last executing test programs:

11m31.634870174s ago: executing program 2 (id=3):
dup(0xffffffffffffffff)
io_uring_setup(0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x39, 0x0, 0x1}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
io_setup(0x8, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newtaction={0x48, 0x31, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x48}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000007c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000800), 0x106, 0x9}}, 0x20)
preadv(0xffffffffffffffff, 0x0, 0x0, 0xd, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000140)={0x28, 0x6, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0x7040, 0x0)

11m30.399889983s ago: executing program 2 (id=10):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000011c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r2, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)={0x1c, r3, 0x101, 0x70bd2b, 0x25dfdbfd}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4008000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
bpf$LINK_DETACH(0x22, &(0x7f00000000c0)=r1, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x108)
move_mount(r4, &(0x7f0000000380)='./file0\x00', r4, 0x0, 0x40)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r6, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, r5}, './file1\x00'})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r6, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xffffffff}}, './file1\x00'})

11m29.160334462s ago: executing program 2 (id=15):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r4, 0x0)
connect$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80800)
bind$inet(r5, &(0x7f00000000c0)={0x2, 0x4e24, @multicast2}, 0x10)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)

11m27.495887158s ago: executing program 2 (id=20):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc0045540, &(0x7f0000000100))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0)
read$msr(r1, &(0x7f0000032540)=""/102400, 0x19000)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, 0x0)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000400)={0xf76, 0x7, 0x8, 0x8000a, 0x11, "d571de9262f6f2757c7f61487c169bb1af8f87"})
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f00000006c0)={@dev={0xfe, 0x80, '\x00', 0x13}}, 0x14)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f017, 0x1})
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = open(&(0x7f0000000440)='./file0\x00', 0x400000, 0x2a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000740)={r5, 0x0, 0x25, 0x2, @val=@kprobe_multi=@syms={0x1, 0x4, &(0x7f0000000700)=[&(0x7f00000005c0)='netdevsim0\x00', &(0x7f0000000600)=')(S\x00', 0x0, 0x0], 0x0, 0x7}}, 0x30)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200000000000000000000000000001800000008000000000000006e14000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002abd70001dff00000d150000050029000000000008003c000700000008000600", @ANYRES32, @ANYBLOB="08003b000001000008003900000200000500370000000000"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x2000002, 0xe, 0x20, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0)
socket$igmp6(0xa, 0x3, 0x2)

11m26.774950895s ago: executing program 32 (id=20):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc0045540, &(0x7f0000000100))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0)
read$msr(r1, &(0x7f0000032540)=""/102400, 0x19000)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, 0x0)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000400)={0xf76, 0x7, 0x8, 0x8000a, 0x11, "d571de9262f6f2757c7f61487c169bb1af8f87"})
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f00000006c0)={@dev={0xfe, 0x80, '\x00', 0x13}}, 0x14)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f017, 0x1})
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = open(&(0x7f0000000440)='./file0\x00', 0x400000, 0x2a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000740)={r5, 0x0, 0x25, 0x2, @val=@kprobe_multi=@syms={0x1, 0x4, &(0x7f0000000700)=[&(0x7f00000005c0)='netdevsim0\x00', &(0x7f0000000600)=')(S\x00', 0x0, 0x0], 0x0, 0x7}}, 0x30)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200000000000000000000000000001800000008000000000000006e14000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002abd70001dff00000d150000050029000000000008003c000700000008000600", @ANYRES32, @ANYBLOB="08003b000001000008003900000200000500370000000000"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x2000002, 0xe, 0x20, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0)
socket$igmp6(0xa, 0x3, 0x2)

2m16.674029497s ago: executing program 5 (id=1683):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
r1 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, 0x0, 0x0, 0x4004085)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0xaa442, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
getpid()
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
sendfile(r4, r4, 0x0, 0x7ffff000)

2m14.993996011s ago: executing program 5 (id=1686):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001800090000000000000000001c140000fe000001000000000c001a0001800802e6d8a7134df6ce8ef86e5ae51a2315408c3610af06acc90057a32440f0ae3d965da19d4604f5d197bfd8fb4bab08cb768174aad034af5b1bb372d750a450ac6b0990e8693abd258da5d9e125bd69d44ddf", @ANYRES32=0x0, @ANYBLOB], 0x28}}, 0x0)
r1 = socket(0x10, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0x3)
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000001500)={"4dd55ec0fce8e829d1b1c709a9dc9be27fa1d5bceab2ba671c4e32ee9aaaa0c0f835ae2884d70899d15d86aa1d791336cb7408884e6ff79db63ca87f4f4a1f5af5bde3cf2128cd31128e6f521ee9a361f7c012ad594938466da18ed4beb39d712d18facaeb01115f87059497ed83c1955215939ffe4cdd40dd0a08a73a24a861b431004b9b70839ad5928f3cc1617883766c424483fafb0c6cd032d270f97f2dc17331ce79da555b520c9e4ba3a54a2d784b40230fd737b3c1be7ec77c54c93b4f3101e991163c77a2ef6d6de6d33635ff49890d0b17bbc908080f199a4aeb2ae1a2ae8b37245eaf76bc1422721902d2775ffb8eae12d7ccaef2792d4eb5d8a9f07b88e684ab613fe26ea5b9b4f930c7893c07ee44a92e605a0d9c0f8133d7e545ec1558836b4d6e295eb05cf373ba89de6397ca4d87d0618128446e721dfdeb2cfdd20b2c455b3370b6acd53a841fdf0cd1d63e14890ddbcf976d3febce20e55a33e0ab9faefaedca7a4948f26cce5cda01f17b7a60bcc9e7f63b358fcfe2419956ea5e853b99bb53c2cfe2b919e65cd4d26fd852eea60d9f73fda58284a3fa86ba1f813436beccad6c7a218fcb6a57f93d91343340d742969082473792fd856d5f2c38d76a679f961d3b5d3e1b1a20ef4fed1d8d91cc795ed01522165c03143ff18a561e1fcec9f894932a21465bdfb5215b8ff3442d202129945e87084dc977b3c3588656be4c29ef3929d4ad5c2d8c90a793cb9d37cba42a184569fde67bc423818584ce4bcd008344e7daf9de287fe958fa5f558ac4de216440c15526ad6d41d17369465ed142383d155fd093c1555e0532a10b458a6dd812a54e1d416cb46b91d227fcb2df8c96a0161b86b09f8730f0ca5e5a15173cfd68e4f2932cc792892a755282f98e266da158aea206adb5a2de38cd7cd950f8fc421e2dd873dc19b8a19101201fb99c0ec51b8e26e69aba996778cb6d7d2b6e3b4038d52d3c9870f4077d3644a05e482b286fcaf8274f9a00fe2a84b4aa44aa9ec57581e77dce52f09a888e112ca20bee0cd7848fdf798082350e501a2b3a992b670324a0741c53e6f0d46949a07f2dbf743703d236c514b8d6d22fbd0a7f0ba7b6b57d9ee9ac5e8d7a39a90715daba1298ff189f32e5c54e318d9c3f9753d6109cdf31c624bfca2e758f1fbe040180f244d759c3289d0d68d07f8641120dc4bb668ccb3879833cde4589dd034b27f81291c69e7fe5cba8bc59d67c555d0cec28a62249f36bf68b9d897436abc83f76ec595c58ad1c0a2b2a5477fd23e47bb66adb1376ab8e32ab87ad0b7e28af4a06a5d17ca34cb780aef0f6b61a0efbef50094eb0eaae0b41ce9a440727c65a48a6b78433a4a48a179a617081def20e87558460b73fac39c1a6845e83651d70fe0679817e8f684352a0c1c8ec76351ecb1508938f5c278966"})
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde9809c8814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3130180613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
r5 = memfd_secret(0x0)
ppoll(&(0x7f0000000100)=[{r5, 0x200}], 0x1, &(0x7f0000000280)={0x77359400}, &(0x7f0000000300)={[0x10000]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000001900)=@nat={'nat\x00', 0x1b, 0x5, 0x4a0, 0x238, 0x238, 0xffffffff, 0x2e0, 0x110, 0x408, 0x408, 0xffffffff, 0x408, 0x408, 0x5, &(0x7f00000002c0), {[{{@ip={@rand_addr=0x64010101, @rand_addr=0x64010100, 0x0, 0xffffffff, 'ipvlan0\x00', 'syzkaller1\x00', {}, {0xff}, 0x0, 0x1, 0x40}, 0x0, 0xd8, 0x110, 0x0, {}, [@common=@ttl={{0x28}, {0x2, 0x7}}, @common=@set={{0x40}, {{0x2, [0x0, 0x4, 0x7, 0x5, 0x1], 0x3, 0x4}}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x1, @multicast2, @multicast1, @port=0x4e24, @gre_key=0xf000}}}}, {{@uncond, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@inet=@set3={{0x50}, {{0x3, 0x2, 0x2}, {0xa3}, {0x4, 0x6}, 0x8}}, @common=@ah={{0x30}, {[0x9, 0x6]}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x1, @broadcast, @remote, @gre_key, @icmp_id=0x67}}}}, {{@ip={@broadcast, @local, 0xff, 0xcfd8585725fdb00, 'lo\x00', 'sit0\x00', {}, {0xff}, 0x4, 0xa6d8c966055678e, 0x8}, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0xb, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @gre_key=0x2, @icmp_id=0x66}}}}, {{@ip={@broadcast, @private=0xa010100, 0xffffff00, 0xffffffff, 'nr0\x00', 'bond0\x00', {}, {0xff}, 0x89, 0x0, 0x2}, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x8, 0x0, 0x1}}, @common=@ah={{0x30}, {[0x4], 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x1a, @dev={0xac, 0x14, 0x14, 0x32}, @multicast1, @gre_key=0xff80, @port=0x4e20}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x500)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
sendmsg$ETHTOOL_MSG_WOL_SET(r1, &(0x7f0000000240)={0x0, 0xfffffffffffffd8d, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYRES16=r0, @ANYRES16=r4], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000140)={@in6={0xa, 0x4e24, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, {&(0x7f0000000500)=""/4096, 0x1000}, &(0x7f0000000000), 0xa}, 0xa0)

2m13.947064015s ago: executing program 5 (id=1695):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x2)
getsockopt$packet_int(r1, 0x107, 0xb, &(0x7f0000000100), &(0x7f0000000140)=0x4)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x88}}, 0x0)

2m13.491228725s ago: executing program 5 (id=1697):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x30000000})
r2 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100, 0x1}, &(0x7f0000000100), &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f00000003c0)=<r4=>0x0, &(0x7f00000005c0))
syz_open_procfs$pagemap(0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_init(0x202, 0x1000)
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r2, 0x48e9, 0x0, 0x0, 0x0, 0x0)

2m12.759130498s ago: executing program 5 (id=1699):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000280)={&(0x7f0000000780)=[{0x4, 0x800, 0x0, 0x0}, {0x3, 0x1000, 0x0, 0x0}, {0x9, 0x8000, 0x0, &(0x7f0000000700)}], 0x3})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)="26fef7", 0x3}], 0x1, 0x0, 0x0, 0x40010}, 0x0)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x123)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)={0x64, 0x0, 0x1, 0x3, 0x0, 0x0, {0x5, 0x0, 0x4}, [@CTA_FILTER={0x0, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x0, 0x2, 0x40a}, @CTA_FILTER_ORIG_FLAGS={0x0, 0x1, 0x240}, @CTA_FILTER_REPLY_FLAGS={0x0, 0x2, 0x900}, @CTA_FILTER_REPLY_FLAGS={0x0, 0x2, 0x824}]}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x9}, @CTA_ZONE={0x6}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x7f}, @CTA_NAT_DST={0x30, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @remote}, @CTA_NAT_V4_MAXIP={0x0, 0x2, @empty}, @CTA_NAT_V4_MINIP={0x8, 0x1, @private=0xa010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4008005}, 0x11)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)=0x10)
r5 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/16], 0x10}, 0x1, 0x0, 0x0, 0x2000c050}, 0x8000)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="18080000000000000000000000000000183700000100000000008000000000009500000000000000841079e01f806a9943b48b7eb6e9f7606cc809f5ec2ddda39db987ce0b24351c734c29635ae13c51ec0752fb365d1fe9a81af75e060c2a512881b9191d098ae7f54c72242e4b498fdbd2b4230b257b457e5a1b11909df176675945b8c72cfab93518dba85ac02b60d4bd6c1298e144079fb319878ada6ea22fc82c49bdf6a62d9ff7398bbdb5f4a95005be9fc4a4106917a69af1f7453816500bc5a9ee87ad5a1c57c8a19007b55c05163e998e77c4bb2c172cd1e7a347d162304aa26469b691d45b395d70036755b340812c47a7709cd469dace441ea46da02c6412575fd2b58dd4f138f7066d17304c01b479766209a623c6828c39504b5b635f9ba1977640a4e77a9446ceb0358fcb4ae07c2db11f91e25fd62ed31c7b5f8d51b16c0ea78c1bddb9418b6a78f854b9af"], &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r7, 0x8008f512, &(0x7f0000000040))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303130303030302c757365725f69643ded91baf0736212060b6f6d300aa2a7d52a30ca10d4dec93ecbe75e9b820a18eda2d34d5bb122d5f7b169176cd984ea7fa81f34f1ac848d22ce94dd9a3834e111f8bde3f697abc02b8e6a572bb7d7db256a2f2336cee33b61cb3a53806b4eb5d6a087d13e54c216675d95737a65108b4fd99746e5fff1d75b3509912f0952a58ed0aa6fc42918282f71d2b29aec82f958c8d9e042", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,\x00'])
read$FUSE(r7, &(0x7f00000021c0)={0x2020, 0x0, <r8=>0x0, <r9=>0x0}, 0x2020)
r10 = ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
quotactl_fd$Q_GETQUOTA(r10, 0xffffffff80000700, r9, &(0x7f0000000080))
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202"], 0x0)
write$FUSE_INIT(r7, &(0x7f0000004200)={0x50, 0x0, r8, {0x7, 0x29, 0x8, 0x75e10508, 0x0, 0x8, 0x0, 0x5, 0x0, 0x0, 0x20}}, 0x50)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r11, 0x0, 0x41, &(0x7f0000000600)=ANY=[@ANYRES16=r5, @ANYRESOCT=r9], 0x48)
syz_fuse_handle_req(r7, &(0x7f0000004280)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ab725c861b08395c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000226089f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076cf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd652b75951a20c100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eeffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x0, 0x20000001, {0x0, 0x4}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x200, 0x81)
ioctl$SG_GET_REQUEST_TABLE(r10, 0x2286, &(0x7f0000000440))

2m9.536048132s ago: executing program 5 (id=1714):
r0 = socket$inet6(0xa, 0x6, 0x200)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x19, 0x4, 0x4, 0x2, 0x0, r1, 0x1000}, 0x50)
syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x26, 0x0, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x80080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@private0, @in=@multicast2}}, {{@in6=@initdev}, 0x0, @in=@remote}}, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x1c, 0x33, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x118}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc091}, 0xc010)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$SNDRV_PCM_IOCTL_DROP(r3, 0x4143, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SYNC_IOC_FILE_INFO(r6, 0xc0383e04, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$dri(&(0x7f0000000680), 0x1, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
setreuid(0xee01, 0x0)

