { mount } for  pid=11090 comm="syz.1.1231" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  464.616853][T11097] veth1_to_bond: entered allmulticast mode
[  464.626134][T11097] veth1_to_bond: entered promiscuous mode
[  464.634487][T11097] veth1_to_bond: left promiscuous mode
[  464.641339][T11097] veth1_to_bond: left allmulticast mode
[  464.672053][   T30] audit: type=1400 audit(1750682961.600:622): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  464.737118][   T30] audit: type=1400 audit(1750682961.660:623): avc:  denied  { bind } for  pid=11098 comm="syz.3.1233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  464.808384][   T94] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  465.140017][   T94] usb 1-1: Using ep0 maxpacket: 8
[  465.542714][   T94] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  465.559187][   T94] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.750128][   T94] pvrusb2: Hardware description: Terratec Grabster AV400
[  465.790762][   T94] pvrusb2: **********
[  465.863863][   T94] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  466.470151][   T94] pvrusb2: Important functionality might not be entirely working.
[  466.499542][   T30] audit: type=1400 audit(1750682963.010:624): avc:  denied  { setopt } for  pid=11114 comm="syz.2.1239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  466.567108][T11113] netlink: 'syz.3.1237': attribute type 4 has an invalid length.
[  466.584373][   T94] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  466.738632][   T94] pvrusb2: **********
[  466.819257][ T2336] pvrusb2: Invalid write control endpoint
[  466.968407][   T94] usb 1-1: USB disconnect, device number 36
[  467.486765][ T2336] pvrusb2: Invalid write control endpoint
[  467.502813][ T2336] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  467.536514][ T2336] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  467.564356][ T2336] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  467.613829][ T2336] pvrusb2: Device being rendered inoperable
[  467.637176][ T2336] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  467.657481][ T2336] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  467.690070][ T2336] pvrusb2: Attached sub-driver cx25840
[  467.707847][ T2336] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  467.731175][ T2336] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  468.212982][   T30] audit: type=1400 audit(1750682965.110:625): avc:  denied  { mounton } for  pid=11130 comm="syz.3.1242" path="/proc/877/task" dev="proc" ino=26969 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  469.561916][   T30] audit: type=1400 audit(1750682966.470:626): avc:  denied  { create } for  pid=11153 comm="syz.4.1249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  470.039552][   T30] audit: type=1400 audit(1750682966.480:627): avc:  denied  { bind } for  pid=11153 comm="syz.4.1249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  470.269573][   T30] audit: type=1400 audit(1750682966.480:628): avc:  denied  { write } for  pid=11153 comm="syz.4.1249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  470.345999][   T30] audit: type=1400 audit(1750682967.270:629): avc:  denied  { read write } for  pid=11165 comm="syz.2.1252" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  470.370307][    C1] vkms_vblank_simulate: vblank timer overrun
[  470.381688][   T30] audit: type=1400 audit(1750682967.270:630): avc:  denied  { open } for  pid=11165 comm="syz.2.1252" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  471.530954][   T30] audit: type=1400 audit(1750682968.460:631): avc:  denied  { setattr } for  pid=11170 comm="syz.0.1254" name="nvme-fabrics" dev="devtmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  471.554344][    C1] vkms_vblank_simulate: vblank timer overrun
[  471.755002][   T30] audit: type=1400 audit(1750682968.610:632): avc:  denied  { read } for  pid=11170 comm="syz.0.1254" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  472.040858][   T30] audit: type=1400 audit(1750682968.610:633): avc:  denied  { open } for  pid=11170 comm="syz.0.1254" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  472.399497][T11189] usb usb1: usbfs: process 11189 (syz.3.1258) did not claim interface 0 before use
[  472.414335][   T30] audit: type=1400 audit(1750682969.270:634): avc:  denied  { append } for  pid=11186 comm="syz.3.1258" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  472.515512][   T30] audit: type=1400 audit(1750682969.420:635): avc:  denied  { ioctl } for  pid=11191 comm="syz.0.1260" path="socket:[27038]" dev="sockfs" ino=27038 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  472.540158][    C1] vkms_vblank_simulate: vblank timer overrun
[  474.278924][T11213] IPVS: length: 71 != 24
[  474.300547][   T30] audit: type=1400 audit(1750682971.210:636): avc:  denied  { getopt } for  pid=11212 comm="syz.2.1266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  474.319912][    C1] vkms_vblank_simulate: vblank timer overrun
[  474.436876][T11218] loop4: detected capacity change from 0 to 63
[  474.590330][ T5810] Buffer I/O error on dev loop4, logical block 0, async page read
[  475.457732][T11222] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  475.524524][T11222] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  476.142563][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  476.142579][   T30] audit: type=1400 audit(1750682972.600:639): avc:  denied  { bind } for  pid=11245 comm="syz.2.1276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  476.187041][   T30] audit: type=1400 audit(1750682972.660:640): avc:  denied  { nlmsg_write } for  pid=11238 comm="syz.1.1273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  476.211228][   T30] audit: type=1400 audit(1750682973.060:641): avc:  denied  { name_bind } for  pid=11245 comm="syz.2.1276" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  476.395897][T11222] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  476.518589][T11222] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  476.605169][T11222] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  476.718818][T11222] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  476.944335][   T30] audit: type=1400 audit(1750682973.870:642): avc:  denied  { read } for  pid=11263 comm="syz.2.1280" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  477.022582][   T30] audit: type=1400 audit(1750682973.890:643): avc:  denied  { open } for  pid=11263 comm="syz.2.1280" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  477.231369][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  477.938429][    T9] usb 3-1: config 0 has no interfaces?
[  478.047039][    T9] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  478.058071][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  478.083105][    T9] usb 3-1: Product: syz
[  478.087321][    T9] usb 3-1: Manufacturer: syz
[  478.178317][    T9] usb 3-1: SerialNumber: syz
[  478.244908][    T9] usb 3-1: config 0 descriptor??
[  478.717411][ T5816] usb 3-1: USB disconnect, device number 29
[  478.736720][   T30] audit: type=1400 audit(1750682975.620:644): avc:  denied  { ioctl } for  pid=11263 comm="syz.2.1280" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  479.339100][   T30] audit: type=1400 audit(1750682976.210:645): avc:  denied  { ioctl } for  pid=11329 comm="syz.1.1289" path="socket:[28038]" dev="sockfs" ino=28038 ioctlcmd=0x89e5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  480.162846][   T13] Bluetooth: (null): Invalid header checksum
[  480.246925][   T13] Bluetooth: (null): Invalid header checksum
[  481.784968][   T30] audit: type=1400 audit(1750682978.690:646): avc:  denied  { ioctl } for  pid=11368 comm="syz.4.1301" path="/dev/sg0" dev="devtmpfs" ino=743 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  484.079196][ T5893] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  484.281692][   T30] audit: type=1400 audit(1750682981.180:647): avc:  denied  { mount } for  pid=11397 comm="syz.1.1310" name="/" dev="autofs" ino=28202 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  484.399903][ T5893] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  484.584705][T11404] netlink: 'syz.3.1312': attribute type 10 has an invalid length.
[  484.608131][T11404] 8021q: adding VLAN 0 to HW filter on device batadv0
[  484.630466][T11404] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  484.856827][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  484.868008][   T30] audit: type=1400 audit(1750682981.210:648): avc:  denied  { mounton } for  pid=11397 comm="syz.1.1310" path="/265/file1/file0" dev="autofs" ino=28203 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  484.893925][   T30] audit: type=1400 audit(1750682981.210:649): avc:  denied  { mount } for  pid=11397 comm="syz.1.1310" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  484.896842][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  484.934181][   T30] audit: type=1400 audit(1750682981.340:650): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  484.961646][ T5893] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  484.977248][   T30] audit: type=1400 audit(1750682981.340:651): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  484.997770][T11408] capability: warning: `syz.0.1314' uses 32-bit capabilities (legacy support in use)
[  485.008049][ T5893] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  485.017679][ T5893] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  485.026051][ T5893] usb 3-1: Manufacturer: syz
[  485.032957][ T5893] usb 3-1: config 0 descriptor??
[  485.445089][ T5893] appleir 0003:05AC:8243.0010: unknown main item tag 0x0
[  485.468356][    T9] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  486.939427][ T5893] appleir 0003:05AC:8243.0010: No inputs registered, leaving
[  486.952374][ T5893] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  486.967068][ T5893] usb 3-1: USB disconnect, device number 30
[  487.159871][T11429] fido_id[11429]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  487.177419][   T30] audit: type=1400 audit(1750682984.110:652): avc:  denied  { append } for  pid=11434 comm="syz.4.1326" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  487.220046][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  487.680043][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  487.694666][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[  487.706827][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 212, setting to 64
[  488.378326][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  488.412274][    T9] usb 4-1: string descriptor 0 read error: -71
[  488.419979][    T9] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  488.439216][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.475389][    T9] usb 4-1: config 0 descriptor??
[  488.483348][    T9] usb 4-1: can't set config #0, error -71
[  488.501245][    T9] usb 4-1: USB disconnect, device number 26
[  488.626374][T11444] netlink: 'syz.2.1329': attribute type 1 has an invalid length.
[  488.634247][T11444] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1329'.
[  489.669902][T11456] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1333'.
[  490.716664][   T30] audit: type=1400 audit(1750682987.630:653): avc:  denied  { write } for  pid=11464 comm="syz.3.1336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  491.281378][   T30] audit: type=1400 audit(1750682988.210:654): avc:  denied  { bind } for  pid=11474 comm="syz.2.1340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  491.300600][    C0] vkms_vblank_simulate: vblank timer overrun
[  491.451696][   T30] audit: type=1400 audit(1750682988.250:655): avc:  denied  { write } for  pid=11474 comm="syz.2.1340" path="socket:[28393]" dev="sockfs" ino=28393 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  491.927022][T11487] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1344'.
[  494.708554][T11508] bad cache= option: no%e
[  494.708554][T11508] 
[  494.715277][T11508] CIFS: VFS: bad cache= option: no%e
[  496.597101][   T30] audit: type=1400 audit(1750682993.520:656): avc:  denied  { create } for  pid=11522 comm="syz.3.1356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  498.040441][   T30] audit: type=1400 audit(1750682994.970:657): avc:  denied  { audit_write } for  pid=11536 comm="syz.3.1360" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  499.480712][T11549] ALSA: seq fatal error: cannot create timer (-16)
[  500.578425][   T30] audit: type=1400 audit(1750682997.490:658): avc:  denied  { ioctl } for  pid=11554 comm="syz.4.1368" path="socket:[28733]" dev="sockfs" ino=28733 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  500.672743][T11564] hsr0: entered promiscuous mode
[  501.010545][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.074208][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  501.528004][   T30] audit: type=1400 audit(1750682998.430:659): avc:  denied  { map } for  pid=11567 comm="syz.3.1371" path="/dev/video37" dev="devtmpfs" ino=1050 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  502.083955][T11554] hsr0: left promiscuous mode
[  502.117470][ T5819] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  502.126964][ T5819] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  502.144974][ T5819] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  502.153635][ T5819] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  502.162991][ T5819] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  502.181941][   T30] audit: type=1400 audit(1750682999.110:660): avc:  denied  { mounton } for  pid=11584 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  502.203418][    C0] vkms_vblank_simulate: vblank timer overrun
[  502.393887][T11584] chnl_net:caif_netlink_parms(): no params data found
[  502.445203][T11584] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.452924][T11584] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.460396][T11584] bridge_slave_0: entered allmulticast mode
[  502.467117][T11584] bridge_slave_0: entered promiscuous mode
[  502.474283][T11584] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.481750][T11584] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.489086][T11584] bridge_slave_1: entered allmulticast mode
[  502.495774][T11584] bridge_slave_1: entered promiscuous mode
[  502.517641][T11584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  502.528466][T11584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  502.557325][T11584] team0: Port device team_slave_0 added
[  502.565177][T11584] team0: Port device team_slave_1 added
[  502.587280][T11584] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.594349][T11584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  502.620228][    C0] vkms_vblank_simulate: vblank timer overrun
[  502.626291][T11584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.638088][T11584] batman_adv: batadv0: Adding interface: batadv_slave_1
[  502.645427][T11584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  502.671329][    C0] vkms_vblank_simulate: vblank timer overrun
[  502.678150][T11584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  503.168209][T11584] hsr_slave_0: entered promiscuous mode
[  503.174765][T11584] hsr_slave_1: entered promiscuous mode
[  503.227997][T11584] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  503.263187][T11584] Cannot create hsr debugfs directory
[  504.217032][   T51] Bluetooth: hci3: command tx timeout
[  504.728411][   T30] audit: type=1400 audit(1750683001.480:661): avc:  denied  { lock } for  pid=11618 comm="syz.4.1387" path="socket:[28660]" dev="sockfs" ino=28660 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  505.122549][T11629] Falling back ldisc for ptm0.
[  505.381460][T11628] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  506.113095][T11584] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  506.123999][T11584] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  506.134827][T11584] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  506.288591][   T51] Bluetooth: hci3: command tx timeout
[  506.320146][T11584] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  506.692417][T11584] 8021q: adding VLAN 0 to HW filter on device bond0
[  508.368362][   T51] Bluetooth: hci3: command tx timeout
[  508.550295][T11584] 8021q: adding VLAN 0 to HW filter on device team0
[  508.602958][T11311] bridge0: port 1(bridge_slave_0) entered blocking state
[  508.610134][T11311] bridge0: port 1(bridge_slave_0) entered forwarding state
[  508.668107][T11311] bridge0: port 2(bridge_slave_1) entered blocking state
[  508.675301][T11311] bridge0: port 2(bridge_slave_1) entered forwarding state
[  508.734145][T11584] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  508.744763][T11584] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  510.453626][   T51] Bluetooth: hci3: command tx timeout
[  510.803614][T11692] mmap: syz.4.1404 (11692): VmData 37466112 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  510.870609][T11584] 8021q: adding VLAN 0 to HW filter on device batadv0
[  515.511211][T11584] veth0_vlan: entered promiscuous mode
[  515.601506][T11584] veth1_vlan: entered promiscuous mode
[  515.704263][T11584] veth0_macvtap: entered promiscuous mode
[  515.731050][T11584] veth1_macvtap: entered promiscuous mode
[  515.795792][T11584] batman_adv: batadv0: Interface activated: batadv_slave_0
[  515.979962][T11767] loop4: detected capacity change from 0 to 63
[  515.986438][T11584] batman_adv: batadv0: Interface activated: batadv_slave_1
[  516.100932][ T5810] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.111058][T11584] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  516.146809][ T5810] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.158508][T11584] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  516.168482][T11584] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  516.177511][T11584] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  516.252005][ T5810] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.265067][ T5810] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.275974][ T5810] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.299560][T11767] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.309201][T11767] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.317581][T11767] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.326206][T11767] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.334726][T11767] Buffer I/O error on dev loop4, logical block 0, async page read
[  516.510116][T11304] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  516.533244][T11304] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  516.603233][T11304] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  516.616157][T11304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  519.286187][T11816] lo speed is unknown, defaulting to 1000
[  519.292448][T11816] lo speed is unknown, defaulting to 1000
[  519.303761][T11816] lo speed is unknown, defaulting to 1000
[  519.334435][T11816] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  519.389028][T11816] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  519.551727][T11816] lo speed is unknown, defaulting to 1000
[  519.567160][T11816] lo speed is unknown, defaulting to 1000
[  519.582542][T11816] lo speed is unknown, defaulting to 1000
[  519.597396][T11816] lo speed is unknown, defaulting to 1000
[  519.605461][T11816] lo speed is unknown, defaulting to 1000
[  519.612526][T11816] lo speed is unknown, defaulting to 1000
[  519.717180][   T30] audit: type=1400 audit(1750683016.210:662): avc:  denied  { setopt } for  pid=11812 comm="syz.3.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  519.826616][   T30] audit: type=1400 audit(1750683016.430:663): avc:  denied  { connect } for  pid=11812 comm="syz.3.1443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  519.901873][T11820] capability: warning: `syz.5.1446' uses deprecated v2 capabilities in a way that may be insecure
[  520.168356][T11828] netlink: 'syz.0.1449': attribute type 1 has an invalid length.
[  520.201395][T11828] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1449'.
[  522.221918][T11846] netlink: 'syz.4.1453': attribute type 4 has an invalid length.
[  523.861385][T11875] netlink: 'syz.2.1465': attribute type 10 has an invalid length.
[  524.059677][T11875] 8021q: adding VLAN 0 to HW filter on device batadv0
[  524.069459][T11875] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  524.590029][ T5893] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  524.750059][ T5893] usb 5-1: Using ep0 maxpacket: 16
[  524.757577][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  524.769780][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  524.781751][ T5893] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  524.798508][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.851513][ T5893] usb 5-1: config 0 descriptor??
[  524.892868][T11896] block nbd0: server does not support multiple connections per device.
[  524.965806][T11896] block nbd0: shutting down sockets
[  525.770134][ T5893] hid-multitouch 0003:1FD2:6007.0011: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0
[  526.243920][T11252] usb 5-1: USB disconnect, device number 28
[  527.350565][T11938] netlink: 'syz.4.1488': attribute type 1 has an invalid length.
[  527.358680][T11938] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1488'.
[  528.313603][T11952] random: crng reseeded on system resumption
[  528.341971][   T30] audit: type=1400 audit(1750683025.240:664): avc:  denied  { bind } for  pid=11946 comm="syz.4.1491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  528.687631][   T30] audit: type=1400 audit(1750683025.240:665): avc:  denied  { append } for  pid=11946 comm="syz.4.1491" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  529.202254][   T30] audit: type=1400 audit(1750683025.240:666): avc:  denied  { open } for  pid=11946 comm="syz.4.1491" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  530.285950][   T30] audit: type=1400 audit(1750683027.210:667): avc:  denied  { write } for  pid=11977 comm="syz.2.1503" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  531.704116][   T30] audit: type=1400 audit(1750683028.630:668): avc:  denied  { connect } for  pid=12009 comm="syz.0.1515" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  532.192531][T12031] netlink: 'syz.0.1520': attribute type 1 has an invalid length.
[  532.200443][T12031] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1520'.
[  533.238352][T12046] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1529'.
[  534.410193][ T5893] usb 1-1: new low-speed USB device number 37 using dummy_hcd
[  534.661407][ T5893] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  534.738307][ T5893] usb 1-1: config 16 has an invalid interface number: 80 but max is 0
[  534.777221][ T5893] usb 1-1: config 16 has an invalid descriptor of length 173, skipping remainder of the config
[  534.818535][ T5893] usb 1-1: config 16 has no interface number 0
[  534.824773][ T5893] usb 1-1: config 16 interface 80 altsetting 24 endpoint 0x8B is Bulk; changing to Interrupt
[  534.898409][ T5893] usb 1-1: config 16 interface 80 altsetting 24 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  534.928559][ T5893] usb 1-1: config 16 interface 80 has no altsetting 0
[  534.988281][ T5893] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  534.997355][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.053381][ T5893] usbtmc 1-1:16.80: bulk endpoints not found
[  535.077303][T12091] usb 1-1: USB disconnect, device number 37
[  536.133337][   T30] audit: type=1400 audit(1750683033.050:669): avc:  denied  { shutdown } for  pid=12065 comm="syz.0.1535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  539.256535][T12160] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1569'.
[  539.266531][    T9] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  539.601484][T12162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1573'.
[  539.610407][   T30] audit: type=1400 audit(1750683036.530:670): avc:  denied  { setopt } for  pid=12161 comm="syz.3.1573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  539.634106][T12162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1573'.
[  539.669781][T12164] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1572'.
[  539.711899][    T9] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  539.770236][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.871951][    T9] usb 3-1: Product: syz
[  539.876163][    T9] usb 3-1: Manufacturer: syz
[  539.880847][    T9] usb 3-1: SerialNumber: syz
[  539.897992][    T9] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  539.966790][   T94] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  540.049957][T12175] 9pnet_fd: Insufficient options for proto=fd
[  540.435379][   T30] audit: type=1400 audit(1750683037.360:671): avc:  denied  { read } for  pid=12156 comm="syz.2.1570" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  540.526168][   T51] Bluetooth: hci4: unexpected event for opcode 0xff03
[  540.630375][T12157] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  541.038303][   T94] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  541.047534][   T94] ath9k_htc: Failed to initialize the device
[  541.279194][   T94] usb 3-1: ath9k_htc: USB layer deinitialized
[  541.932926][T12181] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  541.941589][T12181] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  541.948277][T12181] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  541.961457][T12181] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  541.984911][T12181] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  542.017521][T12181] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  542.024166][T12181] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  542.038535][T12181] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  542.058639][T12181] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  542.080775][T12181] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  542.157336][T12223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1596'.