1m54.36045768s ago: executing program 33 (id=1714):
r0 = socket$inet6(0xa, 0x6, 0x200)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x19, 0x4, 0x4, 0x2, 0x0, r1, 0x1000}, 0x50)
syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x26, 0x0, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x80080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@private0, @in=@multicast2}}, {{@in6=@initdev}, 0x0, @in=@remote}}, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x1c, 0x33, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x118}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc091}, 0xc010)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$SNDRV_PCM_IOCTL_DROP(r3, 0x4143, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SYNC_IOC_FILE_INFO(r6, 0xc0383e04, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$dri(&(0x7f0000000680), 0x1, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
setreuid(0xee01, 0x0)

31.616056844s ago: executing program 6 (id=2024):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x78}]}, &(0x7f0000000080)='syzkaller\x00', 0x5}, 0x94)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x34, r3, 0x1, 0x0, 0x4000, {{0x2}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}]]}, 0x34}}, 0x80)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000028c0)="1a29686d9fe935c699abfce07ea022f260f7737101274349c2e284b44292298aafdcf9557a902c345d65381eef7661d27e5177dd6d1742007e4649d403ccc73f20b58d21c32d5f61de9df4eaea5fc4b3473d56b9a1ab523e47c84a16b0edefe2c0c6c0358a3a447916c4243917e70ea23c6a65cdb167de17b7a13ea902ed111d3f3760c66c955aa00e7e91ebb25b69ed73d9913532be657258f9d1dc7e2cf065ffc642a0b0d9a14740ad4206bae3661132fd0203d883b21be628cb02d66e6654fe7292576b15035c35996a86a5376f87ded181457b89b631123ba6e96eb836d51e7c7e1b2889709b03f8e08672b4a273a0d7564cbda01f6ecf067738f6364d02c2d61804eac7563e7941e569a15279034c7240369552d42f99bf7840223ffd51330e09436a3297162cf344e243029c2680059d0a027fd14e7674b182f28b3463b4d5eb2cedbd516462ee82c33b5fbe39e424f2b05ae30ca01252c1d6167ab020b0646be0a36efcce490d17b49f5cb4ff39b62407a2619a9459c5365a463dba799bc7bb1a84178f3fb4cc6d3023b0d90f0d19b666a67b0b57440e671ad76313fa19d358a146366b11ee856929cc098988168025a2b3ce2556708408607958a701f0860dbab81e737c06d286dcec360eba7cd20ef9306c88f5b454c03aee2303c4bcf42316508a1151bb62a925770787d230d0107f5d2f7c1cc410a484eeffdbef5b5635168eefc3137ca0700fc3ef929794f5a2b6b379c053f4402c9e25f35e1c77f1c20633628c5e96a22fbeb5c1083d82a51996e0740114b3c7df743aaf881835999c10a30e61a47442c62a86a0991e85524c684e4dc511aee215f3ea275ed9634d91919990a9a64c0f323f76386c101823d66d08e6b8bfb1cdc25947c9e663dc320c9e98cf95f8fa92e325d1a80f39cb12a42832c6180d85fea170fdeaf0fac49a3b7a9306dde9f538f8527a9b165b386f8cfa4c9974b3da399b1a17bcec4a4ed6b6afdcf7483c1b94bd204887fae46c5654be2297362b1d447b89cafe534df1dd987a8f8a0d9773453f72965810769e4e2955d5b6fd6a4b8d3f2852676c86997270c159ff76bdc906165e6855110dec5d590d99410baa3b48a2467d2a439009274c0ecbb7d6f6ec5fc7d1d6947b3cedf8363d8fea949f9a3c8c9e76eb9727ba01c1421f5010040c934e5228dd2228f08be55ab0c27d30aaec7abd61d3a35bf49e56372fa48b3e52944bb646642bab4ba38427e36ebf4366c44f557f748aa01e2166419f9ffce4b2f5af065ce3ef67687a3d0e1d691e0c6cab14d6b0050cc40eb63f92e6842b7bfc08c2dcd0bc24d51eb64b955da0a7f03cb60f0fcc2abcc7c0a3502f694867bdc0f1ee3a76cbbc250173de5811778ba10251ee045d030195ab2771d8d6b1d6ebf88b759f3aa30d6167a7433ff69ae251a5db6017d6aa522a49f6ef6f8b40c7ecefb5b70c32dbef8306be14238f7e55e642d26690b710560294f918122c0dbe117cc2248f7c8be4c06217207d7a54ac8a4aad99b6f5d9593731110f86c8a13b4f01436204a5febec7f8cb801f729c6cd414b1183c5204cc7d7e25a2744a74d5f9d11afb3eacf36b375097550ab0f0f8807f7f3271aaa480a29c0ea9b78a70cc56e69583051687b20d4638b746b6a0b3afac926aeab5e4fc2501058ae01c7f0d924e33d59b764a2492175b1f8ddfab95da5d12fbac042e958723b048e5250746f3ff6ff68547393bd4ea961058152108188b834b35035d2e98580d127627a76f8534e577bfad6d3ccca85050a39fefbf5cea99fb728a2b9ed1fba221d745d484d78a9e2ddab3ed058b9ad6f13c0900f3a2258acfcec81f263e5abc6ef11bd7bb717b00f2ae18b2f4c258e8b83aa96238dc55f84cef8dd0d9d59efb92af0788ec20d08a20300e064ff7865a66e43cc50b86dc416bb46b12845739688cd91ee85a36da2b1081916311b9dbd8333bb6551f114273607868ef83755e9da521c186e6e5df4750080525e16e9bd24b39a11e0f66937333f9f1adaf6c0f077bd797c6a4bf43fae592c7d80cecb0e65f3ba39ab0b77ec9f0366f19a519306d924e326beae86fa9c941102fd9e02ba7d72c53e54aadb74fc475fad2da5af651d8aff81106ba0e3b89a719f3c59712951c30df46b4db3149bc28c5b9324a83e7e33727cb6abc64ac75cc2eae00bc8847377f77ecc5c08e99adf9056fb4c52eeb055b8570bdb49413c54699844527b238158068a679bdc26a0450b21948a0eac9c18fec804e3067cb9886929a31407de23a894aead991fb30a1f6da613199ee76caf22404b1fa3b934d9e905b968b164e8c1c5874ce9c0940bbc791e865a6b3f3ea5f4874669cd46703dd044db0e68d7e1a20756d11319278fd46e25f5d127faa5814dbdd6d11aaf577d9f8b075a7389026ed74049ab9715c36379694558b12535ba9b0799381d27a079c2ada50f6b08678433f2aeb6967a11a73e691d276efd55e629c203c30423a55dbfdace02092ad988e50abc1b24d78253f8c1618c69c9d7639afedd8020f07e43272ea4b49a6a274c3e3bda6c8ce60597afac435236dd12c5d86bedfc52f841ff53340449f5c3f441b7c8d894938df48c8a3c71d9d35c4af3d28d72baea33a29b2beeee6f0f13a6d617eacdd38c9623d22b1306c2de29fb9805dcec16430280b54e4dfeccb70e0b2d3f218a6d6850b6115bdb69af048853fa7f414e54a9cfcefd37986aabe8f6c2d94c18050bc94205690addd224fe21f2e22a8628de1bcb2a90c4c3156e36ce68f95dae6644a5216aae2ec7d08ae0fc46945d6cf3b75e481ddc89ba84e3163458e11ffcf8ad5f532f2708cad50af9356a739ca2510cab0b8aa1f98c7006d483b0e0080ac86d0a376344789ac19ef280e853054f56b05ac320bed179902c9adfbd819d360a557ccff3d534b18047cb738f1a72ecda5157197a269a9d4a561ca45fd8043d06b9715f4fa19c70d9a3af134ef3c2d83489784c28762bb695e303352f48f83dcb35df75f63ef6bf0396ad7d472952ce86841e43f2f6cd0b2edf5741a1e316c228f4ffddd2210c498a51bb7753b3744b0cc3aea4a51fb9a02de4c295e06a74e6ed1a8b4a14da2edc127948750fb1a150fb1b7872da6e92adf1ea0311da8780c81f488125ea9836e7dcb445936d9b3998be1a0dd9fb43a3e82091ffd9ce1c2b9a56b44b6a0486fb0014f01244ea4d685656b5f3df810f7bd3d94dd2dae761ca6db57a343aefe8c7ff6d98018a14fe9deedbe31c61a502cf8fe53517f4ffcfa34efaedc61e36aa2826d24151c08a5889367e177d1d39c672e9c0eb4022f7b30d219360db78b0b88fb7b4a943629a79aa08001aed26acff7c5a72d2de889c23fe7ee359610aa011378d42ffbcda98ba37c5cdfc264dc91d6dab639df0d4c975552d3b136a13db9293006d55ac6a178a4f04be7bfd41cd355500838015bfb91b8c5cdfa051a3212f5c3b79f1411d99c2e7f7a1c75e2de530b90d4b218cff5b179c6f2487a1ac54f5719970c003feb9d0647cee624b01db38d635b493b250c09cccc406266ab3fb571f1d87351a43c44d5d79eef0841a574c2f55bbfde6d52e26657d622ff7f9388bed5e08c76fc5cd01e7e33bd1355ecbb4bbed5d94666a73629d04238104770fd3ca900ad6316e994d2c97064935d3eac054bd09e875baa19a4571d3dd7aac44428157e4ba20aa9684556e2e4e7c662aba34ffbe993cf442a27462650a52506b259a3df96563c6dba173553f3e2c81b9719ad7b9ddcf7a5c35e0421b4abc2a22fddeede33f118fef4c622f8e822ce44a763fed667a0a0c321bc755ce3fcb3ce369b63eb4329364a37be3b0d657ec7a194ce5e22e7d3660568200b33d713d546cdbffcca3e8aed418ade622e332cba4931200a078c811b5d1c0a28d61de302d32e7726087700b160444d7d997a4cb0fc3b4f74cf259db0aae49243a947a3aa8e4762841def472f686cf876088eaa2c267cb39df380bd94a5d4dca072bccf71ff7029c98a1a337c405bd0b5b1e216b0fbab3bbfb21faafff8ab4d7835b51a34a6ad5c069ad1c3d6ff819f0ac27c7acfbabc0265aa5b795081c60e21ae852795c4ee2a9a297b02341f2e0815045816c07533aa57f73116a53867ee07e32f55c632be1986d190b9e59c2e56c5e598867f5e0a5e79fd933520932fc6e05905a0aed9cca2df486a9dca475dc13c770ab56783c6fc4291182bb3f98a1fad71a47628c8b50ca28e1db47df1a9e57deaf53bef661ca87536a94bd78596dcb21365d56a74736227e062522393020d561095f200d5287e805e0ad2fc4219091b779e957fc3f1fe0614e436774dd9630c5f1e2a81fe9ad8363635bf3ce1e233eabe83a96f7c7e964baaf4c0a831ab1baa86976ded258cd38512c53f40860c271018188e56656d9c143304c4e744cd83ec673df6c0a968a3b7c5783f16b966d9752dc2fc0d587891e2f12158d521a04542dec2db145010ad00736fe2aa6b48ff4b4d159f86bdb2ddab055a48ff390b315f6c778d93723809ea2559eb64fe41857402bc424bc48620dcc5a09ede88d986a9c440cc02597d1c9ec8dc39e2f56fa4e88c1c30bc1adc6adbd9e754996d11bf72a1536c91c0e16288406a145a4150ad073196b7dd1f440a86a827c24acb4bb9d59b36331a12d771388f800216444f7869390d49c036708c69c388411d3401541781f5653714925020eee74a3be06de496e473f3704fbd97a274c02301c7bf44611eeb3ef2a19d889dd72c0f1ec53bd4f2c86a99401b9cb3dcfc1377a084d489c08b65c88b91b4e16c3ad0b56fcbd6112c330be885080becc0a70ca7a883b1dde203d7ef228a0c168463afb5feaafd41b8ffae34da857ad9371ba7ec23053bfeb12e64c59a32f97190cbb05a40ab8683661487ac3341cf3ea3bbe92febe59d4c48f17c8cfd07c6ecca383ef01fa597fa352eecd691f18417461acb105911fd85a840a3dca5efc534610cef8c8d015c19a3a2f7199f4fda683418f94fb1889816939fb71516e87dbe0819de475679912c12db3be40ce6b4b6baa32d4b4a74068bef74ee75cc8732b31d82ef3c3aa753afc5bbf71e2dec2135de3da3643ce5c5ebce8c1f635a8cf733cd4cbf97a997a37258c6f456b26604c468002a4fa220d291e588ba6a6f699a1d12e7ce0fb9b98eef015f20e48c7c8fbbf550704703482fe3714a5d8de61fe14223f66749898ab69c9c65ac476ca02057c0792357e7a9c6a8c84f6c9c596758ffebfd5be7722f2d4b16c9bcba2a08ce0ea4958f979e0d2e73eba30a48559ce587041cfbffe852be137a0bee8ae47598a9deeb901411c0eadad9f70a0127a19e858bb5fc757ba11148d3bedf2a9a58cd703abc54efc59932bb851b308a8cd859c48e8d045d4ef30e0c184fe202da9d085a83a8b7bdd02f003af053a73d3e8a03537f96dd1040ba18ee180ca4aa8fa9f10e8d04d788aa4c67c651192889df0f4fa9754952fea58d92cc1c6544fd839f977edbf50e0963f451780d8efa0e6889d83c53e9024193f2993ccaf2d17ba1e0f504e19a28ec43bb0ea671f6c457f91ecdb0a9dd9bac27712cc6c7e43ecddca3b684b6e41a681048cf17ba87a49fe80928be2eec88411d237eb87132e9adb8f61a35fbff74fb6c46b9eed67b92474bdfea3a48754bff62751f5aa6f68b90516189a62e11c4a4839a2fa01651fa1014f08c1d0c8da18ebe0f01a2d9882ce486a27ad5a032a11f7bb6a0c27737837a5c94c95e3bea16949a4c1d98d00cc763cc5b16fc8077bdf0", 0x1000}], 0x1}}], 0x1, 0x4000800)
syz_emit_ethernet(0x6e, &(0x7f0000000240)={@local, @random="be9689ce9f88", @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv4={0x800, @gre={{0x6, 0x4, 0x1, 0x1, 0x5c, 0x66, 0x0, 0x5, 0x2f, 0x0, @rand_addr=0x64010102, @local, {[@ssrr={0x89, 0x3, 0x3d}]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x1, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}, {0x8, 0x88be, 0x4, {{0x1, 0x1, 0x7, 0x2, 0x1, 0x0, 0x2, 0xc}, 0x1, {0x1}}}, {0x8, 0x22eb, 0x6, {{0x9, 0x2, 0x6, 0x1, 0x1, 0x1, 0x1}, 0x2, {0x1, 0x100, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1}}}, {0x8, 0x6558, 0x1}}}}}}, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000b95000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40)

31.589843985s ago: executing program 6 (id=2025):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000100)={0xfffffffc, 0xe7, 0x2, 0x101, 0x7, "ea71061d0000000001000200", 0x0, 0x80})
writev(0xffffffffffffffff, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0x96, 0x5d, 0x6, 0x40, 0x133e, 0x815, 0x7e66, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x87, 0x28}}]}}]}}, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
ioctl$int_in(r1, 0x5421, &(0x7f0000000100)=0x9)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
close(r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
fchmod(r0, 0x102)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080))
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6gre0\x00', <r5=>0x0})
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r4, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0089061327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)

26.839652216s ago: executing program 6 (id=2034):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000001780)='/dev/comedi4\x00', 0x80000, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000003c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0], 0x0, 0xf6, &(0x7f0000000540)=[{}, {}], 0x10, 0x10, &(0x7f00000002c0), &(0x7f0000000580), 0x8, 0xd0, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
listen(r1, 0xfffffe18)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, &(0x7f0000000080)=0x4f)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, 0x0, &(0x7f0000000040))
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000300), 0x0, 0x40)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt(r5, 0x84, 0x82, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000030000005800018044000400200001000a00000000000000fe800000000000000000000000000010f8000000200002000a00000000000000ff160000000000000000000000000001000000000d0001007564703a73"], 0x6c}}, 0x0)
ioctl$COMEDI_CMDTEST(r0, 0x8050640a, &(0x7f0000000000)={0xfffe, 0x0, 0x100, 0x9, 0x0, 0x9, 0x1, 0x3, 0x40, 0x4, 0x40, 0x6, 0x0, 0x0, 0x0})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

24.163749279s ago: executing program 6 (id=2037):
r0 = socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$l2tp(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r3 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x15, r3, 0xffffffffffffffff, 0x5b)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4084004}, 0x10000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NL80211_CMD_REQ_SET_REG(r5, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x70, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4c, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x3}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xffffff00}, @NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xffff8000}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x40000000}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x4090}, 0x24044004)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x4}, 0x10)
write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe020002000000000800040001000000", 0x24)
sendto$inet(r0, &(0x7f0000000280)="12f0dda7f17f60b7c78b", 0xa, 0x800, &(0x7f00000001c0)={0x2, 0x4e22, @multicast2}, 0x10)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x4)
shmat(0xffffffffffffffff, &(0x7f0000708000/0x1000)=nil, 0x6000)

21.912440298s ago: executing program 0 (id=2043):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_delroute={0x34, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x34}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fsopen(&(0x7f0000000200)='iso9660\x00', 0x0)
syz_emit_ethernet(0xfffffffffffffefe, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x500, 0x0, 0x0, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0xff}, @local}, {0x4e21, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "6fdfa0d2001efbb3e29a4ac275ca11b984ff5def6ed2e4ea9bc0eabdd34c732b", "df23520b57e4c98679c7795a27c7bf3e7d776b600ba8d82d6ba417e219edd86fb708441efcf75fe803412dae374281c2", "5df814aa2e34e4f8a759805b993e2d69a8f476de686861a9850edbe3", {"2cfee9b9d5b0b2b171b51f9174963b0c", "e40ca7e0a7b4bbc4bc9720c876a57954"}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xd}, 0x18)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, r2, 0x6a98047402e98331, 0x70bd21, 0xffa1}, 0x14}, 0x1, 0x0, 0x0, 0x24000044}, 0x4008800)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x10, 0x4, [{{0x9, 0x4, 0x0, 0xcf, 0x1, 0x3, 0x1, 0x1, 0xd9, {0x9, 0x21, 0x4, 0x9, 0x1, {0x22, 0x744}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x4, 0x3, 0x3}}}}}]}}]}}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x2, &(0x7f0000000740)=@string={0x2}}, {0xd2, &(0x7f00000007c0)=@string={0xd2, 0x3, "0b3bacfb1eb78c417316b41f47d893286ede6a4059e40317a8b7c6b23bf89a824efb58198e6317bbc44dad3ae66baede52790ee884a0952ad731111243b5bd3817e097ae92aa9360ac44a6f9fc5336b518b4947fbd2263332efec4dd8a75763bf8f96a77e395e997d44e75d9449f8e6499b731694a1a7f0e3c5368db1d5a82752841fd867ad62c56c5d80ae5b13d2130d27c9cc12c74f35a8d240c94c36e145e9a867e5ea7ce6237abf558c57dae5c25fbd2c33c27b72908ea93898e09b836c6b58f9d949382825f9d370ae280d8aeda"}}, {0x0, 0x0}, {0x0, 0x0}]})

21.371445657s ago: executing program 6 (id=2046):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x1, 0x0, [{0x0, 0x2, 0x5000000}]}, @restrict={0x0, 0x0, 0x0, 0x6, 0x2}]}}, 0x0, 0x3e}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r0}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r4}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)

20.64414924s ago: executing program 6 (id=2050):
dup(0xffffffffffffffff)
io_uring_setup(0x0, 0x0)
r0 = socket(0x2c, 0x800, 0x4)
sendmsg$nl_route(r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x39, 0x0, 0x1}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = syz_io_uring_setup(0x355a, &(0x7f0000000300)={0x0, 0xd4bb, 0x0, 0x1, 0x302}, &(0x7f0000000000)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$inet(r3, &(0x7f0000001640)={0x0, 0x0, 0x0}, 0x20000090)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0xa, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000380)='./file0\x00', 0x1d2})
listen(r3, 0x5)
io_uring_enter(r4, 0x3517, 0xc2de, 0x9, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0x7, &(0x7f0000000180)={0x8, 0x8f}, 0x0)
r7 = socket$kcm(0x29, 0x2, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x42c003, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f00000001c0)={0x1003, "425ae375378532d249154c94b4c78a38b4c9810000f900000000000000001e00"})
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x20000000000001, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f0000000240), 0x7, 0x0)
read$msr(r8, &(0x7f0000002000)=""/102400, 0x19000)

17.844634283s ago: executing program 0 (id=2052):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYRESOCT], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xff08}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c9, &(0x7f0000002a00))
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_xfrm(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="540000002400000825bd7000fddbdf257f000000060004000000000006000400000000000600040000000000060004000000000006000300000000000600030000000000060003000000000006000300000000007df205624339f2d7906eeda13562f523bc57b8bcfc22c2a85eae5457f259e31f6193444a80cdb7fe2f0a542c16bab24038ee69e4b6b7ec9363ef9ea70c623abed27d04f184d856ed9babe059fa5aafe8186a9ebf3183bcd4408bafd0efbc4ae0f2470c5ecad0b41fe30762d723968935bfe65d28cdbd4ecd419a9486f0dbd9550d521b3251", @ANYRES16, @ANYRESDEC, @ANYRESOCT, @ANYRESOCT=r1, @ANYRESHEX], 0x54}, 0x1, 0x0, 0x0, 0x40814}, 0x4044804)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r4 = fanotify_init(0xf00, 0x0)
fanotify_mark(r4, 0x105, 0x40009975, r3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010100000000000000000100fffe0900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000058000000060a010400000000000000000100000008000b4000000000300004802c000180090001007866726d000000001c0002800500030003"], 0xcc}}, 0x4000040)
ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000300))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
epoll_create1(0x80000)
mkdir(&(0x7f0000000100)='./bus\x00', 0xe8)
sched_setscheduler(0x0, 0x6, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x0, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x81, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x301, 0x0, 0x0, 0x0, 0x1000}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x64}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x7)

14.531424463s ago: executing program 0 (id=2061):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0xfffffffe, 0x10000)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x5, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)

10.570527867s ago: executing program 0 (id=2066):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000))
socket$inet_tcp(0x2, 0x1, 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0xcd)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x1000000, 0x2}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)

8.303388753s ago: executing program 0 (id=2069):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = memfd_create(&(0x7f00000025c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1cs1F59\xcdR\xc1\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9b\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\xe7\xd6\xa3', 0x6)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r1, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000140)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa08004500005800000000002f9078ac141400ac1414ff0420880b0000000000000800000086dd080088be000000001000ffff0000000000000000080022eb0000"], 0x0)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB="001704000000a3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000580)={0x20, 0x30, 0x4, "c53fe07a"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000140)="66430f7ff48f6870cdd98541c03000660f3880ac4c0d0000000fc7777e3e3e470feb877c000000b9ce0800000f32b9e80b00000f32b805000000b94e0000000f01d966b8e7008ee8", 0x48}], 0x1, 0x20, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x7)
syz_kvm_setup_cpu$x86(r8, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f00000006c0)="2ef2dd050080000048b84441000000000000b9130b00000f320f21f8350000ce00010123f836362e6726af4b0f20c1350e000000440f22c0b805000000b9009800000f01d97c0f01c9c947338c01c4c40f79d226660f013b", 0x58}], 0x1, 0x50, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x2e000000, 0x0, 0x0, 0x0, 0x0, 0xa3d8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r9 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r9, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
write$UHID_GET_REPORT_REPLY(r9, &(0x7f0000000180)={0xa, {0x2, 0x3, 0x80}}, 0xa)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000190000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0, 0xfffffffffffffd95}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TRIGGER(r5, 0x54a6)

8.062644499s ago: executing program 4 (id=2071):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="28000000030801020000000000000000070000030c00048008000140000000080500030001000000c05e14808251b24f5dd0a6d593ea1202527b6aa991a34e8d523b38babd02bfb77e7be12a832b4e56505a420ce4737114b7b3e7139f9bd89cc4c5423469cc2e10f80420369c8336666cd1b8e945e5583168eaf9ff21bd23d503f0da093ff5533bb980dc0a786a280cc049ca3431f8945176e088797cba6ec9"], 0x28}, 0x1, 0x0, 0x0, 0x4004080}, 0x0)

7.535394245s ago: executing program 4 (id=2074):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_TIMEOUT(r0, 0x702, 0x66a0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
syz_usb_connect(0x6, 0x36, &(0x7f00000000c0)=ANY=[], 0x0)
syz_io_uring_setup(0x5e48, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0xfffffffc}, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x80002, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x10)

6.94186959s ago: executing program 3 (id=2076):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={0x0})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x0)
setresuid(0x0, r1, 0x0)
write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r2 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)={0xa0000004})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000140)={0xa0000001})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', 0x0})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_wakeup_irq', 0x226000, 0x9)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES8=r1, @ANYRES32=r7, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r5], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r8, 0x0, 0x0, 0x44010, &(0x7f0000000040)={0x11, 0x4, r7, 0x1, 0x7}, 0x14)
epoll_wait(r4, &(0x7f0000000280)=[{}], 0x1, 0x4000005)
socket$netlink(0x10, 0x3, 0x4)
socket$inet6_sctp(0xa, 0x5, 0x84)

5.810911663s ago: executing program 1 (id=2078):
r0 = socket(0x2, 0x80805, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x14, 0x2, 0x6, 0x5, 0x0, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0xc040}, 0x0)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x7bff, 0x0, 0x0}, 0x58)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7d, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)

5.527512153s ago: executing program 34 (id=2050):
dup(0xffffffffffffffff)
io_uring_setup(0x0, 0x0)
r0 = socket(0x2c, 0x800, 0x4)
sendmsg$nl_route(r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x39, 0x0, 0x1}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = syz_io_uring_setup(0x355a, &(0x7f0000000300)={0x0, 0xd4bb, 0x0, 0x1, 0x302}, &(0x7f0000000000)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$inet(r3, &(0x7f0000001640)={0x0, 0x0, 0x0}, 0x20000090)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0xa, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000380)='./file0\x00', 0x1d2})
listen(r3, 0x5)
io_uring_enter(r4, 0x3517, 0xc2de, 0x9, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0x7, &(0x7f0000000180)={0x8, 0x8f}, 0x0)
r7 = socket$kcm(0x29, 0x2, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x42c003, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f00000001c0)={0x1003, "425ae375378532d249154c94b4c78a38b4c9810000f900000000000000001e00"})
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x20000000000001, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f0000000240), 0x7, 0x0)
read$msr(r8, &(0x7f0000002000)=""/102400, 0x19000)

5.484104623s ago: executing program 3 (id=2080):
socket(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040), 0x10)
listen(r1, 0x0)
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000500), 0x10)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x62001, 0x0)
lsetxattr$system_posix_acl(0x0, &(0x7f0000000440)='system.posix_acl_access\x00', 0x0, 0x9, 0x1)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
ptrace$setregs(0xd, r7, 0x0, &(0x7f00000003c0))
ptrace$cont(0x9, r7, 0x10000, 0x0)
preadv(r3, &(0x7f0000000640)=[{&(0x7f00000008c0)=""/201, 0xc9}], 0x1, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1f, 0xe, &(0x7f0000000200)=ANY=[@ANYRESDEC=0x0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

5.483746577s ago: executing program 1 (id=2081):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_delroute={0x3c, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_ID={0xc, 0x1, 0x4}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fsopen(&(0x7f0000000200)='iso9660\x00', 0x0)
syz_emit_ethernet(0xfffffffffffffefe, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x500, 0x0, 0x0, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0xff}, @local}, {0x4e21, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "6fdfa0d2001efbb3e29a4ac275ca11b984ff5def6ed2e4ea9bc0eabdd34c732b", "df23520b57e4c98679c7795a27c7bf3e7d776b600ba8d82d6ba417e219edd86fb708441efcf75fe803412dae374281c2", "5df814aa2e34e4f8a759805b993e2d69a8f476de686861a9850edbe3", {"2cfee9b9d5b0b2b171b51f9174963b0c", "e40ca7e0a7b4bbc4bc9720c876a57954"}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xd}, 0x18)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x14, r2, 0x6a98047402e98331, 0x70bd21, 0xffa1}, 0x14}, 0x1, 0x0, 0x0, 0x24000044}, 0x4008800)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1130, 0x3101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x10, 0x4, [{{0x9, 0x4, 0x0, 0xcf, 0x1, 0x3, 0x1, 0x1, 0xd9, {0x9, 0x21, 0x4, 0x9, 0x1, {0x22, 0x744}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x4, 0x3, 0x3}}}}}]}}]}}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x2, &(0x7f0000000740)=@string={0x2}}, {0xd2, &(0x7f00000007c0)=@string={0xd2, 0x3, "0b3bacfb1eb78c417316b41f47d893286ede6a4059e40317a8b7c6b23bf89a824efb58198e6317bbc44dad3ae66baede52790ee884a0952ad731111243b5bd3817e097ae92aa9360ac44a6f9fc5336b518b4947fbd2263332efec4dd8a75763bf8f96a77e395e997d44e75d9449f8e6499b731694a1a7f0e3c5368db1d5a82752841fd867ad62c56c5d80ae5b13d2130d27c9cc12c74f35a8d240c94c36e145e9a867e5ea7ce6237abf558c57dae5c25fbd2c33c27b72908ea93898e09b836c6b58f9d949382825f9d370ae280d8aeda"}}, {0x0, 0x0}, {0x0, 0x0}]})