[  542.203123][T12181] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  542.248627][T11252] usb 3-1: USB disconnect, device number 31
[  543.261301][   T30] audit: type=1400 audit(1750683040.190:672): avc:  denied  { create } for  pid=12252 comm="syz.2.1608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  543.264021][T12253] lo speed is unknown, defaulting to 1000
[  543.969088][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  543.969279][ T5819] Bluetooth: hci1: command 0x0406 tx timeout
[  544.053587][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout
[  544.059802][ T5819] Bluetooth: hci4: command 0x0406 tx timeout
[  544.323103][   T51] Bluetooth: hci0: hardware error 0x00
[  544.425367][   T30] audit: type=1400 audit(1750683041.350:673): avc:  denied  { ioctl } for  pid=12277 comm="syz.5.1618" path="socket:[32038]" dev="sockfs" ino=32038 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  544.617522][T12279] netlink: 'syz.5.1618': attribute type 10 has an invalid length.
[  544.642550][T12279] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  544.693401][   T30] audit: type=1400 audit(1750683041.620:674): avc:  denied  { create } for  pid=12289 comm="syz.5.1621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  544.714963][   T30] audit: type=1400 audit(1750683041.620:675): avc:  denied  { bind } for  pid=12289 comm="syz.5.1621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  545.131646][T12275] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  545.138915][T12275] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  545.144938][T12275] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  545.152233][T12275] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  545.270877][T12296] No control pipe specified
[  545.275462][   T30] audit: type=1400 audit(1750683042.200:676): avc:  denied  { ioctl } for  pid=12297 comm="syz.0.1625" path="socket:[32151]" dev="sockfs" ino=32151 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  545.492266][ T9108] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  545.671719][ T9108] usb 3-1: Using ep0 maxpacket: 8
[  546.305256][ T9108] usb 3-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01
[  546.314588][ T9108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.331698][ T9108] usb 3-1: config 0 descriptor??
[  546.368494][   T51] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  546.380120][ T9108] ums-jumpshot 3-1:0.0: USB Mass Storage device detected
[  546.431931][ T9108] ums-jumpshot 3-1:0.0: Quirks match for vid 05dc pid 0001: 2
[  546.448976][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  546.647654][ T9108] usb 3-1: USB disconnect, device number 32
[  546.715820][T12328] bridge0: port 3(syz_tun) entered blocking state
[  546.723968][T12328] bridge0: port 3(syz_tun) entered disabled state
[  546.730672][T12328] syz_tun: entered allmulticast mode
[  546.740418][T12328] syz_tun: entered promiscuous mode
[  546.746157][T12328] bridge0: port 3(syz_tun) entered blocking state
[  546.752738][T12328] bridge0: port 3(syz_tun) entered forwarding state
[  546.773422][   T30] audit: type=1400 audit(1750683043.690:677): avc:  denied  { module_request } for  pid=12327 comm="syz.5.1635" kmod="rtnl-link-bridge_slave" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  546.819019][T12332] netlink: 'syz.5.1635': attribute type 8 has an invalid length.
[  546.980003][T12330] bridge0: port 3(syz_tun) entered learning state
[  547.207796][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout
[  547.218702][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  547.224858][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  547.368548][T12338] No control pipe specified
[  547.445694][   T30] audit: type=1400 audit(1750683044.370:678): avc:  denied  { read write } for  pid=12336 comm="syz.5.1637" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  547.487650][T12344] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1640'.
[  547.523758][   T30] audit: type=1400 audit(1750683044.370:679): avc:  denied  { open } for  pid=12336 comm="syz.5.1637" path="/51/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  548.930836][T11302] Bluetooth: (null): Invalid header checksum
[  549.058453][T11302] Bluetooth: (null): Invalid header checksum
[  549.074759][T11302] Bluetooth: (null): Invalid header checksum
[  549.271149][T11587] Bluetooth: hci3: command 0x0c1a tx timeout
[  549.349935][T12367] lo speed is unknown, defaulting to 1000
[  550.255716][T12402] lo speed is unknown, defaulting to 1000
[  550.711707][T11587] Bluetooth: hci4: unexpected event for opcode 0x0c5a
[  551.247575][T12433] bad cache= option: no%e
[  551.247575][T12433] 
[  551.254411][T12433] CIFS: VFS: bad cache= option: no%e
[  551.974202][T11587] Bluetooth: hci4: SCO packet for unknown connection handle 1
[  552.239940][   T94] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  552.489295][T12453] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1679'.
[  552.548478][   T94] usb 5-1: Using ep0 maxpacket: 16
[  552.560057][   T94] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  552.591128][   T94] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  552.608176][   T94] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  552.630461][T12459] evm: overlay not supported
[  552.648604][   T94] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.706746][   T94] usb 5-1: config 0 descriptor??
[  553.580469][   T94] usbhid 5-1:0.0: can't add hid device: -71
[  553.598122][T12472] netlink: 'syz.2.1684': attribute type 4 has an invalid length.
[  553.622009][   T94] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  553.671318][   T94] usb 5-1: USB disconnect, device number 29
[  557.490221][T12528] netlink: 'syz.0.1704': attribute type 10 has an invalid length.
[  557.561814][T12532] netlink: 'syz.4.1706': attribute type 8 has an invalid length.
[  557.594330][T12531] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  557.613687][T12531] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  557.701348][T12538] kvm: user requested TSC rate below hardware speed
[  558.671136][T12552] lo speed is unknown, defaulting to 1000
[  558.789478][   T30] audit: type=1400 audit(1750683055.680:680): avc:  denied  { write } for  pid=12545 comm="syz.4.1712" path="socket:[33873]" dev="sockfs" ino=33873 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  559.980740][T12569] netlink: 'syz.2.1719': attribute type 10 has an invalid length.
[  560.063370][T12577] netlink: 'syz.5.1718': attribute type 8 has an invalid length.
[  560.268803][T12573] bridge0: port 3(syz_tun) entered learning state
[  560.410959][   T67] Bluetooth: (null): Invalid header checksum
[  560.485839][   T67] Bluetooth: (null): Invalid header checksum
[  560.614102][   T67] Bluetooth: (null): Invalid header checksum
[  560.645341][   T67] Bluetooth: (null): Invalid header checksum
[  560.738894][T11302] Bluetooth: (null): Invalid header checksum
[  560.863769][T11302] Bluetooth: (null): Invalid header checksum
[  561.808959][    C1] bridge0: port 3(syz_tun) entered forwarding state
[  562.459758][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  562.990841][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  563.280813][T12641] netlink: 'syz.0.1736': attribute type 8 has an invalid length.
[  563.857696][T12653] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1748'.
[  564.059740][T12656] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1)
[  564.329571][ T9108] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  564.548327][ T9108] usb 6-1: Using ep0 maxpacket: 8
[  564.585569][T12672] netlink: 'syz.3.1757': attribute type 10 has an invalid length.
[  564.586953][ T9108] usb 6-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01
[  564.712096][ T9108] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.101660][ T9108] usb 6-1: config 0 descriptor??
[  565.129095][ T9108] ums-jumpshot 6-1:0.0: USB Mass Storage device detected
[  565.146568][ T9108] ums-jumpshot 6-1:0.0: Quirks match for vid 05dc pid 0001: 2
[  565.354671][ T9108] usb 6-1: USB disconnect, device number 2
[  565.389298][T12681] lo speed is unknown, defaulting to 1000
[  566.515948][T12714] bridge0: port 1(syz_tun) entered blocking state
[  566.530719][T12714] bridge0: port 1(syz_tun) entered disabled state
[  566.539464][T12714] syz_tun: entered allmulticast mode
[  566.546282][T12714] syz_tun: entered promiscuous mode
[  569.481737][T12753] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  569.596391][T12753] netlink: 'syz.3.1788': attribute type 10 has an invalid length.
[  569.787482][T12765] bad cache= option: no%e
[  569.787482][T12765] 
[  569.794179][T12765] CIFS: VFS: bad cache= option: no%e
[  570.176299][   T30] audit: type=1400 audit(1750683067.100:681): avc:  denied  { create } for  pid=12763 comm="syz.0.1792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  570.179822][T12770] lo speed is unknown, defaulting to 1000
[  570.265387][   T30] audit: type=1400 audit(1750683067.130:682): avc:  denied  { write } for  pid=12763 comm="syz.0.1792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  571.392247][T12804] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0
[  572.620596][   T67] Bluetooth: (null): Invalid header checksum
[  572.626682][   T67] Bluetooth: (null): Invalid header checksum
[  573.000728][   T30] audit: type=1400 audit(1750683069.570:683): avc:  denied  { write } for  pid=12822 comm="syz.2.1811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  573.518047][   T30] audit: type=1400 audit(1750683070.440:684): avc:  denied  { read write } for  pid=12831 comm="syz.2.1817" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  573.577100][   T30] audit: type=1400 audit(1750683070.440:685): avc:  denied  { open } for  pid=12831 comm="syz.2.1817" path="/367/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  574.788196][T12843] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1818'.
[  575.827081][ T5816] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  575.950811][   T30] audit: type=1400 audit(1750683072.860:686): avc:  denied  { connect } for  pid=12860 comm="syz.2.1827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  576.018380][ T5816] usb 5-1: Using ep0 maxpacket: 8
[  576.290851][ T5816] usb 5-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01
[  576.328922][ T5816] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  576.386522][ T5816] usb 5-1: config 0 descriptor??