5.454968745s ago: executing program 4 (id=2082):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0x20, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}}, 0x0, 0x0, 0xd, 0x0, "50e482af8a3b3953d7d2ddc26f6d7fcfdcef78b3bb7ca71d37000667e0b8dd3a89446b04761c340f273410ad620a1d1d1e8e3d5d07cb37da86503ff8eadd32f0fc9a56bcd7a401a991c216437633b722"}, 0xd8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x3fff}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13}, 0x94)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sysfs$2(0x2, 0x100000000, &(0x7f0000000200)=""/4096)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}]}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000010}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r3 = socket$netlink(0x10, 0x3, 0x0)
recvmmsg(r0, &(0x7f0000001740)=[{{&(0x7f0000000000)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000001400)=[{&(0x7f0000001200)=""/239, 0xef}, {&(0x7f0000001300)=""/207, 0xcf}], 0x2, &(0x7f0000001440)=""/202, 0xca}, 0x7fff}, {{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001540)=""/241, 0xf1}], 0x1, &(0x7f0000001680)=""/133, 0x85}, 0x80000}], 0x2, 0x40000040, &(0x7f00000017c0))
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r4 = socket(0x22, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f00000005c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x60, 0x10, 0x437, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, 0x40c89}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x8, 0x8, 0x32}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0xe3}}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0xc334}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

4.783963652s ago: executing program 3 (id=2083):
r0 = socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$l2tp(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r3 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4084004}, 0x10000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NL80211_CMD_REQ_SET_REG(r5, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x70, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4c, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x3}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xffffff00}, @NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xffff8000}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x40000000}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x4090}, 0x24044004)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x4}, 0x10)
write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe020002000000000800040001000000", 0x24)
sendto$inet(r0, &(0x7f0000000280)="12f0dda7f17f60b7c78b", 0xa, 0x800, &(0x7f00000001c0)={0x2, 0x4e22, @multicast2}, 0x10)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r7, 0x400455c8, 0x4)
shmat(0xffffffffffffffff, &(0x7f0000708000/0x1000)=nil, 0x6000)

4.133407912s ago: executing program 0 (id=2084):
syz_pidfd_open(0x0, 0x0)
socket$inet(0x2b, 0x800, 0x8)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0x0, 0x20008005, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x80)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x11)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="240000003c000b0000000000fcffffff04000000040000800c000100091c"], 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x40050)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xd, 0x0, 0x4000000}, 0x44050)
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
shutdown(r0, 0x1)
r7 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r7, 0x80104592, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1000101, "003cc96fb5bf1a0a9d1b14700c1e0ac74f000000001600000000000900"})
recvfrom(r0, 0x0, 0x0, 0x61, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x1c, r10, 0x201, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20005000}, 0x0)

3.4046559s ago: executing program 4 (id=2085):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x34, r2, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8, 0x1, r3}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0)

2.7793199s ago: executing program 1 (id=2086):
semget(0x1, 0x2, 0x545)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/vlan0\x00')
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40})
ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000000)=0x1000)

2.72010264s ago: executing program 4 (id=2087):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x7, [0x0, 0x0, 0x0, 0x0, 0xc], 0x4, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1400]}}}}]}, 0x88}}, 0x20000000)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

2.562993642s ago: executing program 1 (id=2088):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000180)={0x0, 0x10, 0x4, {0x4, 0xc, "74f1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000200)={0x0, 0x3, 0xa9, @string={0xa9, 0x3, "679e23066f854e45ff80bf975376eeeb108dbe082f6da44b1701d8ccd5becd4b5404fc27627d9e99d0eda2bdd6a53498f8ac7e39ca3466c6763fa4c43210d08ed7819deaa3fb40dc733a3bc9d4ff43ab24512e098c621aae214cdd033cfa04e29cca3574b5f777a2047691e232fcc442f86a4f691c5bb8f4f912c7b2de67f151ba3410fc845f0233deda21d9ebb2e23bbbc52ca1cf621a3aaee40d971629339fe5d738e5d88648"}}, 0x0, 0x0, 0x0}, 0x0)

2.46808801s ago: executing program 4 (id=2089):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000100)={0xfffffffc, 0xe7, 0x2, 0x101, 0x7, "ea71061d0000000001000200", 0x0, 0x80})
writev(0xffffffffffffffff, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0x96, 0x5d, 0x6, 0x40, 0x133e, 0x815, 0x7e66, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x87, 0x28}}]}}]}}, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
ioctl$int_in(r1, 0x5421, &(0x7f0000000100)=0x9)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
close(r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
fchmod(r0, 0x102)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080))
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6gre0\x00', <r5=>0x0})
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r4, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0089061327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r5, 0x1, 0x0, 0x6, @multicast}, 0x14)

1.974763121s ago: executing program 3 (id=2090):
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x2802, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@dellinkprop={0x34, 0x6d, 0x2ec9b2c728e3c67, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x48198, 0x800}, [@IFLA_IFNAME={0x14, 0x3, 'caif0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{}]}]}}, &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0xa}, 0x20)
writev(r0, &(0x7f0000001500)=[{&(0x7f0000000040)="acf2027e0d3b2e122c200e751f448727063614524642b4e6d7a847c5983e41dd2ba6867639fa1b0f3ae687088a498b75bfd054f368a4e0474905be42bc1905", 0x3f}, {&(0x7f00000000c0)="4bec", 0x2}], 0x2)

1.67196269s ago: executing program 3 (id=2091):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_TIMEOUT(r0, 0x702, 0x66a0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
syz_usb_connect(0x6, 0x36, &(0x7f00000000c0)=ANY=[], 0x0)
syz_io_uring_setup(0x5e48, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0xfffffffc}, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x80002, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x10)

448.971637ms ago: executing program 1 (id=2092):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r5 = fanotify_init(0xf00, 0x0)
fanotify_mark(r5, 0x105, 0x40009975, r4, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0) (async)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=@gettfilter={0x4c, 0x2e, 0x10, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0xf, 0xfff3}, {0x0, 0xfff2}, {0xe, 0xb}}, [{0x8, 0xb, 0x6afa0137}, {0x8, 0xb, 0x7}, {0x8, 0xb, 0x1}, {0x8, 0xb, 0x7}, {0x8, 0xb, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8015}, 0x80)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
creat(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
r6 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r6, &(0x7f0000000300)="ca0e808bb35bda", 0x7)
r8 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r7, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r8, 0x20, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f0000000440)=""/231, 0xe7}}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r8, 0x20, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f0000000440)=""/231, 0xe7}}, 0x10)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c)

68.551809ms ago: executing program 1 (id=2093):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELSETELEM={0x28, 0xe, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}]}, @NFT_MSG_DELFLOWTABLE={0x4c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELTABLE={0x2c, 0x2, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}]}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x2}}], {0x14}}, 0xfc}, 0x1, 0x0, 0x0, 0x20048004}, 0x8010)
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd29, 0x25dfdbfd, {0x7, 0x0, 0x0, r2, 0x40, 0x9ffac2705d37b0b7, 0x5}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x20000040)
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x9048}})
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r4 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, 0x0)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r6 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r6, &(0x7f0000002700)=""/102392, 0x18ff8)
write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000140)={0x14, 0x17, 0x1, {0xb, './bus/file0'}}, 0x14)
r7 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
fchdir(r8)
r9 = open(&(0x7f0000000040)='./bus\x00', 0x103a42, 0x80) (fail_nth: 7)
ftruncate(r9, 0x2007ffb)
sendfile(r9, r9, 0x0, 0x1000000201005)
ftruncate(r9, 0x30)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="700000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="000000000204040008001300", @ANYRES32=r5, @ANYBLOB], 0x70}, 0x1, 0x0, 0x0, 0x4000000}, 0x40080)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3})
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)

0s ago: executing program 3 (id=2094):
r0 = socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$l2tp(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r3 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x15, r3, 0xffffffffffffffff, 0x5b)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4084004}, 0x10000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NL80211_CMD_REQ_SET_REG(r5, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x70, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4c, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x3}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xffffff00}, @NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xffff8000}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x40000000}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x4090}, 0x24044004)
write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe020002000000000800040001000000", 0x24)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x4)
shmat(0xffffffffffffffff, &(0x7f0000708000/0x1000)=nil, 0x6000)

kernel console output (not intermixed with test programs):

g
[  626.735488][  T117] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  626.769427][  T117] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  626.778772][  T117] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  626.794799][  T117] usb 5-1: Product: syz
[  626.806043][  T117] usb 5-1: Manufacturer: syz
[  626.817572][  T117] usb 5-1: SerialNumber: syz
[  626.861477][  T974] usb 4-1: new low-speed USB device number 15 using dummy_hcd
[  627.403664][T12400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.449202][T12400] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.465565][T12400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.479407][T12400] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.493691][T12400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.511810][T12400] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.514919][  T974] usb 4-1: unable to get BOS descriptor or descriptor too short
[  627.524595][T12400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.552686][  T974] usb 4-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  627.604177][T12400] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.615348][  T974] usb 4-1: config 1 interface 0 has no altsetting 0
[  627.624240][  T974] usb 4-1: language id specifier not provided by device, defaulting to English
[  627.672585][  T977] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  627.785580][  T974] usb 4-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  627.828487][  T974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.844784][  T974] usb 4-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓䁪ᜃ램닆芚פֿᥘ掎묗䷄㪭毦祒ꂄ⪕㇗ሑ땃㢽꺗ꪒ悓䒬簾叼딶되羔⊽㍣︮疊㭶笠睪闣韩仔齄撎랙椱ᩊ๿匼娝疂䄨蛽홺嘬㶱〡糒솜琬嫳⒍鐌滃帔蚚幾캧㝢았깽╜틻㳃뜧ࠩ鏪躉렉옶辵钝芓徂㞝
[  627.874986][  T977] usb 6-1: Using ep0 maxpacket: 32
[  627.902374][  T977] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  627.910781][  T977] usb 6-1: config 0 has no interface number 0
[  627.979340][  T977] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  627.995543][T12395] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  628.035838][  T977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.069185][  T117] usb 5-1: 0:2 : does not exist
[  628.072979][  T977] usb 6-1: Product: syz
[  628.079304][  T977] usb 6-1: Manufacturer: syz
[  628.091014][  T977] usb 6-1: SerialNumber: syz
[  628.154545][  T977] usb 6-1: config 0 descriptor??
[  628.242544][  T977] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  628.300300][  T117] usb 5-1: USB disconnect, device number 51
[  628.314773][  T974] usbhid 4-1:1.0: can't add hid device: -71
[  628.352866][  T974] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  628.414910][  T974] usb 4-1: USB disconnect, device number 15
[  628.425661][  T977] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  628.505242][  T977] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  628.525352][T12414] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1668'.
[  628.833840][   T36] Bluetooth: hci5: Frame reassembly failed (-84)
[  629.164949][   T36] Bluetooth: hci6: Frame reassembly failed (-84)
[  629.506082][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  629.517118][  T977] usb 6-1: USB disconnect, device number 58
[  629.555313][  T977] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  629.595991][  T977] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  629.629167][  T977] quatech2 6-1:0.51: device disconnected
[  630.660934][   T30] audit: type=1400 audit(2000000161.850:554): avc:  denied  { setattr } for  pid=12431 comm="syz.5.1673" name="NETLINK" dev="sockfs" ino=34911 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  630.779436][T12436] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1675'.
[  630.788560][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  630.801299][T12436] netlink: 'syz.5.1675': attribute type 5 has an invalid length.
[  630.817428][T12436] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1675'.
[  630.842098][T12436] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  630.881546][T12436] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  630.897420][T12436] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  630.907007][T12436] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  630.945648][T12436] geneve3: entered promiscuous mode
[  630.954931][T12436] geneve3: entered allmulticast mode
[  631.172352][ T5840] Bluetooth: hci6: command 0x1003 tx timeout
[  631.179909][ T5838] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  631.180449][T12448] fuse: Bad value for 'fd'
[  631.756647][   T30] audit: type=1400 audit(2000000162.920:555): avc:  denied  { create } for  pid=12446 comm="syz.0.1679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  631.880081][   T30] audit: type=1400 audit(2000000162.920:556): avc:  denied  { bind } for  pid=12446 comm="syz.0.1679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  632.321274][T12462] netlink: 'syz.4.1682': attribute type 4 has an invalid length.
[  632.920332][T12464] netlink: zone id is out of range
[  632.925526][T12464] netlink: zone id is out of range
[  632.930645][T12464] netlink: zone id is out of range
[  632.936042][T12464] netlink: del zone limit has 4 unknown bytes
[  633.274580][T12468] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1685'.
[  633.457223][T12470] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1687'.
[  633.466305][T12470] netlink: 'syz.4.1687': attribute type 5 has an invalid length.
[  633.474615][T12470] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1687'.
[  633.511361][T12472] netlink: 'syz.5.1686': attribute type 26 has an invalid length.
[  633.687984][T12472] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2002004523 (16016036184 ns) > initial count (15641406552 ns). Using initial count to start timer.
[  633.725607][T12474] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1688'.
[  633.774468][T12475] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pid=12475 comm=syz.5.1686
[  633.792153][T12474] netlink: 'syz.4.1688': attribute type 5 has an invalid length.
[  633.965834][T12474] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1688'.
[  634.265896][   T30] audit: type=1400 audit(2000000165.460:557): avc:  denied  { node_bind } for  pid=12486 comm="syz.3.1692" saddr=::1 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  634.315044][   T30] audit: type=1400 audit(2000000165.510:558): avc:  denied  { accept } for  pid=12488 comm="syz.4.1693" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  634.378233][   T30] audit: type=1400 audit(2000000165.570:559): avc:  denied  { ioctl } for  pid=12488 comm="syz.4.1693" path="socket:[34628]" dev="sockfs" ino=34628 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  634.444796][ T5960] hid (null): unknown global tag 0xe
[  634.457233][ T5960] hid (null): invalid report_size 1492202883
[  634.565639][  T977] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  634.782217][  T977] usb 4-1: Using ep0 maxpacket: 8
[  634.795747][  T977] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  634.833512][  T977] usb 4-1: New USB device found, idVendor=04b3, idProduct=3108, bcdDevice= 0.00
[  634.864598][ T5960] hid-generic 943E:0000:0003.000C: unknown main item tag 0x7
[  634.866818][  T977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.900040][ T5960] hid-generic 943E:0000:0003.000C: unknown global tag 0xe
[  634.913329][ T5960] hid-generic 943E:0000:0003.000C: item 0 1 1 14 parsing failed
[  634.914986][  T977] usb 4-1: config 0 descriptor??
[  634.942561][ T5960] hid-generic 943E:0000:0003.000C: probe with driver hid-generic failed with error -22
[  635.555924][  T977] usbhid 4-1:0.0: can't add hid device: -71
[  635.581023][  T977] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  635.655205][  T977] usb 4-1: USB disconnect, device number 16
[  635.699491][   T30] audit: type=1400 audit(2000000166.890:560): avc:  denied  { sqpoll } for  pid=12481 comm="syz.1.1690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  636.031432][ T5960] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  636.141273][  T117] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  636.371094][  T117] usb 1-1: Using ep0 maxpacket: 32
[  636.380687][ T5960] usb 6-1: Using ep0 maxpacket: 32
[  636.582018][  T117] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  636.590559][  T117] usb 1-1: config 0 has no interface number 0
[  637.249261][  T117] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  637.335238][ T5960] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  637.346505][  T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.356731][ T5960] usb 6-1: config 0 has no interface number 0
[  637.371831][  T117] usb 1-1: Product: syz
[  637.376037][  T117] usb 1-1: Manufacturer: syz
[  637.391004][  T117] usb 1-1: SerialNumber: syz
[  637.398296][ T5960] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  637.415435][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.441220][ T5960] usb 6-1: Product: syz
[  637.450349][  T117] usb 1-1: config 0 descriptor??
[  637.474692][ T5960] usb 6-1: Manufacturer: syz
[  637.488774][   T30] audit: type=1400 audit(2000000168.680:561): avc:  denied  { setopt } for  pid=12533 comm="syz.1.1705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  637.492528][ T5960] usb 6-1: SerialNumber: syz
[  637.509981][T12534] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1705'.
[  637.516009][  T117] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  637.543952][T12534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1705'.
[  637.545150][ T5960] usb 6-1: config 0 descriptor??
[  637.565460][ T5960] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  637.571040][   T30] audit: type=1400 audit(2000000168.760:562): avc:  denied  { create } for  pid=12537 comm="syz.3.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  637.577203][ T5960] usb 6-1: selecting invalid altsetting 1
[  637.594106][T12534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1705'.
[  637.600969][ T5960] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  637.624656][ T5960] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  637.640172][   T30] audit: type=1400 audit(2000000168.810:563): avc:  denied  { sys_admin } for  pid=12537 comm="syz.3.1707" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  637.678317][ T5960] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  637.690871][ T5960] usb 6-1: media controller created
[  637.722244][   T30] audit: type=1400 audit(2000000168.830:564): avc:  denied  { bind } for  pid=12533 comm="syz.1.1705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  637.728009][ T5960] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  637.758654][  T117] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  637.817144][  T117] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  637.830135][T12552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  637.840933][T12552] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  637.850708][   T30] audit: type=1400 audit(2000000169.020:565): avc:  denied  { ioctl } for  pid=12511 comm="syz.5.1699" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xf512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  637.912995][T12554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1711'.
[  638.001456][  T977] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  638.031271][  T974] usb 4-1: new low-speed USB device number 17 using dummy_hcd
[  638.154797][  T977] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  638.166801][  T977] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  638.181206][  T977] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  638.194565][  T974] usb 4-1: unable to get BOS descriptor or descriptor too short
[  638.205382][  T974] usb 4-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  638.205516][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  638.217885][  T977] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  638.225859][   T10] usb 1-1: USB disconnect, device number 54
[  638.241225][  T974] usb 4-1: config 1 interface 0 has no altsetting 0
[  638.248150][  T977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.248298][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  638.257385][  T974] usb 4-1: language id specifier not provided by device, defaulting to English
[  638.267917][  T117] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  638.287137][T12549] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  638.291124][  T974] usb 4-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  638.297674][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  638.317652][  T974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.328354][   T10] quatech2 1-1:0.51: device disconnected
[  638.333403][  T974] usb 4-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓䁪ᜃ램닆芚פֿᥘ掎묗䷄㪭毦祒ꂄ⪕㇗ሑ땃㢽꺗ꪒ悓䒬簾叼딶되羔⊽㍣︮疊㭶笠睪闣韩仔齄撎랙椱ᩊ๿匼娝疂䄨蛽홺嘬㶱〡糒솜琬嫳⒍鐌滃帔蚚幾캧㝢았깽╜틻㳃뜧ࠩ鏪躉렉옶辵钝芓徂㞝
[  638.369674][T12547] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  638.441421][  T117] usb 2-1: Using ep0 maxpacket: 16
[  638.448186][  T117] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  638.459422][  T117] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  638.469439][  T117] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  638.482482][  T117] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  638.493359][  T117] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.509499][  T117] usb 2-1: config 0 descriptor??
[  638.593261][  T974] usbhid 4-1:1.0: can't add hid device: -71
[  638.599281][  T974] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  638.611945][  T974] usb 4-1: USB disconnect, device number 17
[  638.851804][ T5960] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  638.859264][ T5960] zl10353_read_register: readreg error (reg=127, ret==-110)
[  638.919169][   T30] audit: type=1400 audit(2000000170.110:566): avc:  denied  { setattr } for  pid=6035 comm="syz-executor" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  638.919244][ T5960] usb 6-1: USB disconnect, device number 59
[  638.967696][  T117] shield 0003:0955:7214.000D: unknown main item tag 0x0
[  638.980545][  T117] shield 0003:0955:7214.000D: unknown main item tag 0x0
[  639.011247][  T117] shield 0003:0955:7214.000D: unknown main item tag 0x0
[  639.018253][  T117] shield 0003:0955:7214.000D: unknown main item tag 0x0
[  639.028860][  T117] shield 0003:0955:7214.000D: unknown main item tag 0x0
[  639.051935][  T117] input: HID 0955:7214 Haptics as /devices/virtual/input/input44
[  639.081475][  T974] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  639.131972][  T117] shield 0003:0955:7214.000D: Registered Thunderstrike controller
[  639.139975][  T977] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  639.148517][  T117] shield 0003:0955:7214.000D: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0
[  639.165131][  T977] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input43
[  639.165330][T12557] netlink: 'syz.1.1712': attribute type 2 has an invalid length.
[  639.206398][T12557] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1712'.
[  639.239609][  T977] usb 5-1: USB disconnect, device number 52
[  639.245652][    C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  639.275134][  T974] usb 1-1: Using ep0 maxpacket: 8
[  639.288911][  T974] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  639.302732][   T30] audit: type=1400 audit(2000000170.450:567): avc:  denied  { name_connect } for  pid=12555 comm="syz.1.1712" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  639.336190][  T974] usb 1-1: New USB device found, idVendor=04b3, idProduct=3108, bcdDevice= 0.00
[  639.355912][  T974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.379136][  T974] usb 1-1: config 0 descriptor??
[  640.153678][  T974] usbhid 1-1:0.0: can't add hid device: -71
[  640.171102][  T974] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  640.219423][  T974] usb 1-1: USB disconnect, device number 55
[  640.311952][ T5960] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN
[  640.342297][ T5960] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  640.382460][ T5960] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE
[  640.402805][ T5960] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE
[  640.447082][  T117] usb 2-1: reset high-speed USB device number 38 using dummy_hcd
[  640.671570][  T117] usb 2-1: device descriptor read/64, error -32
[  640.702967][ T5838] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  641.547865][T12586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  641.591589][T12586] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  641.901789][  T977] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  642.000082][   T10] usb 2-1: USB disconnect, device number 38
[  642.081353][  T977] usb 4-1: Using ep0 maxpacket: 32
[  642.095804][  T977] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  642.118963][  T977] usb 4-1: config 0 has no interface number 0
[  642.144105][  T977] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  642.168263][  T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.201254][  T977] usb 4-1: Product: syz
[  642.211405][  T977] usb 4-1: Manufacturer: syz
[  642.217587][  T977] usb 4-1: SerialNumber: syz
[  642.246662][  T977] usb 4-1: config 0 descriptor??
[  642.251432][   T10] usb 2-1: new low-speed USB device number 39 using dummy_hcd
[  642.270710][  T977] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  642.567796][T12604] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  642.973600][  T977] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  642.988035][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  643.006349][   T10] usb 2-1: unable to read config index 0 descriptor/start: -71
[  643.018807][  T977] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  643.024394][   T10] usb 2-1: can't read configurations, error -71
[  643.225628][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  643.238270][  T977] usb 4-1: USB disconnect, device number 18
[  643.248379][  T977] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  643.305954][  T977] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  643.558296][  T977] quatech2 4-1:0.51: device disconnected
[  644.521253][ T5960] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  644.715842][T12627] 9pnet_fd: Insufficient options for proto=fd
[  644.743306][T12629] netlink: 'syz.3.1734': attribute type 11 has an invalid length.
[  645.102101][ T5960] usb 1-1: Using ep0 maxpacket: 32
[  645.111921][ T5960] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  645.120110][ T5960] usb 1-1: config 0 has no interface number 0
[  645.135284][ T5960] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  645.146606][ T5960] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.164979][ T5960] usb 1-1: Product: syz
[  645.169184][ T5960] usb 1-1: Manufacturer: syz
[  645.184504][ T5960] usb 1-1: SerialNumber: syz
[  645.260088][ T5960] usb 1-1: config 0 descriptor??
[  645.284192][ T5960] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  645.296285][   T30] audit: type=1400 audit(2000000176.490:568): avc:  denied  { create } for  pid=12631 comm="syz.1.1735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  645.344826][   T30] audit: type=1400 audit(2000000176.490:569): avc:  denied  { remount } for  pid=12631 comm="syz.1.1735" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  645.385883][   T30] audit: type=1400 audit(2000000176.490:570): avc:  denied  { ioctl } for  pid=12631 comm="syz.1.1735" path="socket:[35447]" dev="sockfs" ino=35447 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  645.490832][ T5960] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  645.494294][   T30] audit: type=1800 audit(2000000176.490:571): pid=12632 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.1735" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  645.528612][ T5960] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  645.565389][T12641] netlink: 'syz.1.1736': attribute type 20 has an invalid length.
[  645.767744][T12641] dvmrp17: entered allmulticast mode
[  645.778207][T12645] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1736'.
[  645.791593][T12644] dvmrp17: left allmulticast mode
[  646.071720][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  646.071987][   T48] usb 1-1: USB disconnect, device number 57
[  646.414122][   T48] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  646.466225][   T48] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  646.499187][   T48] quatech2 1-1:0.51: device disconnected
[  646.776620][T12662] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1742'.
[  647.399492][T12666] Device name cannot be null; rc = [-22]
[  647.612040][  T117] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  647.841232][  T117] usb 2-1: Using ep0 maxpacket: 32
[  647.854118][  T117] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  647.871328][  T117] usb 2-1: config 0 has no interface number 0