[  576.420937][ T5816] ums-jumpshot 5-1:0.0: USB Mass Storage device detected
[  576.456362][ T5816] ums-jumpshot 5-1:0.0: Quirks match for vid 05dc pid 0001: 2
[  576.525169][T11299] Bluetooth: (null): Invalid header checksum
[  576.610970][   T94] usb 5-1: USB disconnect, device number 30
[  576.624603][T11299] Bluetooth: (null): Invalid header checksum
[  576.675333][T11299] Bluetooth: (null): Invalid header checksum
[  576.742447][T11311] Bluetooth: (null): Invalid header checksum
[  578.068453][   T30] audit: type=1400 audit(1750683074.630:687): avc:  denied  { watch } for  pid=12897 comm="syz.0.1840" path="/362/file0" dev="tmpfs" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  578.192694][ T5906] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.208411][ T5921] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  578.276969][T12910] netlink: 'syz.5.1845': attribute type 8 has an invalid length.
[  578.498985][ T5921] usb 3-1: Using ep0 maxpacket: 32
[  578.535267][ T5921] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.548423][ T5906] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.577856][ T5921] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  578.706836][T12924] random: crng reseeded on system resumption
[  579.614543][ T5921] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  579.654500][ T5921] usb 3-1: config 0 interface 0 has no altsetting 0
[  579.679166][ T5906] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.696931][ T5921] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  579.741344][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.761854][ T5921] usb 3-1: config 0 descriptor??
[  579.798712][ T5921] usbhid 3-1:0.0: can't add hid device: -22
[  579.818510][ T5921] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[  579.905438][ T5906] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.977746][ T5921] usb 3-1: USB disconnect, device number 33
[  580.148184][   T30] audit: type=1400 audit(1750683077.070:688): avc:  denied  { ioctl } for  pid=12936 comm="syz.4.1854" path="socket:[34683]" dev="sockfs" ino=34683 ioctlcmd=0x89ea scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  580.250641][T12944] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1854'.
[  580.259736][T12944] block nbd0: not configured, cannot reconfigure
[  581.148964][T12948] netlink: 'syz.0.1858': attribute type 8 has an invalid length.
[  581.478580][   T94] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  581.689886][   T94] usb 6-1: Using ep0 maxpacket: 8
[  581.763497][   T94] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  581.803195][   T94] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.852950][   T94] usb 6-1: config 0 descriptor??
[  584.480089][ T5906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  584.500301][ T5906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  584.513922][ T5906] bond0 (unregistering): Released all slaves
[  585.132695][T13022] sp0: Synchronizing with TNC
[  585.156240][   T94] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  585.176302][   T94] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  585.207681][   T94] asix 6-1:0.0: probe with driver asix failed with error -71
[  585.230026][   T94] usb 6-1: USB disconnect, device number 3
[  586.624736][ T5906] hsr_slave_0: left promiscuous mode
[  586.671592][ T5906] hsr_slave_1: left promiscuous mode
[  586.692575][ T5906] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  586.710679][ T5906] batman_adv: batadv0: Removing interface: batadv_slave_0
[  586.762971][ T5906] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  586.811570][ T5906] batman_adv: batadv0: Removing interface: batadv_slave_1
[  586.885760][ T5906] veth1_to_batadv: left promiscuous mode
[  588.108314][ T5906] veth1_macvtap: left promiscuous mode
[  588.113977][ T5906] veth0_macvtap: left promiscuous mode
[  588.119810][ T5906] veth1_vlan: left promiscuous mode
[  588.126242][ T5906] veth0_vlan: left promiscuous mode
[  588.168371][T13073] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  590.423730][T13117] IPVS: set_ctl: invalid protocol: 51 100.1.1.0:20000
[  592.409735][T13138] netlink: 'syz.2.1912': attribute type 1 has an invalid length.
[  592.417557][T13138] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1912'.
[  592.735848][ T5906] team0 (unregistering): Port device team_slave_1 removed
[  593.248912][ T5906] team0 (unregistering): Port device team_slave_0 removed
[  594.053661][T13159] lo speed is unknown, defaulting to 1000
[  595.765218][T13182] binder: 13180:13182 ioctl c0306201 200000000540 returned -22
[  595.844893][T13189] binder: 13180:13189 ioctl c0306201 200000000640 returned -22
[  596.051785][ T5906] IPVS: stop unused estimator thread 0...
[  599.554847][T13261] netlink: 'syz.0.1941': attribute type 4 has an invalid length.
[  599.568105][T13261] netlink: 'syz.0.1941': attribute type 4 has an invalid length.
[  603.200986][T13317] fuse: Bad value for 'fd'
[  603.484932][T13324] netlink: 'syz.2.1959': attribute type 10 has an invalid length.
[  603.784650][T13340] No control pipe specified
[  604.737657][T13362] fuse: Bad value for 'fd'
[  606.800839][T13405] syzkaller1: entered promiscuous mode
[  606.809071][T13405] syzkaller1: entered allmulticast mode
[  608.142947][T13439] netlink: 'syz.5.1992': attribute type 10 has an invalid length.
[  608.224157][T13446] netlink: 'syz.3.1993': attribute type 1 has an invalid length.
[  608.231969][T13446] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1993'.
[  610.457088][T13477] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2003'.
[  610.498987][ T5893] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  611.449697][ T5893] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  611.494186][ T5893] usb 3-1: config 0 has no interfaces?
[  611.528273][ T5893] usb 3-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df
[  611.537346][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.574711][ T5893] usb 3-1: config 0 descriptor??
[  611.982223][ T9108] usb 3-1: USB disconnect, device number 34
[  614.331929][T13530] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2015'.
[  618.427583][T13600] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  618.523719][T13603] netlink: 'syz.0.2032': attribute type 10 has an invalid length.
[  619.786198][T13646] lo speed is unknown, defaulting to 1000
[  621.296302][   T30] audit: type=1400 audit(2000000002.180:689): avc:  denied  { connect } for  pid=13675 comm="syz.0.2054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  621.609061][T13684] xt_nat: multiple ranges no longer supported
[  621.622556][T13684] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  622.673811][T13705] xt_nat: multiple ranges no longer supported
[  622.707786][T13699] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  622.719872][   T30] audit: type=1400 audit(2000000003.590:690): avc:  denied  { module_load } for  pid=13695 comm="syz.2.2059" path="/sys/power/pm_print_times" dev="sysfs" ino=1411 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  623.277466][T13715] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2063'.
[  623.458414][T13724] netlink: 'syz.2.2066': attribute type 10 has an invalid length.
[  623.908711][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  623.915043][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  625.331857][T13769] netlink: 'syz.4.2081': attribute type 10 has an invalid length.
[  625.702602][T13781] sp0: Synchronizing with TNC
[  626.183622][T13799] netlink: 'syz.3.2092': attribute type 10 has an invalid length.
[  626.191208][T11587] Bluetooth: hci4: unexpected event for opcode 0x2035
[  627.807914][   T30] audit: type=1400 audit(2000000008.630:691): avc:  denied  { accept } for  pid=13815 comm="syz.0.2097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  627.978043][   T30] audit: type=1400 audit(2000000008.720:692): avc:  denied  { bind } for  pid=13805 comm="syz.3.2094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  628.211847][   T30] audit: type=1400 audit(2000000008.730:693): avc:  denied  { listen } for  pid=13805 comm="syz.3.2094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  628.448385][T13822] fuse: Bad value for 'fd'
[  628.732330][T13830] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  628.997758][T13836] netlink: 'syz.2.2104': attribute type 10 has an invalid length.
[  629.016463][T13839] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  629.035467][T13836] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  629.237988][   T30] audit: type=1400 audit(2000000010.080:694): avc:  denied  { read write } for  pid=13848 comm="syz.0.2107" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  629.392232][T13854] xt_nat: multiple ranges no longer supported
[  629.527530][   T30] audit: type=1400 audit(2000000010.080:695): avc:  denied  { open } for  pid=13848 comm="syz.0.2107" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  630.209054][T11587] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  630.218489][T11587] Bluetooth: hci4: Injecting HCI hardware error event
[  630.226113][T11587] Bluetooth: hci4: hardware error 0x00
[  631.154024][T13899] netlink: 'syz.5.2117': attribute type 10 has an invalid length.
[  632.154894][T13915] binder: 13914:13915 ioctl c0306201 0 returned -14
[  632.179945][T13915] binder: 13914:13915 ioctl c0306201 200000000540 returned -22
[  632.267300][T13924] binder: 13914:13924 ioctl c0306201 200000000640 returned -22
[  632.297869][T11587] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  633.050319][T13944] xt_nat: multiple ranges no longer supported
[  633.060630][T13944] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  633.631227][T13953] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2129'.
[  633.664913][T13954] netlink: 'syz.0.2130': attribute type 10 has an invalid length.
[  634.357408][   T94] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  634.938944][   T94] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  634.964087][   T94] usb 3-1: config 0 interface 0 has no altsetting 0
[  635.005092][   T94] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  635.042230][   T94] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  635.081881][   T94] usb 3-1: Product: syz
[  635.096280][   T94] usb 3-1: Manufacturer: syz
[  635.105167][   T94] usb 3-1: SerialNumber: syz
[  635.222796][   T94] usb 3-1: config 0 descriptor??
[  635.699514][   T94] usb 3-1: selecting invalid altsetting 0
[  636.516476][ T9108] usb 3-1: USB disconnect, device number 35
[  637.931903][T14032] program syz.5.2148 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  638.857177][   T30] audit: type=1400 audit(2000000018.841:696): avc:  denied  { write } for  pid=14020 comm="syz.5.2148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  639.137165][ T5893] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  639.358297][ T5893] usb 6-1: Using ep0 maxpacket: 8
[  639.424203][ T5893] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  639.583006][ T5893] usb 6-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[  639.734945][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.844584][ T5893] usb 6-1: Product: syz
[  639.890955][ T5893] usb 6-1: Manufacturer: syz
[  639.934528][ T5893] usb 6-1: SerialNumber: syz
[  639.968186][ T5893] usb 6-1: config 0 descriptor??
[  639.996057][ T5893] cdc_phonet 6-1:0.0: probe with driver cdc_phonet failed with error -22
[  640.036296][T14042] netlink: 'syz.3.2154': attribute type 10 has an invalid length.