[  647.886794][  T117] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  647.925075][  T117] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.945974][  T117] usb 2-1: Product: syz
[  648.047559][  T117] usb 2-1: Manufacturer: syz
[  648.057868][  T117] usb 2-1: SerialNumber: syz
[  648.109280][  T117] usb 2-1: config 0 descriptor??
[  648.632832][  T117] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  648.660259][  T117] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  648.678991][  T117] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  648.940615][ T5838] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  649.260276][T12691] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  649.561477][   T30] audit: type=1400 audit(2000000180.750:572): avc:  denied  { read } for  pid=12692 comm="syz.0.1750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  649.596764][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  649.606441][  T117] usb 2-1: USB disconnect, device number 41
[  649.626366][  T117] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  649.667888][  T117] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  649.696547][  T117] quatech2 2-1:0.51: device disconnected
[  650.145592][T12702] netlink: 'syz.4.1752': attribute type 1 has an invalid length.
[  650.155715][T12702] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1752'.
[  650.163455][  T974] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  650.320666][T12706] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1754'.
[  650.362067][  T974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  650.510689][  T974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  650.581506][  T974] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  650.632216][   T30] audit: type=1400 audit(2000000181.830:573): avc:  denied  { watch_sb } for  pid=12700 comm="syz.4.1752" path="/383" dev="tmpfs" ino=2055 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  650.641556][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.709024][  T974] usb 4-1: config 0 descriptor??
[  650.788804][  T988] Bluetooth: hci5: Frame reassembly failed (-84)
[  651.227606][T12715] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1757'.
[  651.237187][T12715] netlink: 'syz.4.1757': attribute type 5 has an invalid length.
[  651.245695][T12715] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1757'.
[  651.618271][  T974] uclogic 0003:256C:006D.000E: failed retrieving Huion firmware version: -71
[  651.629902][  T974] uclogic 0003:256C:006D.000E: failed probing parameters: -71
[  651.643941][  T974] uclogic 0003:256C:006D.000E: probe with driver uclogic failed with error -71
[  651.685378][  T974] usb 4-1: USB disconnect, device number 19
[  651.690130][T12717] usb usb8: usbfs: process 12717 (syz.4.1758) did not claim interface 0 before use
[  652.771416][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  653.115314][T12727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1760'.
[  653.331957][T12730] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1761'.
[  654.311047][T12738] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  654.369141][   T30] audit: type=1400 audit(2000000185.560:574): avc:  denied  { append } for  pid=12744 comm="syz.0.1766" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  654.396165][T12745] usb usb1: usbfs: process 12745 (syz.0.1766) did not claim interface 0 before use
[  654.560321][T12745] overlay: Unknown parameter 'dont_appraise'
[  654.977617][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  654.987356][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  655.001424][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  655.012029][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  655.020609][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  655.034542][  T117] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  655.135198][T12758] lo speed is unknown, defaulting to 1000
[  655.136109][T12761] nvme_fabrics: missing parameter 'transport=%s'
[  655.186609][T12765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1771'.
[  655.191360][  T117] usb 1-1: Using ep0 maxpacket: 8
[  655.201758][T12761] nvme_fabrics: missing parameter 'nqn=%s'
[  655.202915][  T117] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  655.211926][T12765] netlink: 'syz.1.1771': attribute type 5 has an invalid length.
[  655.228681][  T117] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  655.244757][  T117] usb 1-1: config 0 interface 0 has no altsetting 0
[  655.268446][T12765] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1771'.
[  655.292059][  T117] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  655.314562][   T49] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.326667][  T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.334859][   T49] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  655.346895][  T117] usb 1-1: Product: syz
[  655.353463][  T117] usb 1-1: Manufacturer: syz
[  655.359565][  T117] usb 1-1: SerialNumber: syz
[  655.386890][  T117] usb 1-1: config 0 descriptor??
[  655.437067][  T117] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found
[  655.528798][   T49] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.545625][   T49] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  655.640600][  T117] snd_usb_toneport 1-1:0.0: cannot get proper max packet size
[  655.665921][  T117] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected
[  655.693506][  T117] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  655.721334][T12775] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1774'.
[  655.737214][   T49] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.752997][   T49] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  655.861525][ T5960] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  655.877660][   T49] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.888433][   T49] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  655.930762][T12758] chnl_net:caif_netlink_parms(): no params data found
[  655.951293][  T117] usb 1-1: USB disconnect, device number 58
[  656.028303][ T5960] usb 2-1: Using ep0 maxpacket: 32
[  656.050904][ T5960] usb 2-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[  656.068944][ T5960] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.106666][ T5960] usb 2-1: config 0 descriptor??
[  656.227769][   T30] audit: type=1400 audit(2000000187.330:575): avc:  denied  { read } for  pid=12782 comm="syz.3.1776" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  656.243169][ T5960] usb 2-1: selecting invalid altsetting 3
[  656.254648][   T30] audit: type=1400 audit(2000000187.330:576): avc:  denied  { open } for  pid=12782 comm="syz.3.1776" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  656.750259][ T5960] comedi comedi4: could not set alternate setting 3 in high speed
[  656.762582][   T30] audit: type=1400 audit(2000000187.600:577): avc:  denied  { ioctl } for  pid=12782 comm="syz.3.1776" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  656.789046][    C0] vkms_vblank_simulate: vblank timer overrun
[  656.799203][T12772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1773'.
[  656.809588][ T5960] usbduxsigma 2-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[  657.213648][ T5840] Bluetooth: hci2: command tx timeout
[  657.235494][ T5960] usbduxsigma 2-1:0.0: probe with driver usbduxsigma failed with error -22
[  657.266589][T12758] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.269812][ T5960] usb 2-1: USB disconnect, device number 42
[  657.298037][T12758] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.323394][T12758] bridge_slave_0: entered allmulticast mode
[  657.635377][T12758] bridge_slave_0: entered promiscuous mode
[  657.657007][T12758] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.664695][T12758] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.676490][T12758] bridge_slave_1: entered allmulticast mode
[  657.693415][T12758] bridge_slave_1: entered promiscuous mode
[  657.852144][T12758] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.864048][T12758] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.911971][   T49] dummy0: left allmulticast mode
[  657.921466][   T49] bridge0: port 3(dummy0) entered disabled state
[  657.974283][   T49] bridge_slave_1: left allmulticast mode
[  657.990181][   T49] bridge_slave_1: left promiscuous mode
[  658.017773][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.418922][   T49] bridge_slave_0: left allmulticast mode
[  658.431266][   T49] bridge_slave_0: left promiscuous mode
[  658.571767][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  658.640565][  T988] Bluetooth: hci5: Frame reassembly failed (-84)
[  658.802657][   T49] bond_slave_0: left promiscuous mode
[  658.822297][   T49] bond_slave_1: left promiscuous mode
[  658.921234][  T974] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  659.171329][  T974] usb 2-1: Using ep0 maxpacket: 32
[  659.177880][  T974] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  659.209505][  T974] usb 2-1: config 0 has no interface number 0
[  659.232630][  T974] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  659.255262][ T5838] Bluetooth: hci2: command tx timeout
[  659.262553][  T974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.270590][  T974] usb 2-1: Product: syz
[  659.277823][  T974] usb 2-1: Manufacturer: syz
[  659.290155][  T974] usb 2-1: SerialNumber: syz
[  659.321671][  T974] usb 2-1: config 0 descriptor??
[  659.343651][  T974] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  659.548470][  T974] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  659.567378][  T974] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  659.727258][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  659.738488][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  659.753010][   T49] bond0 (unregistering): Released all slaves
[  659.918442][T12758] team0: Port device team_slave_0 added
[  659.937048][T12758] team0: Port device team_slave_1 added
[  660.691279][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  660.698547][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  661.176741][T12758] batman_adv: batadv0: Adding interface: batadv_slave_0
[  661.187186][T12758] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  661.214077][T12758] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  661.333314][ T5840] Bluetooth: hci2: command tx timeout
[  661.869439][T12758] batman_adv: batadv0: Adding interface: batadv_slave_1
[  661.876839][T12758] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  661.912514][T12758] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  661.946557][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  661.952558][ T5960] usb 2-1: USB disconnect, device number 43
[  661.996294][ T5960] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  662.035775][ T5960] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  662.056682][ T5960] quatech2 2-1:0.51: device disconnected
[  662.097998][   T49] hsr_slave_0: left promiscuous mode
[  662.107493][   T49] hsr_slave_1: left promiscuous mode
[  662.134469][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  662.148744][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  662.280152][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  662.308921][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  662.542543][   T49] veth1_macvtap: left promiscuous mode
[  662.548144][   T49] veth0_macvtap: left promiscuous mode
[  662.599397][   T49] veth1_vlan: left promiscuous mode
[  662.634862][   T49] veth0_vlan: left promiscuous mode
[  663.433820][ T5840] Bluetooth: hci2: command tx timeout
[  664.269935][   T49] team0 (unregistering): Port device team_slave_1 removed
[  664.307379][   T49] team0 (unregistering): Port device team_slave_0 removed
[  664.686066][T12758] hsr_slave_0: entered promiscuous mode
[  664.695898][T12758] hsr_slave_1: entered promiscuous mode
[  664.707786][T12758] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  664.716997][T12758] Cannot create hsr debugfs directory
[  664.753889][   T30] audit: type=1400 audit(2000000195.950:578): avc:  denied  { setopt } for  pid=12893 comm="syz.0.1799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  665.025443][  T117] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  665.435548][  T117] usb 1-1: Using ep0 maxpacket: 16
[  665.752416][  T117] usb 1-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76
[  665.780795][  T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.799342][  T117] usb 1-1: Product: syz
[  665.810657][  T117] usb 1-1: Manufacturer: syz
[  665.822107][  T117] usb 1-1: SerialNumber: syz
[  665.848361][  T117] usb 1-1: config 0 descriptor??
[  665.898036][T12758] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  666.024248][  T977] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  666.026055][T12758] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  666.143931][T12758] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  666.241840][  T977] usb 2-1: Using ep0 maxpacket: 32
[  666.260381][  T977] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  666.271014][  T977] usb 2-1: config 0 has no interface number 0
[  666.280958][T12758] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  666.283302][  T977] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  666.328400][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.346242][  T977] usb 2-1: Product: syz
[  666.350589][  T977] usb 2-1: Manufacturer: syz
[  666.360813][  T977] usb 2-1: SerialNumber: syz
[  666.381820][  T977] usb 2-1: config 0 descriptor??
[  666.396513][  T977] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  666.432445][ T5969] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  666.641372][ T5969] usb 5-1: Using ep0 maxpacket: 16
[  666.735087][  T977] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  666.740832][T12758] 8021q: adding VLAN 0 to HW filter on device bond0
[  666.798586][ T5969] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  666.803497][  T977] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  666.881205][ T5969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  666.958039][ T5969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  666.976458][T12758] 8021q: adding VLAN 0 to HW filter on device team0
[  666.991291][ T5969] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  667.001020][ T5969] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  667.033494][ T4250] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.040621][ T4250] bridge0: port 1(bridge_slave_0) entered forwarding state
[  667.084698][ T4250] bridge0: port 2(bridge_slave_1) entered blocking state
[  667.086213][T12943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1808'.
[  667.091905][ T4250] bridge0: port 2(bridge_slave_1) entered forwarding state
[  667.121059][ T5969] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  667.135073][ T5969] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  667.159560][ T5969] usb 5-1: Manufacturer: syz
[  667.172537][ T5969] usb 5-1: config 0 descriptor??
[  667.253857][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  667.267194][  T977] usb 2-1: USB disconnect, device number 44
[  667.311992][  T977] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  667.351998][  T977] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  667.405410][  T977] quatech2 2-1:0.51: device disconnected
[  667.504569][   T30] audit: type=1400 audit(2000000198.670:579): avc:  denied  { execute } for  pid=12951 comm="syz.3.1809" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=36671 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  667.531846][ T5969] rc_core: IR keymap rc-hauppauge not found
[  667.553409][ T5969] Registered IR keymap rc-empty
[  667.577874][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  667.622178][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  667.665472][ T5969] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  667.702920][T12758] 8021q: adding VLAN 0 to HW filter on device batadv0
[  667.713638][ T5969] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input45
[  667.749385][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  667.801562][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  667.866272][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  667.875023][  T117] usb_8dev 1-1:0.0 can0: sending command message failed
[  667.906491][  T117] usb_8dev 1-1:0.0 can0: can't get firmware version
[  667.931396][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.231704][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.267816][  T117] usb_8dev 1-1:0.0: probe with driver usb_8dev failed with error -22
[  668.276092][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.329384][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.336759][  T117] usb 1-1: USB disconnect, device number 59
[  668.362474][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.402784][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.512367][ T5969] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.765320][ T5969] mceusb 5-1:0.0: Registered  with mce emulator interface version 1
[  668.781576][ T5969] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  668.794708][ T5969] usb 5-1: USB disconnect, device number 53
[  668.854466][T12758] veth0_vlan: entered promiscuous mode
[  669.083611][T12758] veth1_vlan: entered promiscuous mode
[  669.298915][T12758] veth0_macvtap: entered promiscuous mode
[  669.323453][T12758] veth1_macvtap: entered promiscuous mode
[  669.364445][T12758] batman_adv: batadv0: Interface activated: batadv_slave_0
[  669.379617][T12758] batman_adv: batadv0: Interface activated: batadv_slave_1
[  669.411522][T12758] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  669.430586][T12758] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  669.443267][T12758] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  669.452692][T12758] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  669.478643][T13002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1817'.
[  669.541688][ T5969] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  669.627407][  T988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  669.651494][  T988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  669.708933][ T4250] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  669.718818][ T4250] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  669.730483][ T5969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  669.756490][ T5969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  669.761201][   T30] audit: type=1400 audit(2000000200.950:580): avc:  denied  { mounton } for  pid=12758 comm="syz-executor" path="/root/syzkaller.N9ONu5/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=37984 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  669.769179][ T5969] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  669.839930][   T30] audit: type=1400 audit(2000000201.020:581): avc:  denied  { mounton } for  pid=12758 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  670.221410][ T5969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.241811][ T5969] usb 5-1: config 0 descriptor??
[  670.728805][T13028] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1765'.
[  671.122940][   T48] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  671.123135][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  671.132794][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  671.321645][T13044] tipc: Started in network mode
[  671.326749][T13044] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  671.335997][T13044] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  671.538789][ T5969] uclogic 0003:256C:006D.000F: failed retrieving Huion firmware version: -71
[  671.551546][   T48] usb 4-1: Using ep0 maxpacket: 8
[  671.623521][T13040] overlayfs: overlapping lowerdir path
[  671.652713][ T5969] uclogic 0003:256C:006D.000F: failed probing parameters: -71
[  671.666061][T13046] afs: Unknown parameter 'dyn3��g�8��q��'
[  671.691475][   T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  671.694784][ T5969] uclogic 0003:256C:006D.000F: probe with driver uclogic failed with error -71
[  671.773334][T13048] tipc: Started in network mode
[  671.778387][T13048] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  671.798121][T13048] tipc: Enabled bearer <udp:s>, priority 10
[  672.026473][ T5969] usb 5-1: USB disconnect, device number 54
[  672.049180][   T48] usb 4-1: New USB device found, idVendor=04b3, idProduct=3108, bcdDevice= 0.00
[  672.079518][   T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.127620][   T48] usb 4-1: config 0 descriptor??
[  672.783196][   T48] usbhid 4-1:0.0: can't add hid device: -71
[  672.798942][   T48] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  672.823269][   T48] usb 4-1: USB disconnect, device number 20
[  672.916071][ T5969] tipc: Node number set to 4269801488