[  640.112954][T14048] xt_nat: multiple ranges no longer supported
[  640.885757][ T5893] usb 6-1: USB disconnect, device number 4
[  642.217035][   T30] audit: type=1400 audit(2000000023.041:697): avc:  denied  { ioctl } for  pid=14066 comm="syz.4.2161" path="socket:[39452]" dev="sockfs" ino=39452 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  642.886930][ T5921] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  642.979134][T14089] sp0: Synchronizing with TNC
[  643.072054][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  643.222770][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  643.342906][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  643.406775][ T5921] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  643.459601][T14096] xt_nat: multiple ranges no longer supported
[  643.585465][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.593630][ T5921] usb 5-1: Product: syz
[  643.597879][ T5921] usb 5-1: Manufacturer: syz
[  643.602483][ T5921] usb 5-1: SerialNumber: syz
[  643.610989][ T5921] usb 5-1: config 0 descriptor??
[  643.621690][T14083] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  643.630295][ T5921] usb 5-1: ucan: probing device on interface #0
[  643.636559][ T5921] usb 5-1: ucan: invalid endpoint configuration
[  643.645885][ T5921] usb 5-1: ucan: probe failed; try to update the device firmware
[  643.849377][ T5893] usb 5-1: USB disconnect, device number 31
[  644.428383][T14108] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2174'.
[  646.446782][   T51] Bluetooth: hci5: command 0x1003 tx timeout
[  646.446983][T11587] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  646.579139][   T30] audit: type=1400 audit(2000000027.461:698): avc:  denied  { watch_sb } for  pid=14139 comm="syz.4.2181" path="/447" dev="tmpfs" ino=2388 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  647.613727][T14146] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2184'.
[  647.732113][T14152] netlink: 'syz.0.2186': attribute type 10 has an invalid length.
[  648.550313][T14169] binder: 14168:14169 ioctl c0306201 200000000540 returned -22
[  648.610551][T14171] binder: 14168:14171 ioctl c0306201 200000000640 returned -22
[  648.934206][T14178] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  649.200897][T14186] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2198'.
[  649.339040][T14191] sp0: Synchronizing with TNC
[  650.924324][T14211] syzkaller1: entered promiscuous mode
[  650.931808][T14211] syzkaller1: entered allmulticast mode
[  651.778631][T14223] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2209'.
[  652.641337][T14235] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2214'.
[  653.069307][T14246] sp0: Synchronizing with TNC
[  653.267739][T14249] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  654.155567][T14263] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2226'.
[  656.554364][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  656.563088][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  656.574665][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  656.583702][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  656.592054][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  656.624770][T14294] lo speed is unknown, defaulting to 1000
[  656.676538][   T30] audit: type=1400 audit(2000000037.562:699): avc:  denied  { read write } for  pid=14296 comm="syz.5.2236" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  656.702356][   T30] audit: type=1400 audit(2000000037.562:700): avc:  denied  { open } for  pid=14296 comm="syz.5.2236" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  656.757418][   T30] audit: type=1400 audit(2000000037.562:701): avc:  denied  { map } for  pid=14296 comm="syz.5.2236" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  656.854928][   T30] audit: type=1400 audit(2000000037.562:702): avc:  denied  { execute } for  pid=14296 comm="syz.5.2236" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  656.882338][T14294] chnl_net:caif_netlink_parms(): no params data found
[  656.949731][T14294] bridge0: port 1(bridge_slave_0) entered blocking state
[  656.957203][T14294] bridge0: port 1(bridge_slave_0) entered disabled state
[  656.964442][T14294] bridge_slave_0: entered allmulticast mode
[  656.972115][T14294] bridge_slave_0: entered promiscuous mode
[  656.980021][T14294] bridge0: port 2(bridge_slave_1) entered blocking state
[  656.989268][T14294] bridge0: port 2(bridge_slave_1) entered disabled state
[  656.998859][T14294] bridge_slave_1: entered allmulticast mode
[  657.005683][T14294] bridge_slave_1: entered promiscuous mode
[  657.035433][T14294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.047641][T14294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.078772][T14294] team0: Port device team_slave_0 added
[  657.087558][T14294] team0: Port device team_slave_1 added
[  657.114038][T14294] batman_adv: batadv0: Adding interface: batadv_slave_0
[  657.121175][T14294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  657.147180][T14294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  657.163950][T14294] batman_adv: batadv0: Adding interface: batadv_slave_1
[  657.171064][T14294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  657.197152][T14294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  657.239411][T14294] hsr_slave_0: entered promiscuous mode
[  657.245666][T14294] hsr_slave_1: entered promiscuous mode
[  657.251883][T14294] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  657.259817][T14294] Cannot create hsr debugfs directory
[  657.400640][T14294] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  657.423591][T14294] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  657.433956][T14294] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  657.450880][T14294] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  657.479594][T14294] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.486701][T14294] bridge0: port 2(bridge_slave_1) entered forwarding state
[  657.493980][T14294] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.501043][T14294] bridge0: port 1(bridge_slave_0) entered forwarding state
[  657.552592][T14294] 8021q: adding VLAN 0 to HW filter on device bond0
[  657.568959][T11315] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.577399][T11315] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.591188][T14294] 8021q: adding VLAN 0 to HW filter on device team0
[  657.603040][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.610150][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  657.625756][T11315] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.632872][T11315] bridge0: port 2(bridge_slave_1) entered forwarding state
[  657.680201][T14294] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  657.788825][T14294] 8021q: adding VLAN 0 to HW filter on device batadv0
[  657.942947][T14294] veth0_vlan: entered promiscuous mode
[  657.955646][T14294] veth1_vlan: entered promiscuous mode
[  657.991153][T14294] veth0_macvtap: entered promiscuous mode
[  658.001215][T14294] veth1_macvtap: entered promiscuous mode
[  658.021404][T14294] batman_adv: batadv0: Interface activated: batadv_slave_0
[  658.034294][T14294] batman_adv: batadv0: Interface activated: batadv_slave_1
[  658.044997][T14294] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  658.057639][T14294] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  658.067969][T14294] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  658.077769][T14294] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  658.142586][T11302] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  658.155148][T11302] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  658.183347][T11302] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  658.191289][T11302] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  658.213992][   T30] audit: type=1400 audit(2000000039.092:703): avc:  denied  { mounton } for  pid=14294 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  658.686187][   T51] Bluetooth: hci4: command tx timeout
[  659.486118][   T94] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  659.540116][T11587] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  659.551171][T11587] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  659.560885][T11587] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  659.576844][T11587] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  659.595148][T11587] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  659.629644][ T5811] syz_tun (unregistering): left promiscuous mode
[  659.646103][   T94] usb 7-1: Using ep0 maxpacket: 16
[  659.652809][   T94] usb 7-1: config 0 has an invalid interface number: 105 but max is 0
[  659.661312][   T94] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.671906][   T94] usb 7-1: config 0 has no interface number 0
[  659.680423][   T94] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  659.689583][   T94] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.697998][   T94] usb 7-1: Product: syz
[  659.702246][   T94] usb 7-1: Manufacturer: syz
[  659.706901][   T94] usb 7-1: SerialNumber: syz
[  659.712553][T14340] lo speed is unknown, defaulting to 1000
[  659.720060][   T94] usb 7-1: config 0 descriptor??
[  659.728977][   T94] usb 7-1: Found UVC 0.00 device syz (046d:08f3)
[  659.735441][   T94] usb 7-1: No valid video chain found.
[  660.001895][ T5922] usb 7-1: USB disconnect, device number 2
[  660.002350][T11311] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.309011][T11311] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.328673][T14340] chnl_net:caif_netlink_parms(): no params data found
[  660.431543][T11311] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.620653][T14362] xt_nat: multiple ranges no longer supported
[  660.622513][T11311] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.641348][T14340] bridge0: port 1(bridge_slave_0) entered blocking state
[  660.653914][T14340] bridge0: port 1(bridge_slave_0) entered disabled state
[  660.668455][T14340] bridge_slave_0: entered allmulticast mode
[  660.681653][T14340] bridge_slave_0: entered promiscuous mode
[  660.699151][T14340] bridge0: port 2(bridge_slave_1) entered blocking state
[  660.826458][T14364] netlink: 'syz.5.2246': attribute type 1 has an invalid length.
[  660.834248][T14364] netlink: 'syz.5.2246': attribute type 2 has an invalid length.
[  660.856293][T11587] Bluetooth: hci4: command tx timeout
[  660.874009][T14340] bridge0: port 2(bridge_slave_1) entered disabled state
[  660.929586][T14340] bridge_slave_1: entered allmulticast mode
[  661.002219][T14340] bridge_slave_1: entered promiscuous mode
[  661.070518][T14364] : entered promiscuous mode
[  661.137490][T14340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  661.151277][T14340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  661.470895][T14340] team0: Port device team_slave_0 added
[  661.480288][T14340] team0: Port device team_slave_1 added
[  661.532550][T14340] batman_adv: batadv0: Adding interface: batadv_slave_0
[  661.539677][T14340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  661.569292][T14340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  661.582188][T14340] batman_adv: batadv0: Adding interface: batadv_slave_1
[  661.593561][T14340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  661.619455][    C0] vkms_vblank_simulate: vblank timer overrun
[  661.630934][T14340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  661.647103][T11587] Bluetooth: hci5: command tx timeout
[  662.338111][T11311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  662.348490][T11311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  662.368935][T11311] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  662.394935][T11311] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  662.411952][T11311] bond0 (unregistering): Released all slaves
[  662.688233][T14340] hsr_slave_0: entered promiscuous mode
[  662.696637][T14340] hsr_slave_1: entered promiscuous mode
[  662.706854][T14340] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  662.721476][T14340] Cannot create hsr debugfs directory
[  662.901861][T11311] batadv_slave_0: left promiscuous mode
[  662.927307][T11587] Bluetooth: hci4: command tx timeout
[  662.939663][T11311] hsr_slave_0: left promiscuous mode
[  662.960299][T11311] hsr_slave_1: left promiscuous mode
[  662.967181][T11311] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  662.974590][T11311] batman_adv: batadv0: Removing interface: batadv_slave_0
[  662.998134][T11311] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  663.005572][T11311] batman_adv: batadv0: Removing interface: batadv_slave_1
[  663.025482][T11311] veth1_macvtap: left promiscuous mode
[  663.035277][T11311] veth0_macvtap: left promiscuous mode
[  663.057464][T11311] veth1_vlan: left promiscuous mode
[  663.725925][T11587] Bluetooth: hci5: command tx timeout
[  663.986615][T11311] team0 (unregistering): Port device team_slave_1 removed
[  664.014432][T11311] team0 (unregistering): Port device team_slave_0 removed
[  664.509466][T14418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2261'.