[  672.962994][T13057] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  672.969095][T13057] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  672.978780][T13057] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  672.984721][T13057] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  673.062390][T13057] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  673.068377][T13057] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  673.077003][T13057] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  673.083637][T13057] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  673.092127][T13057] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  673.098029][T13057] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  673.161792][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  673.431435][   T24] usb 7-1: Using ep0 maxpacket: 16
[  673.457776][   T30] audit: type=1400 audit(2000000204.650:582): avc:  denied  { create } for  pid=13068 comm="syz.0.1827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  673.491373][   T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  673.537061][   T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  673.567765][   T30] audit: type=1400 audit(2000000204.760:583): avc:  denied  { ioctl } for  pid=13068 comm="syz.0.1827" path="socket:[38128]" dev="sockfs" ino=38128 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  673.595173][   T24] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  673.634235][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.652042][   T24] usb 7-1: Product: syz
[  673.661732][   T24] usb 7-1: Manufacturer: syz
[  673.666371][   T24] usb 7-1: SerialNumber: syz
[  673.697322][   T30] audit: type=1400 audit(2000000204.820:584): avc:  denied  { setopt } for  pid=13068 comm="syz.0.1827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  673.810747][T13086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1830'.
[  673.989652][   T24] usb 7-1: 0:2 : does not exist
[  674.130342][   T24] usb 7-1: 5:0: failed to get current value for ch 0 (-22)
[  674.268948][   T24] usb 7-1: USB disconnect, device number 2
[  674.338880][ T7921] udevd[7921]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  675.400761][ T5976] Bluetooth: hci5: Frame reassembly failed (-84)
[  675.552631][T13127] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1838'.
[  675.963332][  T117] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  676.670910][  T117] usb 1-1: Using ep0 maxpacket: 8
[  676.692888][  T117] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  676.710824][  T117] usb 1-1: New USB device found, idVendor=04b3, idProduct=3108, bcdDevice= 0.00
[  676.748126][  T117] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.771732][  T117] usb 1-1: config 0 descriptor??
[  677.002536][  T117] usbhid 1-1:0.0: can't add hid device: -71
[  677.021865][  T117] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  677.067832][  T117] usb 1-1: USB disconnect, device number 60
[  677.332333][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  677.336745][T13161] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  677.561312][  T974] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  677.771377][  T974] usb 5-1: Using ep0 maxpacket: 8
[  677.840753][  T974] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  677.917622][  T974] usb 5-1: config 179 has no interface number 0
[  677.984977][  T974] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  678.009162][   T24] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  678.069072][  T974] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  678.126030][  T974] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  678.139774][  T974] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  678.162864][  T974] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  678.191749][  T974] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  678.233030][   T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55
[  678.258125][  T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.299778][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.387816][   T24] usb 2-1: Product: syz
[  678.414134][   T24] usb 2-1: Manufacturer: syz
[  678.453264][T13155] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  678.476107][   T24] usb 2-1: SerialNumber: syz
[  678.580745][  T974] xpad 5-1:179.65: probe with driver xpad failed with error -5
[  678.627898][   T24] usb 2-1: config 0 descriptor??
[  678.640667][   T24] gspca_main: sonixb-2.14.0 probing 0c45:60a8
[  678.801435][ T5960] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[  679.277523][   T24] sonixb 2-1:0.0: Error reading register 00: -110
[  679.283318][T13185] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1851'.
[  679.791125][   T49] Bluetooth: hci5: Frame reassembly failed (-84)
[  679.955395][   T49] Bluetooth: hci5: Frame reassembly failed (-84)
[  679.967699][ T5960] usb 4-1: unable to get BOS descriptor or descriptor too short
[  679.998371][ T5960] usb 4-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  680.029503][ T5960] usb 4-1: config 1 interface 0 has no altsetting 0
[  680.031353][   T24] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  680.059059][ T5960] usb 4-1: language id specifier not provided by device, defaulting to English
[  680.194632][   T24] usb 1-1: config 0 has an invalid interface number: 69 but max is 0
[  680.203431][   T24] usb 1-1: config 0 has no interface number 0
[  680.209541][   T24] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  680.223469][   T24] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  680.238770][   T24] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  680.252724][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.265676][   T24] usb 1-1: Product: syz
[  680.269885][   T24] usb 1-1: Manufacturer: syz
[  680.275720][   T24] usb 1-1: SerialNumber: syz
[  680.285553][   T24] usb 1-1: config 0 descriptor??
[  680.293812][T13191] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  680.309354][   T24] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  680.325399][   T24] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  680.648671][  T117] usb 5-1: USB disconnect, device number 55
[  681.087633][   T10] usb 2-1: USB disconnect, device number 45
[  681.141645][  T117] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  681.518936][   T13] Bluetooth: hci6: Frame reassembly failed (-84)
[  681.573089][ T5960] usb 4-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  681.585354][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.594600][  T117] usb 5-1: Using ep0 maxpacket: 16
[  681.602947][  T117] usb 5-1: config 5 has an invalid interface number: 168 but max is 0
[  681.621421][ T5960] usb 4-1: can't set config #1, error -71
[  681.630886][  T117] usb 5-1: config 5 has no interface number 0
[  681.642615][ T5960] usb 4-1: USB disconnect, device number 21
[  681.652165][  T117] usb 5-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  681.675512][  T117] usb 5-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024
[  681.686426][  T117] usb 5-1: config 5 interface 168 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 1023
[  681.702386][  T117] usb 5-1: config 5 interface 168 has no altsetting 0
[  681.712397][  T117] usb 5-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[  681.728049][  T117] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.737545][  T117] usb 5-1: Product: syz
[  681.745485][  T117] usb 5-1: Manufacturer: syz
[  681.750261][  T117] usb 5-1: SerialNumber: syz
[  681.760754][T13215] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  681.768297][T13215] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  681.894009][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  681.900643][ T5833] Bluetooth: hci5: command 0x1003 tx timeout
[  682.157156][T13239] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1857'.
[  683.096584][T10326] usb 1-1: USB disconnect, device number 61
[  683.292381][T10326] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  683.494737][ T5840] Bluetooth: hci6: command 0x1003 tx timeout
[  683.513131][ T5838] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  683.553840][T13247] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  683.777663][T10326] cyberjack 1-1:0.69: device disconnected
[  683.932283][T13251] usb usb8: usbfs: process 13251 (syz.3.1859) did not claim interface 0 before use
[  684.069164][T13256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1861'.
[  684.078260][T13256] openvswitch: netlink: Flow actions attr not present in new flow.
[  684.438346][   T30] audit: type=1400 audit(2000000215.620:585): avc:  denied  { read write } for  pid=13250 comm="syz.6.1860" name="vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:dhcp_etc_t:s0"
[  684.598492][   T30] audit: type=1400 audit(2000000215.620:586): avc:  denied  { open } for  pid=13250 comm="syz.6.1860" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:dhcp_etc_t:s0"
[  684.707709][   T30] audit: type=1400 audit(2000000215.630:587): avc:  denied  { ioctl } for  pid=13250 comm="syz.6.1860" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf60 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:dhcp_etc_t:s0"
[  685.054286][    C0] usb 5-1: NFC: Urb failure (status -71)
[  685.060493][    C0] usb 5-1: NFC: Urb failure (status -71)
[  685.227423][  T117] usb 5-1: NFC: Unable to get FW version
[  685.252666][  T117] pn533_usb 5-1:5.168: probe with driver pn533_usb failed with error -71
[  685.414277][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  685.588265][  T117] usb 5-1: USB disconnect, device number 56
[  686.132120][  T117] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  686.181315][ T5960] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  686.345892][ T5960] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  686.358410][  T117] usb 5-1: device descriptor read/64, error -71
[  686.389030][ T5960] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  686.419703][ T5960] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  686.450903][ T5960] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3232, bcdDevice= 0.00
[  686.491264][   T10] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  686.502059][ T5960] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.532197][ T5960] usb 2-1: config 0 descriptor??
[  686.632149][  T117] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  686.661353][   T10] usb 1-1: Using ep0 maxpacket: 16
[  686.670804][   T10] usb 1-1: config 0 has an invalid interface number: 160 but max is 0
[  686.685111][   T10] usb 1-1: config 0 has no interface number 0
[  686.706870][   T10] usb 1-1: New USB device found, idVendor=1164, idProduct=1e8c, bcdDevice=c9.10
[  686.726199][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.752082][   T10] usb 1-1: Product: syz
[  686.769026][   T10] usb 1-1: Manufacturer: syz
[  686.774129][  T117] usb 5-1: device descriptor read/64, error -71
[  686.790599][   T10] usb 1-1: SerialNumber: syz
[  686.821622][   T10] usb 1-1: config 0 descriptor??
[  686.892217][  T117] usb usb5-port1: attempt power cycle
[  687.067151][ T5960] ryos 0003:1E7D:3232.0010: hidraw0: USB HID v0.00 Device [HID 1e7d:3232] on usb-dummy_hcd.1-1/input0
[  687.277840][  T117] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  687.368770][   T10] dvb-usb: found a 'YUAN High-Tech DiBcom STK7700D' in cold state, will try to load a firmware
[  687.387591][  T117] usb 5-1: device descriptor read/8, error -71
[  688.308741][   T10] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  688.359628][   T10] dib0700: firmware download failed at 7 with -22
[  688.408791][   T10] usb 1-1: USB disconnect, device number 62
[  688.451669][  T117] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  689.334155][ T5969] usb 2-1: USB disconnect, device number 46
[  689.441341][   T24] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  689.556077][  T117] usb 5-1: device not accepting address 60, error -71
[  689.584895][T13336] afs: Unknown parameter 'dyn3��g�8��q��T��~�'
[  689.599847][  T117] usb usb5-port1: unable to enumerate USB device
[  689.651660][   T24] usb 4-1: Using ep0 maxpacket: 16
[  689.658576][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  689.766402][T13341] overlayfs: overlapping lowerdir path
[  689.776085][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  689.791436][   T10] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  690.064135][   T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  690.089167][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.126171][   T24] usb 4-1: Product: syz
[  690.130394][   T24] usb 4-1: Manufacturer: syz
[  690.146394][   T24] usb 4-1: SerialNumber: syz
[  690.294160][   T10] usb 1-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  690.387996][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.631712][   T10] usb 1-1: Product: syz
[  690.655791][   T10] usb 1-1: Manufacturer: syz
[  690.660414][   T10] usb 1-1: SerialNumber: syz
[  690.829846][   T24] usb 4-1: 0:2 : does not exist
[  690.852141][   T10] usb 1-1: config 0 descriptor??
[  690.891392][   T10] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22
[  691.687972][   T30] audit: type=1400 audit(2000000222.850:588): avc:  denied  { setattr } for  pid=13320 comm="syz.0.1873" name="ttynull" dev="devtmpfs" ino=620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  692.079106][   T30] audit: type=1400 audit(2000000223.270:589): avc:  denied  { write } for  pid=13364 comm="syz.4.1882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  692.164042][  T117] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  692.421214][  T117] usb 2-1: Using ep0 maxpacket: 32
[  692.438802][  T117] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  692.451321][  T117] usb 2-1: config 0 has no interface number 0
[  693.010127][  T117] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  693.035211][  T117] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.055748][   T24] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  693.098998][  T117] usb 2-1: Product: syz
[  693.146496][  T117] usb 2-1: Manufacturer: syz
[  693.149899][   T24] usb 4-1: USB disconnect, device number 22
[  693.208457][T13364] delete_channel: no stack
[  693.236518][  T117] usb 2-1: SerialNumber: syz
[  693.284604][  T117] usb 2-1: config 0 descriptor??
[  693.300010][   T10] usb 1-1: USB disconnect, device number 63
[  693.333059][  T117] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  693.518967][   T30] audit: type=1400 audit(2000000224.550:590): avc:  denied  { setattr } for  pid=13379 comm="syz.3.1887" name="cec3" dev="devtmpfs" ino=963 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  694.297808][   T30] audit: type=1400 audit(2000000225.480:591): avc:  denied  { checkpoint_restore } for  pid=13379 comm="syz.3.1887" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  694.602730][  T117] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  695.025542][T13394] afs: Unknown parameter 'dyn3��g�8��q��T��~�'
[  695.033097][T13394] overlayfs: overlapping lowerdir path
[  696.224961][  T117] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  696.237151][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  696.251403][  T117] usb 2-1: USB disconnect, device number 47
[  696.260316][  T117] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  696.356922][  T117] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  696.430677][  T117] quatech2 2-1:0.51: device disconnected
[  696.772192][T13406] kvm: emulating exchange as write
[  697.767992][T13420] netlink: 'syz.6.1898': attribute type 1 has an invalid length.
[  697.851213][ T5960] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  697.900330][T13422] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  697.951009][T13422] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  698.002782][ T5960] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  698.014175][ T5960] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  698.031557][ T5960] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  698.051116][ T5960] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.072132][ T5960] usb 5-1: config 0 descriptor??
[  698.123109][T13420] trusted_key: encrypted_key: insufficient parameters specified
[  698.145472][T13423] gretap1: entered promiscuous mode
[  698.162865][T13423] bond1: (slave gretap1): making interface the new active one
[  698.183731][T13423] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  698.791282][  T117] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  698.909470][ T5960] uclogic 0003:256C:006D.0011: failed retrieving Huion firmware version: -71
[  699.071608][ T5960] uclogic 0003:256C:006D.0011: failed probing parameters: -71
[  699.083854][ T5960] uclogic 0003:256C:006D.0011: probe with driver uclogic failed with error -71
[  699.093359][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  699.111244][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  699.131608][   T10] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  699.201763][ T5960] usb 5-1: USB disconnect, device number 61
[  699.225476][  T117] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  699.251041][  T117] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  699.266757][  T117] usb 7-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  699.276229][  T117] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.438963][  T117] usb 7-1: Product: syz
[  699.449060][   T10] usb 2-1: device descriptor read/all, error -61
[  699.513698][  T117] usb 7-1: Manufacturer: syz
[  699.524892][  T117] usb 7-1: SerialNumber: syz
[  699.542117][  T117] usb 7-1: config 0 descriptor??
[  699.581453][T13427] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  699.609236][T13427] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  699.661268][   T10] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  699.693763][T13435] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1902'.
[  699.768581][T13441] binder: 13440:13441 ioctl c02064b2 200000000000 returned -22
[  699.791345][   T10] usb 2-1: device descriptor read/64, error -71
[  699.901639][   T10] usb usb2-port1: attempt power cycle
[  699.947985][T13427] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  700.075671][T13427] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  700.371428][   T10] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  700.391799][   T10] usb 2-1: device descriptor read/8, error -71
[  700.631452][   T10] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  700.661716][   T10] usb 2-1: device descriptor read/8, error -71
[  700.805023][   T10] usb usb2-port1: unable to enumerate USB device
[  700.840162][   T30] audit: type=1400 audit(2000000232.025:592): avc:  denied  { accept } for  pid=13452 comm="syz.4.1907" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  701.111395][  T117] dm9601 7-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71
[  701.155180][  T117] dm9601 7-1:0.0 eth9: register 'dm9601' at usb-dummy_hcd.6-1, Davicom DM96xx USB 10/100 Ethernet, 6e:00:00:00:00:00
[  701.181494][  T117] usb 7-1: USB disconnect, device number 3
[  701.192744][  T117] dm9601 7-1:0.0 eth9: unregister 'dm9601' usb-dummy_hcd.6-1, Davicom DM96xx USB 10/100 Ethernet
[  701.258816][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  701.261365][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  702.401413][  T117] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  702.501458][ T5969] usb 5-1: new low-speed USB device number 62 using dummy_hcd
[  702.671948][   T49] Bluetooth: hci5: Frame reassembly failed (-84)
[  702.678554][  T117] usb 2-1: Using ep0 maxpacket: 8
[  702.731871][ T5969] usb 5-1: unable to get BOS descriptor or descriptor too short
[  702.759701][  T117] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  702.794838][ T5969] usb 5-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  702.810293][  T117] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  702.815882][T13475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1915'.
[  702.881132][  T117] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  702.904707][ T5969] usb 5-1: config 1 interface 0 has no altsetting 0
[  702.927518][ T5969] usb 5-1: language id specifier not provided by device, defaulting to English
[  702.942427][  T117] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  703.029612][  T117] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  703.103111][  T117] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  703.112570][  T117] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.127086][ T5969] usb 5-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  703.136223][ T5969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.149972][ T5969] usb 5-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓䁪ᜃ램닆芚פֿᥘ掎묗䷄㪭毦祒ꂄ⪕㇗ሑ땃㢽꺗ꪒ悓䒬簾叼딶되羔⊽㍣︮疊㭶笠睪闣韩仔齄撎랙椱ᩊ๿匼娝疂䄨蛽홺嘬㶱〡糒솜琬嫳⒍鐌滃帔蚚幾캧㝢았깽╜틻㳃뜧ࠩ鏪躉렉옶辵钝芓徂㞝