[  665.006060][T11587] Bluetooth: hci4: command tx timeout
[  665.714749][T14340] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  665.752372][T14340] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  665.835294][T11587] Bluetooth: hci5: command tx timeout
[  665.950912][T14340] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  665.992477][T14340] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  666.141160][T14340] 8021q: adding VLAN 0 to HW filter on device bond0
[  666.179344][T14340] 8021q: adding VLAN 0 to HW filter on device team0
[  666.198719][T11311] bridge0: port 1(bridge_slave_0) entered blocking state
[  666.205885][T11311] bridge0: port 1(bridge_slave_0) entered forwarding state
[  666.225892][ T9108] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  666.238885][T11311] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.246052][T11311] bridge0: port 2(bridge_slave_1) entered forwarding state
[  666.397242][ T9108] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  666.423936][ T9108] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  666.446902][ T9108] usb 6-1: config 0 interface 0 has no altsetting 0
[  666.457797][ T9108] usb 6-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00
[  666.488714][ T9108] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.517971][ T9108] usb 6-1: config 0 descriptor??
[  666.539964][T14340] 8021q: adding VLAN 0 to HW filter on device batadv0
[  666.884598][ T9108] usbhid 6-1:0.0: can't add hid device: -71
[  666.896214][ T9108] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  667.394021][ T9108] usb 6-1: USB disconnect, device number 5
[  667.857182][T14340] veth0_vlan: entered promiscuous mode
[  667.893225][T14340] veth1_vlan: entered promiscuous mode
[  667.898838][T11587] Bluetooth: hci5: command tx timeout
[  668.024088][T14340] veth0_macvtap: entered promiscuous mode
[  668.073253][T14340] veth1_macvtap: entered promiscuous mode
[  668.093812][T14340] batman_adv: batadv0: Interface activated: batadv_slave_0
[  668.107434][T14340] batman_adv: batadv0: Interface activated: batadv_slave_1
[  668.122703][T14340] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  668.136718][T14340] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  668.146915][T14340] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  668.155925][T14340] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  668.263254][ T5906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  668.282954][ T5906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  668.314185][T11311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  668.336650][T11311] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  668.567919][T14507] xt_nat: multiple ranges no longer supported
[  668.955491][   T94] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  669.116104][   T94] usb 8-1: Using ep0 maxpacket: 16
[  669.138077][   T94] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  669.166213][   T94] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  669.187659][   T94] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  669.202067][   T94] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.229340][   T94] usb 8-1: Product: syz
[  669.243117][   T94] usb 8-1: Manufacturer: syz
[  669.338692][   T94] usb 8-1: SerialNumber: syz
[  669.892458][T14534] sp0: Synchronizing with TNC
[  670.017121][T14540] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  670.340241][   T94] usb 8-1: cannot find UAC_HEADER
[  670.345942][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  670.355287][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  670.381292][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  670.389274][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  670.400461][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  670.426986][ T5808] syz_tun (unregistering): left allmulticast mode
[  670.449126][   T94] snd-usb-audio 8-1:1.0: probe with driver snd-usb-audio failed with error -22
[  670.464651][ T5808] syz_tun (unregistering): left promiscuous mode
[  670.471718][ T5808] bridge0: port 1(syz_tun) entered disabled state
[  670.540900][T11963] udevd[11963]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  670.592302][   T94] usb 8-1: USB disconnect, device number 2
[  672.182360][T14550] chnl_net:caif_netlink_parms(): no params data found
[  672.319485][   T30] audit: type=1400 audit(2000000053.202:704): avc:  denied  { mounton } for  pid=14578 comm="syz.5.2292" path="/204/file0" dev="tmpfs" ino=1067 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  672.445790][T11587] Bluetooth: hci0: command tx timeout
[  672.495622][T14586] binder: 14580:14586 ioctl c0306201 200000000640 returned -22
[  672.771051][T14550] bridge0: port 1(bridge_slave_0) entered blocking state
[  672.783903][T14597] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  672.800709][T14550] bridge0: port 1(bridge_slave_0) entered disabled state
[  672.812300][T14550] bridge_slave_0: entered allmulticast mode
[  672.836677][T14550] bridge_slave_0: entered promiscuous mode
[  672.846426][T14550] bridge0: port 2(bridge_slave_1) entered blocking state
[  672.854951][T14550] bridge0: port 2(bridge_slave_1) entered disabled state
[  672.872879][T14550] bridge_slave_1: entered allmulticast mode
[  672.885628][T14550] bridge_slave_1: entered promiscuous mode
[  673.480296][T14550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  673.540554][T14550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  673.834679][   T30] audit: type=1400 audit(2000000054.713:705): avc:  denied  { read } for  pid=14611 comm="syz.7.2302" path="socket:[41434]" dev="sockfs" ino=41434 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  673.923175][T14550] team0: Port device team_slave_0 added
[  673.993154][T14625] program syz.4.2305 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  674.261587][T14550] team0: Port device team_slave_1 added
[  674.535204][T11587] Bluetooth: hci0: command tx timeout
[  674.800688][   T30] audit: type=1400 audit(2000000054.763:706): avc:  denied  { read } for  pid=14611 comm="syz.7.2302" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  674.824958][   T30] audit: type=1400 audit(2000000054.763:707): avc:  denied  { open } for  pid=14611 comm="syz.7.2302" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  674.849329][   T30] audit: type=1400 audit(2000000054.763:708): avc:  denied  { ioctl } for  pid=14611 comm="syz.7.2302" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  674.995736][T11311] bond1 (unregistering): (slave ip6erspan0): Releasing active interface
[  675.193436][T14634] xt_nat: multiple ranges no longer supported
[  675.202146][T14634] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  675.288930][T11311] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  675.298527][T11311] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  675.307712][T11311] bond0 (unregistering): Released all slaves
[  675.382773][T11311] bond1 (unregistering): Released all slaves
[  675.397829][T14550] batman_adv: batadv0: Adding interface: batadv_slave_0
[  675.404914][T14550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  675.432529][T14550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  675.443613][T14633] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2308'.
[  675.455439][T14550] batman_adv: batadv0: Adding interface: batadv_slave_1
[  675.476445][T14550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  675.504850][T14550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  675.742732][T14550] hsr_slave_0: entered promiscuous mode
[  675.750636][T14550] hsr_slave_1: entered promiscuous mode
[  676.043641][   T30] audit: type=1400 audit(2000000056.923:709): avc:  denied  { setopt } for  pid=14641 comm="syz.6.2310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  676.075535][T14648] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2310'.
[  676.113883][T14648] netlink: 'syz.6.2310': attribute type 5 has an invalid length.
[  676.162496][T11311] hsr_slave_0: left promiscuous mode
[  676.189378][T14648] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2310'.
[  676.207273][T11311] hsr_slave_1: left promiscuous mode
[  676.221362][T11311] batman_adv: batadv0: Removing interface: batadv_slave_0
[  676.267311][T11311] batman_adv: batadv0: Removing interface: batadv_slave_1
[  676.605145][T11587] Bluetooth: hci0: command tx timeout
[  677.708473][T11311] team0 (unregistering): Port device team_slave_1 removed
[  677.740760][T11311] team0 (unregistering): Port device team_slave_0 removed
[  678.020647][T14648] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  678.033594][T14648] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  678.042553][T14648] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  678.056089][T14648] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  678.078655][T14648] geneve2: entered promiscuous mode
[  678.087787][T14648] geneve2: entered allmulticast mode
[  678.327297][T14673] program syz.5.2317 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  678.685046][T11587] Bluetooth: hci0: command tx timeout
[  679.192304][T14550] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  679.251692][T14550] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  679.350875][T14550] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  679.393414][   T30] audit: type=1400 audit(2000000060.273:710): avc:  denied  { getopt } for  pid=14680 comm="syz.6.2320" lport=141 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  679.446212][T14550] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  679.772409][T14550] 8021q: adding VLAN 0 to HW filter on device bond0
[  679.855046][T14550] 8021q: adding VLAN 0 to HW filter on device team0
[  679.892830][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[  679.900026][ T5906] bridge0: port 1(bridge_slave_0) entered forwarding state
[  679.962702][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[  679.969889][ T5906] bridge0: port 2(bridge_slave_1) entered forwarding state
[  680.575763][T14550] 8021q: adding VLAN 0 to HW filter on device batadv0
[  681.629139][T14550] veth0_vlan: entered promiscuous mode
[  681.737815][T14550] veth1_vlan: entered promiscuous mode
[  681.833070][T14763] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2332'.
[  681.845918][T14550] veth0_macvtap: entered promiscuous mode
[  681.876840][T14550] veth1_macvtap: entered promiscuous mode
[  681.960107][T14550] batman_adv: batadv0: Interface activated: batadv_slave_0
[  682.059803][T14550] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.096163][T11252] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  682.109251][T14550] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.165014][T14550] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.173752][T14550] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.214782][T14550] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  682.324695][T11252] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  682.363723][T11252] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  682.521432][T11252] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  682.745566][T11252] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  682.758868][T11302] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.767845][T11252] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.861031][T11302] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.871144][T11252] usb 6-1: Product: syz
[  682.880666][T11252] usb 6-1: Manufacturer: syz
[  682.894519][T14784] xt_nat: multiple ranges no longer supported
[  682.899152][T11252] usb 6-1: SerialNumber: syz
[  682.906373][T14784] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  682.937170][T11252] usb 6-1: config 0 descriptor??
[  682.971832][T14764] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  682.986212][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.991695][T11252] usb 6-1: ucan: probing device on interface #0
[  683.018491][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  683.030267][T11252] usb 6-1: ucan: invalid endpoint configuration
[  683.046519][   T30] audit: type=1400 audit(2000000063.913:711): avc:  denied  { accept } for  pid=14790 comm="syz.6.2340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  683.102160][T11252] usb 6-1: ucan: probe failed; try to update the device firmware
[  683.521170][T11252] usb 6-1: USB disconnect, device number 6
[  684.509012][T14810] netlink: 'syz.6.2344': attribute type 16 has an invalid length.
[  684.517077][T14810] netlink: 'syz.6.2344': attribute type 17 has an invalid length.
[  684.591784][T14808] 9pnet_fd: Insufficient options for proto=fd
[  685.371807][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  685.378248][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  685.768538][T14837] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1)
[  686.098346][T14836] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2351'.
[  686.879677][T14856] 9pnet: Could not find request transport: f0x0000000000000007
[  686.995020][T14856] block nbd8: Device being setup by another task
[  687.072411][T14869] binder: 14863:14869 ioctl c0306201 200000000640 returned -22
[  687.345791][T14875] xt_nat: multiple ranges no longer supported
[  687.352973][T14875] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  687.610161][T11587] block nbd8: Receive control failed (result -32)
[  687.611938][T14860] block nbd8: shutting down sockets
[  689.375371][T11252] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  689.458222][   T30] audit: type=1400 audit(2000000070.343:712): avc:  denied  { accept } for  pid=14908 comm="syz.5.2374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  689.576848][   T30] audit: type=1400 audit(2000000070.403:713): avc:  denied  { shutdown } for  pid=14908 comm="syz.5.2374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  689.612607][   T30] audit: type=1400 audit(2000000070.403:714): avc:  denied  { read } for  pid=14908 comm="syz.5.2374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  689.635664][T14910] sp0: Synchronizing with TNC
[  689.651033][T11311] 
[  689.653354][T11311] =====================================================
[  689.660255][T11311] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  689.667689][T11311] 6.16.0-rc3-syzkaller #0 Not tainted
[  689.673036][T11311] -----------------------------------------------------
[  689.679934][T11311] kworker/u8:18/11311 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  689.687881][T11311] ffffffff8f799998 (disc_data_lock){.+.+}-{3:3}, at: sp_get+0x18/0xf0
[  689.696027][T11311] 
[  689.696027][T11311] and this task is already holding:
[  689.703369][T11311] ffffffff9b087e38 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0x13b/0xb30
[  689.712043][T11311] which would create a new lock dependency:
[  689.717917][T11311]  (&port_lock_key){-.-.}-{3:3} -> (disc_data_lock){.+.+}-{3:3}
[  689.725541][T11311] 
[  689.725541][T11311] but this new dependency connects a HARDIRQ-irq-safe lock:
[  689.734959][T11311]  (&port_lock_key){-.-.}-{3:3}
[  689.734974][T11311] 
[  689.734974][T11311] ... which became HARDIRQ-irq-safe at:
[  689.747484][T11311]   lock_acquire+0x179/0x350
[  689.752058][T11311]   _raw_spin_lock_irqsave+0x3a/0x60
[  689.757342][T11311]   serial8250_handle_irq+0x95/0xcb0
[  689.762616][T11311]   serial8250_default_handle_irq+0x9a/0x210
[  689.768567][T11311]   serial8250_interrupt+0x103/0x210
[  689.773824][T11311]   __handle_irq_event_percpu+0x229/0x7d0
[  689.779515][T11311]   handle_irq_event+0xab/0x1e0
[  689.784364][T11311]   handle_edge_irq+0x28e/0xab0
[  689.789187][T11311]   __common_interrupt+0xdf/0x250
[  689.794186][T11311]   common_interrupt+0xba/0xe0
[  689.798922][T11311]   asm_common_interrupt+0x26/0x40
[  689.804017][T11311]   pv_native_safe_halt+0xf/0x20
[  689.809016][T11311]   default_idle+0x13/0x20
[  689.813415][T11311]   default_idle_call+0x6d/0xb0
[  689.818253][T11311]   do_idle+0x391/0x510
[  689.822385][T11311]   cpu_startup_entry+0x4f/0x60
[  689.827207][T11311]   start_secondary+0x21d/0x2b0
[  689.832038][T11311]   common_startup_64+0x13e/0x148
[  689.837137][T11311] 
[  689.837137][T11311] to a HARDIRQ-irq-unsafe lock:
[  689.844130][T11311]  (disc_data_lock){.+.+}-{3:3}
[  689.844148][T11311] 
[  689.844148][T11311] ... which became HARDIRQ-irq-unsafe at:
[  689.856836][T11311] ...
[  689.856841][T11311]   lock_acquire+0x179/0x350
[  689.863963][T11311]   _raw_read_lock+0x5f/0x70
[  689.868532][T11311]   sp_get+0x18/0xf0
[  689.872420][T11311]   sixpack_receive_buf+0x59/0x1c90
[  689.877606][T11311]   tty_ioctl+0x580/0x1640
[  689.882019][T11311]   __x64_sys_ioctl+0x18b/0x210
[  689.886856][T11311]   do_syscall_64+0xcd/0x4c0
[  689.891447][T11311]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.897427][T11311] 
[  689.897427][T11311] other info that might help us debug this:
[  689.897427][T11311] 
[  689.907641][T11311]  Possible interrupt unsafe locking scenario:
[  689.907641][T11311] 
[  689.915938][T11311]        CPU0                    CPU1
[  689.921272][T11311]        ----                    ----
[  689.926604][T11311]   lock(disc_data_lock);
[  689.930905][T11311]                                local_irq_disable();
[  689.937627][T11311]                                lock(&port_lock_key);
[  689.944445][T11311]                                lock(disc_data_lock);
[  689.951262][T11311]   <Interrupt>
[  689.954685][T11311]     lock(&port_lock_key);
[  689.959157][T11311] 
[  689.959157][T11311]  *** DEADLOCK ***
[  689.959157][T11311] 
[  689.967267][T11311] 6 locks held by kworker/u8:18/11311:
[  689.972691][T11311]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  689.983786][T11311]  #1: ffffc900039afd10 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  689.994791][T11311]  #2: ffff888026000ca0 (&buf->lock){+.+.}-{4:4}, at: flush_to_ldisc+0x34/0x780
[  690.003803][T11311]  #3: ffff8880356770a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80
[  690.013073][T11311]  #4: ffffffff9b087e38 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0x13b/0xb30
[  690.022172][T11311]  #5: ffff8880356770a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80
[  690.031444][T11311] 
[  690.031444][T11311] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  690.041813][T11311] -> (&port_lock_key){-.-.}-{3:3} {
[  690.046988][T11311]    IN-HARDIRQ-W at:
[  690.050936][T11311]                     lock_acquire+0x179/0x350
[  690.057063][T11311]                     _raw_spin_lock_irqsave+0x3a/0x60
[  690.063882][T11311]                     serial8250_handle_irq+0x95/0xcb0
[  690.070705][T11311]                     serial8250_default_handle_irq+0x9a/0x210
[  690.078217][T11311]                     serial8250_interrupt+0x103/0x210
[  690.085038][T11311]                     __handle_irq_event_percpu+0x229/0x7d0
[  690.092291][T11311]                     handle_irq_event+0xab/0x1e0
[  690.098673][T11311]                     handle_edge_irq+0x28e/0xab0
[  690.105143][T11311]                     __common_interrupt+0xdf/0x250
[  690.111702][T11311]                     common_interrupt+0xba/0xe0
[  690.117998][T11311]                     asm_common_interrupt+0x26/0x40
[  690.124640][T11311]                     pv_native_safe_halt+0xf/0x20
[  690.131112][T11311]                     default_idle+0x13/0x20
[  690.137059][T11311]                     default_idle_call+0x6d/0xb0
[  690.143439][T11311]                     do_idle+0x391/0x510
[  690.149128][T11311]                     cpu_startup_entry+0x4f/0x60
[  690.155512][T11311]                     start_secondary+0x21d/0x2b0
[  690.161899][T11311]                     common_startup_64+0x13e/0x148
[  690.168453][T11311]    IN-SOFTIRQ-W at:
[  690.172401][T11311]                     lock_acquire+0x179/0x350
[  690.178528][T11311]                     _raw_spin_lock_irqsave+0x3a/0x60
[  690.185347][T11311]                     serial8250_handle_irq+0x95/0xcb0
[  690.192169][T11311]                     serial8250_default_handle_irq+0x9a/0x210
[  690.199680][T11311]                     serial8250_interrupt+0x103/0x210
[  690.206511][T11311]                     __handle_irq_event_percpu+0x229/0x7d0
[  690.213765][T11311]                     handle_irq_event+0xab/0x1e0
[  690.220149][T11311]                     handle_edge_irq+0x28e/0xab0
[  690.226532][T11311]                     __common_interrupt+0xdf/0x250
[  690.233088][T11311]                     common_interrupt+0x61/0xe0
[  690.239385][T11311]                     asm_common_interrupt+0x26/0x40
[  690.246027][T11311]                     handle_softirqs+0x1dd/0x8e0
[  690.252410][T11311]                     __irq_exit_rcu+0x109/0x170
[  690.258707][T11311]                     irq_exit_rcu+0x9/0x30
[  690.264581][T11311]                     sysvec_apic_timer_interrupt+0xa4/0xc0
[  690.271835][T11311]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  690.279448][T11311]                     stack_depot_save_flags+0x176/0xa40
[  690.286463][T11311]                     kasan_save_stack+0x42/0x60
[  690.292775][T11311]                     kasan_save_track+0x14/0x30
[  690.299077][T11311]                     kasan_save_free_info+0x3b/0x60
[  690.305722][T11311]                     __kasan_slab_free+0x51/0x70
[  690.312118][T11311]                     kmem_cache_free+0x2d1/0x4d0
[  690.318506][T11311]                     finish_task_switch.isra.0+0x7a4/0xc10
[  690.325759][T11311]                     schedule_tail+0xe/0xe0
[  690.331711][T11311]                     ret_from_fork+0x25/0x6f0
[  690.337848][T11311]                     ret_from_fork_asm+0x1a/0x30
[  690.344233][T11311]    INITIAL USE at:
[  690.348098][T11311]                    lock_acquire+0x179/0x350
[  690.354138][T11311]                    _raw_spin_lock_irqsave+0x3a/0x60
[  690.360869][T11311]                    serial8250_do_set_termios+0x310/0x1710
[  690.368126][T11311]                    serial8250_set_termios+0x6e/0x80
[  690.374861][T11311]                    uart_set_options+0x31a/0x5f0
[  690.381247][T11311]                    serial8250_console_setup+0x189/0x450
[  690.388333][T11311]                    univ8250_console_setup+0x1eb/0x2e0
[  690.395243][T11311]                    try_enable_preferred_console+0x2fd/0x530
[  690.402680][T11311]                    register_console+0x3ab/0x11b0
[  690.409150][T11311]                    univ8250_console_init+0x5f/0x90
[  690.415800][T11311]                    console_init+0x14f/0x680
[  690.421848][T11311]                    start_kernel+0x29f/0x4d0
[  690.427885][T11311]                    x86_64_start_reservations+0x18/0x30
[  690.434879][T11311]                    x86_64_start_kernel+0x130/0x190
[  690.441537][T11311]                    common_startup_64+0x13e/0x148
[  690.448015][T11311]  }
[  690.450482][T11311]  ... key      at: [<ffffffff9b0870a0>] port_lock_key+0x0/0x40
[  690.458090][T11311] 
[  690.458090][T11311] the dependencies between the lock to be acquired
[  690.458095][T11311]  and HARDIRQ-irq-unsafe lock:
[  690.471551][T11311] -> (disc_data_lock){.+.+}-{3:3} {
[  690.476739][T11311]    HARDIRQ-ON-R at:
[  690.480698][T11311]                     lock_acquire+0x179/0x350
[  690.486825][T11311]                     _raw_read_lock+0x5f/0x70
[  690.492952][T11311]                     sp_get+0x18/0xf0
[  690.498387][T11311]                     sixpack_receive_buf+0x59/0x1c90
[  690.505123][T11311]                     tty_ioctl+0x580/0x1640
[  690.511096][T11311]                     __x64_sys_ioctl+0x18b/0x210
[  690.517496][T11311]                     do_syscall_64+0xcd/0x4c0
[  690.523624][T11311]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.531138][T11311]    SOFTIRQ-ON-R at:
[  690.535101][T11311]                     lock_acquire+0x179/0x350
[  690.541229][T11311]                     _raw_read_lock+0x5f/0x70
[  690.547357][T11311]                     sp_get+0x18/0xf0
[  690.552788][T11311]                     sixpack_receive_buf+0x59/0x1c90
[  690.559523][T11311]                     tty_ioctl+0x580/0x1640
[  690.565474][T11311]                     __x64_sys_ioctl+0x18b/0x210
[  690.571859][T11311]                     do_syscall_64+0xcd/0x4c0
[  690.577985][T11311]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.585497][T11311]    INITIAL USE at:
[  690.589364][T11311]                    lock_acquire+0x179/0x350
[  690.595412][T11311]                    _raw_write_lock_irq+0x36/0x50
[  690.601898][T11311]                    sixpack_close+0x1e/0x2f0
[  690.607940][T11311]                    tty_ldisc_close+0x114/0x1a0
[  690.614240][T11311]                    tty_ldisc_kill+0x8e/0x150
[  690.620379][T11311]                    tty_ldisc_release+0x210/0x2e0
[  690.626853][T11311]                    tty_release_struct+0x23/0xe0
[  690.633240][T11311]                    tty_release+0xe2d/0x1430
[  690.639295][T11311]                    __fput+0x402/0xb70
[  690.644821][T11311]                    task_work_run+0x150/0x240
[  690.650946][T11311]                    exit_to_user_mode_loop+0xeb/0x110
[  690.657764][T11311]                    do_syscall_64+0x3f6/0x4c0
[  690.663905][T11311]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.671372][T11311]    INITIAL READ USE at:
[  690.675680][T11311]                         lock_acquire+0x179/0x350
[  690.682165][T11311]                         _raw_read_lock+0x5f/0x70
[  690.688654][T11311]                         sp_get+0x18/0xf0
[  690.694446][T11311]                         sixpack_receive_buf+0x59/0x1c90
[  690.701529][T11311]                         tty_ioctl+0x580/0x1640
[  690.707829][T11311]                         __x64_sys_ioctl+0x18b/0x210
[  690.714561][T11311]                         do_syscall_64+0xcd/0x4c0
[  690.721034][T11311]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.728906][T11311]  }
[  690.731380][T11311]  ... key      at: [<ffffffff8f799998>] disc_data_lock+0x18/0xfe0
[  690.739262][T11311]  ... acquired at:
[  690.743038][T11311]    lock_acquire+0x179/0x350
[  690.747705][T11311]    _raw_read_lock+0x5f/0x70
[  690.752371][T11311]    sp_get+0x18/0xf0
[  690.756332][T11311]    sixpack_write_wakeup+0x20/0x390
[  690.761604][T11311]    tty_wakeup+0xe8/0x120
[  690.766000][T11311]    tty_port_default_wakeup+0x2a/0x40
[  690.771440][T11311]    serial8250_tx_chars+0x68e/0x860
[  690.776717][T11311]    __start_tx+0x3e9/0x4a0
[  690.781199][T11311]    serial8250_start_tx+0x368/0x530
[  690.786459][T11311]    __uart_start+0x292/0x4c0
[  690.791117][T11311]    uart_write+0x218/0xb30
[  690.795603][T11311]    sixpack_receive_buf+0x3d3/0x1c90
[  690.800958][T11311]    tty_ldisc_receive_buf+0x15a/0x1a0
[  690.806397][T11311]    tty_port_default_receive_buf+0x70/0xb0
[  690.812272][T11311]    flush_to_ldisc+0x26b/0x780
[  690.817102][T11311]    process_one_work+0x9cc/0x1b70
[  690.822196][T11311]    worker_thread+0x6c8/0xf10
[  690.826943][T11311]    kthread+0x3c2/0x780
[  690.831156][T11311]    ret_from_fork+0x5d4/0x6f0
[  690.835897][T11311]    ret_from_fork_asm+0x1a/0x30
[  690.840805][T11311] 
[  690.843098][T11311] 
[  690.843098][T11311] stack backtrace:
[  690.848959][T11311] CPU: 0 UID: 0 PID: 11311 Comm: kworker/u8:18 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  690.848973][T11311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  690.848981][T11311] Workqueue: events_unbound flush_to_ldisc
[  690.848995][T11311] Call Trace:
[  690.849001][T11311]  <TASK>
[  690.849007][T11311]  dump_stack_lvl+0x116/0x1f0
[  690.849024][T11311]  check_irq_usage+0x7dc/0x920
[  690.849042][T11311]  ? check_path.constprop.0+0x24/0x50
[  690.849058][T11311]  ? __lock_acquire+0x1285/0x1c90
[  690.849073][T11311]  __lock_acquire+0x1285/0x1c90
[  690.849089][T11311]  ? lock_acquire+0x179/0x350
[  690.849104][T11311]  lock_acquire+0x179/0x350
[  690.849119][T11311]  ? sp_get+0x18/0xf0
[  690.849132][T11311]  ? ldsem_down_read_trylock+0x11a/0x180
[  690.849141][T11311]  ? ldsem_down_read_trylock+0x120/0x180
[  690.849151][T11311]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[  690.849165][T11311]  _raw_read_lock+0x5f/0x70
[  690.849178][T11311]  ? sp_get+0x18/0xf0
[  690.849194][T11311]  sp_get+0x18/0xf0
[  690.849206][T11311]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[  690.849220][T11311]  sixpack_write_wakeup+0x20/0x390
[  690.849234][T11311]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[  690.849248][T11311]  tty_wakeup+0xe8/0x120
[  690.849260][T11311]  tty_port_default_wakeup+0x2a/0x40
[  690.849275][T11311]  serial8250_tx_chars+0x68e/0x860
[  690.849294][T11311]  __start_tx+0x3e9/0x4a0
[  690.849309][T11311]  serial8250_start_tx+0x368/0x530
[  690.849325][T11311]  __uart_start+0x292/0x4c0
[  690.849337][T11311]  uart_write+0x218/0xb30
[  690.849352][T11311]  sixpack_receive_buf+0x3d3/0x1c90
[  690.849370][T11311]  ? ldsem_down_read_trylock+0x120/0x180
[  690.849380][T11311]  ? __pfx_ldsem_down_read_trylock+0x10/0x10
[  690.849390][T11311]  ? __pfx_sixpack_receive_buf+0x10/0x10
[  690.849405][T11311]  tty_ldisc_receive_buf+0x15a/0x1a0
[  690.849419][T11311]  tty_port_default_receive_buf+0x70/0xb0
[  690.849434][T11311]  flush_to_ldisc+0x26b/0x780
[  690.849448][T11311]  ? rcu_is_watching+0x12/0xc0
[  690.849461][T11311]  process_one_work+0x9cc/0x1b70
[  690.849474][T11311]  ? __pfx_process_one_work+0x10/0x10
[  690.849485][T11311]  ? assign_work+0x1a0/0x250
[  690.849503][T11311]  worker_thread+0x6c8/0xf10
[  690.849515][T11311]  ? __pfx_worker_thread+0x10/0x10
[  690.849525][T11311]  kthread+0x3c2/0x780
[  690.849533][T11311]  ? __pfx_kthread+0x10/0x10
[  690.849542][T11311]  ? rcu_is_watching+0x12/0xc0
[  690.849554][T11311]  ? __pfx_kthread+0x10/0x10
[  690.849562][T11311]  ret_from_fork+0x5d4/0x6f0
[  690.849576][T11311]  ? __pfx_kthread+0x10/0x10
[  690.849585][T11311]  ret_from_fork_asm+0x1a/0x30
[  690.849598][T11311]  </TASK>
[  691.224198][T11252] usb 5-1: Using ep0 maxpacket: 16
[  691.234004][T11252] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  691.242780][T11252] usb 5-1: config 0 has no interface number 0
[  691.250530][T11252] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  691.259590][T11252] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  691.269100][T11252] usb 5-1: Product: syz
[  691.273265][T11252] usb 5-1: Manufacturer: syz
[  691.277866][T11252] usb 5-1: SerialNumber: syz
[  691.283505][T11252] usb 5-1: config 0 descriptor??
[  691.289646][T11252] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  692.699733][T11252] gspca_spca1528: reg_w err -71
[  692.704702][T11252] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71
[  692.713644][T11252] usb 5-1: USB disconnect, device number 32