[  703.153441][T13171] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  703.227379][T13468] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  703.351342][T13171] usb 1-1: Using ep0 maxpacket: 32
[  703.352712][  T117] usb 2-1: GET_CAPABILITIES returned 0
[  703.362768][T13171] usb 1-1: config 64 has an invalid interface number: 152 but max is 0
[  703.363136][  T117] usbtmc 2-1:16.0: can't read capabilities
[  703.377377][T13171] usb 1-1: config 64 has no interface number 0
[  703.393053][T13171] usb 1-1: New USB device found, idVendor=2040, idProduct=7200, bcdDevice=e9.3d
[  703.407856][T13171] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.417255][T13171] usb 1-1: Product: syz
[  703.422112][T13171] usb 1-1: Manufacturer: syz
[  703.427043][T13171] usb 1-1: SerialNumber: syz
[  703.530896][ T5969] usbhid 5-1:1.0: can't add hid device: -71
[  703.544847][ T5969] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  703.560209][T13486] random: crng reseeded on system resumption
[  703.577092][ T5969] usb 5-1: USB disconnect, device number 62
[  703.588598][ T5960] usb 2-1: USB disconnect, device number 52
[  703.615064][T13487] SELinux: syz.3.1920 (13487) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  703.720858][   T30] audit: type=1400 audit(2000000234.905:593): avc:  denied  { ioctl } for  pid=13474 comm="syz.0.1915" path="socket:[39239]" dev="sockfs" ino=39239 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  703.747511][  T117] usb 1-1: USB disconnect, device number 64
[  703.792380][T13467] netlink: 'syz.1.1911': attribute type 10 has an invalid length.
[  703.800897][T13467] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.808295][T13467] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.907672][T13495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1923'.
[  703.983546][T13495] macsec1: entered promiscuous mode
[  703.989550][T13495] mac80211_hwsim hwsim17 wlan0: entered promiscuous mode
[  704.691568][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  704.699259][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  704.712379][T13171] usb 2-1: new low-speed USB device number 53 using dummy_hcd
[  704.788544][  T988] Bluetooth: hci6: Frame reassembly failed (-84)
[  704.894648][T13171] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  704.894699][T13171] usb 2-1: config 0 has no interface number 0
[  704.894795][T13171] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  704.894858][T13171] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  704.894905][T13171] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  704.894950][T13171] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  704.894999][T13171] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  704.895039][T13171] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  704.895119][T13171] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  704.895249][T13171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.950149][T13171] usb 2-1: config 0 descriptor??
[  704.992108][T13505] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  705.090698][    C1] vkms_vblank_simulate: vblank timer overrun
[  705.201546][T13171] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  705.346952][T13508] openvswitch: netlink: Duplicate or invalid key (type 0).
[  705.354212][T13508] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  705.415847][T13171] IPVS: starting estimator thread 0...
[  705.462122][T13505] ldusb 2-1:0.55: Couldn't submit interrupt_in_urb -90
[  705.485147][T13171] usb 2-1: USB disconnect, device number 53
[  705.521528][T13510] IPVS: using max 49 ests per chain, 117600 per kthread
[  705.538480][T13171] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  705.843809][   T30] audit: type=1326 audit(2000000237.025:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  705.886009][   T30] audit: type=1326 audit(2000000237.025:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  705.909389][    C1] vkms_vblank_simulate: vblank timer overrun
[  705.921252][   T30] audit: type=1326 audit(2000000237.025:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  705.954383][   T30] audit: type=1326 audit(2000000237.025:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  705.996039][   T30] audit: type=1326 audit(2000000237.025:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  706.023321][   T30] audit: type=1326 audit(2000000237.025:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  706.050532][   T30] audit: type=1326 audit(2000000237.025:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  706.073935][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.083938][   T30] audit: type=1326 audit(2000000237.025:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  706.107225][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.120612][   T30] audit: type=1326 audit(2000000237.025:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  706.148576][   T30] audit: type=1326 audit(2000000237.025:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13498 comm="syz.4.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f64da58d310 code=0x7ffc0000
[  706.171981][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.741274][   T10] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  706.748951][  T117] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  706.771306][ T5838] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  706.771543][ T5840] Bluetooth: hci6: command 0x1003 tx timeout
[  706.784911][T13171] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  706.911263][   T10] usb 1-1: Using ep0 maxpacket: 32
[  706.918038][  T117] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  706.929607][   T10] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  706.937785][  T117] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  706.941227][T13171] usb 2-1: Using ep0 maxpacket: 8
[  706.948414][   T10] usb 1-1: config 0 has no interface number 0
[  706.957593][T13171] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  706.960883][  T117] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  706.968212][T13171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  706.978038][  T117] usb 7-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0
[  706.994490][   T10] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  707.003674][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.011803][  T117] usb 7-1: Product: syz
[  707.016035][   T10] usb 1-1: Product: syz
[  707.020397][   T10] usb 1-1: Manufacturer: syz
[  707.025764][T13171] usb 2-1: config 0 descriptor??
[  707.027240][   T10] usb 1-1: SerialNumber: syz
[  707.037241][T13516] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  707.057856][  T117] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  707.067255][   T10] usb 1-1: config 0 descriptor??
[  707.077460][   T10] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  707.238506][T13171] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  707.239786][T13523] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.261986][T13523] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  707.293584][T13171] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  707.331934][T13171] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  707.334505][   T10] usb 1-1: qt2_attach - failed to power on unit: -71
[  707.356815][   T10] quatech2 1-1:0.51: probe with driver quatech2 failed with error -71
[  707.369397][T13171] asix 2-1:0.0: probe with driver asix failed with error -71
[  707.381627][   T10] usb 1-1: USB disconnect, device number 65
[  707.409897][T13171] usb 2-1: USB disconnect, device number 54
[  708.193268][  T988] Bluetooth: hci5: Frame reassembly failed (-84)
[  708.574497][ T5944] usb 7-1: USB disconnect, device number 4
[  709.038505][ T6824] Bluetooth: hci6: Frame reassembly failed (-84)
[  709.742985][T13561] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1944'.
[  710.211631][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  711.091254][ T5833] Bluetooth: hci6: command 0x1003 tx timeout
[  711.120255][ T5838] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  711.180600][T13577] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1947'.
[  711.351877][   T10] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  712.501485][   T10] usb 4-1: Using ep0 maxpacket: 32
[  712.625881][   T10] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  712.635226][   T10] usb 4-1: config 0 has no interface number 0
[  712.950006][T13582] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1950'.
[  713.008339][   T10] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  713.051380][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.059414][   T10] usb 4-1: Product: syz
[  713.074423][   T10] usb 4-1: Manufacturer: syz
[  713.089606][   T10] usb 4-1: SerialNumber: syz
[  713.116402][   T10] usb 4-1: config 0 descriptor??
[  713.146696][   T10] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  713.187526][T13591] evm: overlay not supported
[  713.341346][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  713.341364][   T30] audit: type=1400 audit(2000000244.415:613): avc:  denied  { watch } for  pid=13585 comm="syz.1.1952" path="/403/bus/file1" dev="overlay" ino=2152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  713.536802][   T10] usb 4-1: qt2_attach - failed to power on unit: -71
[  713.547974][   T10] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71
[  713.940253][   T10] usb 4-1: USB disconnect, device number 23
[  714.531259][T13171] usb 5-1: new low-speed USB device number 63 using dummy_hcd
[  714.551467][ T5944] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  714.683096][T13171] usb 5-1: unable to get BOS descriptor or descriptor too short
[  714.692261][T13171] usb 5-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  714.703272][T13171] usb 5-1: config 1 interface 0 has no altsetting 0
[  714.710347][T13171] usb 5-1: language id specifier not provided by device, defaulting to English
[  714.730513][T13171] usb 5-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  714.744702][T13171] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.759650][T13171] usb 5-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓䁪ᜃ램닆芚פֿᥘ掎묗䷄㪭毦祒ꂄ⪕㇗ሑ땃㢽꺗ꪒ悓䒬簾叼딶되羔⊽㍣︮疊㭶笠睪闣韩仔齄撎랙椱ᩊ๿匼娝疂䄨蛽홺嘬㶱〡糒솜琬嫳⒍鐌滃帔蚚幾캧㝢았깽╜틻㳃뜧ࠩ鏪躉렉옶辵钝芓徂㞝
[  714.805991][ T5944] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  714.816463][ T5944] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  714.847026][T13601] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  714.857361][ T5944] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  714.869181][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.877853][ T5944] usb 4-1: Product: syz
[  714.882558][ T5944] usb 4-1: Manufacturer: syz
[  714.887202][ T5944] usb 4-1: SerialNumber: syz
[  714.898332][ T5944] usb 4-1: config 0 descriptor??
[  714.908926][T13603] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  714.916583][T13603] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  714.940929][T13610] tmpfs: Unknown parameter '0xffffffffffffffff'
[  714.966359][T13610] overlay: Unknown parameter 'uid>00000000000000000000'
[  715.201052][T13614] afs: Unknown parameter 'dyn3��g�8��q��T��~�'
[  715.238804][T13614] overlayfs: overlapping lowerdir path
[  715.997083][T13601] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=13601 comm=syz.4.1957
[  716.010435][T13603] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  716.032576][T13603] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  716.067864][T13171] usbhid 5-1:1.0: can't add hid device: -71
[  716.077375][T13171] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  716.097176][T13171] usb 5-1: USB disconnect, device number 63
[  716.229236][   T30] audit: type=1400 audit(2000000247.415:614): avc:  denied  { ioctl } for  pid=13625 comm="syz.0.1964" path="time:[4026531834]" dev="nsfs" ino=4026531834 ioctlcmd=0x940b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  716.412541][T13630] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  717.073052][ T5969] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  717.160373][T13638] binder: BINDER_SET_CONTEXT_MGR already set
[  717.166642][T13638] binder: 13636:13638 ioctl 4018620d 200000000040 returned -16
[  717.192821][T13638] binder: 13636:13638 ioctl c0306201 200000000240 returned -11
[  717.879144][T13638] could not allocate digest TFM handle hmac(sha256-ce)
[  717.891726][T13603] netlink: 'syz.3.1958': attribute type 10 has an invalid length.
[  717.947328][T13603] 8021q: adding VLAN 0 to HW filter on device team0
[  718.022627][T13603] bond0: (slave team0): Enslaving as an active interface with an up link
[  718.201262][ T5969] usb 1-1: Using ep0 maxpacket: 32
[  718.213011][ T5969] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  718.244270][ T5969] usb 1-1: config 0 has no interface number 0
[  718.260355][ T5969] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  718.280001][ T5969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.298424][ T5969] usb 1-1: Product: syz
[  718.308558][ T5969] usb 1-1: Manufacturer: syz
[  718.318640][ T5969] usb 1-1: SerialNumber: syz
[  718.378848][ T5969] usb 1-1: config 0 descriptor??
[  718.406665][ T5969] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  718.481200][T13650] trusted_key: encrypted_key: key user:syz not found
[  718.527414][T13650] geneve2: entered allmulticast mode
[  719.382372][  T974] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  720.110688][  T974] usb 2-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55
[  720.156230][  T974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  720.194027][ T5969] usb 1-1: qt2_attach - failed to power on unit: -71
[  720.197908][  T974] usb 2-1: Product: syz
[  720.211486][ T5969] quatech2 1-1:0.51: probe with driver quatech2 failed with error -71
[  720.212516][  T974] usb 2-1: Manufacturer: syz
[  720.233873][  T974] usb 2-1: SerialNumber: syz
[  720.250175][  T974] usb 2-1: config 0 descriptor??
[  720.265424][ T5969] usb 1-1: USB disconnect, device number 66
[  720.334497][  T974] gspca_main: sonixb-2.14.0 probing 0c45:60a8
[  720.821423][T10326] usb 7-1: new low-speed USB device number 5 using dummy_hcd
[  720.830266][ T5944] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading MODE_CTRL
[  720.873811][ T5944] usb 4-1: USB disconnect, device number 24
[  720.951395][   T30] audit: type=1326 audit(2000000252.135:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.071573][T10326] usb 7-1: unable to get BOS descriptor or descriptor too short
[  721.275403][  T974] sonixb 2-1:0.0: Error writing register 01: -110
[  721.275562][  T974] sonixb 2-1:0.0: probe with driver sonixb failed with error -110
[  721.303316][   T30] audit: type=1326 audit(2000000252.145:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.303787][   T30] audit: type=1326 audit(2000000252.175:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.303958][   T30] audit: type=1326 audit(2000000252.175:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.304158][   T30] audit: type=1326 audit(2000000252.175:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.304407][   T30] audit: type=1326 audit(2000000252.185:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.304593][   T30] audit: type=1326 audit(2000000252.185:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.304815][   T30] audit: type=1326 audit(2000000252.185:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.304988][   T30] audit: type=1326 audit(2000000252.185:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.305146][   T30] audit: type=1326 audit(2000000252.185:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13660 comm="syz.4.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64da58e9a9 code=0x7ffc0000
[  721.451286][T10326] usb 7-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  721.451320][T10326] usb 7-1: config 1 interface 0 has no altsetting 0
[  721.540494][T10326] usb 7-1: language id specifier not provided by device, defaulting to English
[  721.578733][T13670] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  721.616386][    C0] vkms_vblank_simulate: vblank timer overrun
[  722.115549][  T974] usb 2-1: USB disconnect, device number 55
[  722.408569][T13675] afs: Unknown parameter 'dyn3��g�8��q��T��~�'
[  722.622842][T13682] overlayfs: overlapping lowerdir path
[  722.640736][T13683] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1979'.
[  723.414646][T13691] FAULT_INJECTION: forcing a failure.
[  723.414646][T13691] name failslab, interval 1, probability 0, space 0, times 0
[  723.449427][T10326] usb 7-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  723.464524][T13691] CPU: 0 UID: 0 PID: 13691 Comm: syz.1.1981 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  723.464542][T13691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  723.464549][T13691] Call Trace:
[  723.464553][T13691]  <TASK>
[  723.464557][T13691]  dump_stack_lvl+0x16c/0x1f0
[  723.464585][T13691]  should_fail_ex+0x512/0x640
[  723.464603][T13691]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  723.464622][T13691]  should_failslab+0xc2/0x120
[  723.464633][T13691]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  723.464649][T13691]  ? __alloc_skb+0x2b2/0x380
[  723.464669][T13691]  __alloc_skb+0x2b2/0x380
[  723.464684][T13691]  ? __pfx___alloc_skb+0x10/0x10
[  723.464702][T13691]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  723.464717][T13691]  netlink_alloc_large_skb+0x69/0x130
[  723.464730][T13691]  netlink_sendmsg+0x6a1/0xdd0
[  723.464745][T13691]  ? __pfx_netlink_sendmsg+0x10/0x10
[  723.464762][T13691]  ____sys_sendmsg+0xa95/0xc70
[  723.464775][T13691]  ? copy_msghdr_from_user+0x10a/0x160
[  723.464792][T13691]  ? __pfx_____sys_sendmsg+0x10/0x10
[  723.464808][T13691]  ? lock_acquire+0x179/0x350
[  723.464819][T13691]  ? find_held_lock+0x2b/0x80
[  723.464835][T13691]  ___sys_sendmsg+0x134/0x1d0
[  723.464851][T13691]  ? rcu_is_watching+0x12/0xc0
[  723.464866][T13691]  ? __pfx____sys_sendmsg+0x10/0x10
[  723.464882][T13691]  ? __lock_acquire+0x622/0x1c90
[  723.464908][T13691]  __sys_sendmsg+0x16d/0x220
[  723.464918][T13691]  ? __pfx___sys_sendmsg+0x10/0x10
[  723.464927][T13691]  ? rcu_is_watching+0x12/0xc0
[  723.464945][T13691]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  723.464962][T13691]  do_syscall_64+0xcd/0x4c0
[  723.464973][T13691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.464984][T13691] RIP: 0033:0x7ffb2918e9a9
[  723.464994][T13691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  723.465005][T13691] RSP: 002b:00007ffb26ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  723.465016][T13691] RAX: ffffffffffffffda RBX: 00007ffb293b5fa0 RCX: 00007ffb2918e9a9
[  723.465023][T13691] RDX: 0000000000041000 RSI: 0000200000000200 RDI: 0000000000000003
[  723.465029][T13691] RBP: 00007ffb26ff6090 R08: 0000000000000000 R09: 0000000000000000
[  723.465035][T13691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  723.465041][T13691] R13: 0000000000000000 R14: 00007ffb293b5fa0 R15: 00007fffac6cf698
[  723.465054][T13691]  </TASK>
[  723.810047][T10326] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.848631][T10326] usb 7-1: can't set config #1, error -71
[  723.856543][T10326] usb 7-1: USB disconnect, device number 5
[  724.884088][T13706] random: crng reseeded on system resumption
[  724.949728][T13702] SELinux: syz.4.1986 (13702) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  725.660281][T13723] @: renamed from vlan0
[  725.901440][T13724] ip6tnl1: entered promiscuous mode
[  726.664125][  T988] Bluetooth: hci5: Frame reassembly failed (-84)
[  726.683121][  T988] Bluetooth: hci5: Frame reassembly failed (-84)
[  726.691356][  T974] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  726.711383][ T5944] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  726.852922][  T974] usb 4-1: Using ep0 maxpacket: 16
[  726.867613][  T974] usb 4-1: config 0 has an invalid interface number: 160 but max is 0
[  726.876452][ T5944] usb 1-1: Using ep0 maxpacket: 16
[  726.884894][  T974] usb 4-1: config 0 has no interface number 0
[  726.896793][ T5944] usb 1-1: config 0 has an invalid interface number: 160 but max is 0
[  726.907444][  T974] usb 4-1: New USB device found, idVendor=1164, idProduct=1e8c, bcdDevice=c9.10
[  726.919039][  T974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.939505][ T5944] usb 1-1: config 0 has no interface number 0
[  726.954799][  T974] usb 4-1: Product: syz
[  726.959496][  T974] usb 4-1: Manufacturer: syz
[  726.972248][ T5944] usb 1-1: New USB device found, idVendor=1164, idProduct=1e8c, bcdDevice=c9.10
[  726.991105][  T974] usb 4-1: SerialNumber: syz
[  727.000665][ T5944] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.029035][  T974] usb 4-1: config 0 descriptor??
[  727.047965][ T5944] usb 1-1: Product: syz
[  727.120842][ T5944] usb 1-1: Manufacturer: syz
[  727.142263][ T5944] usb 1-1: SerialNumber: syz
[  727.174400][ T5944] usb 1-1: config 0 descriptor??
[  727.252569][T13742] hfsplus: unable to find HFS+ superblock
[  727.507221][  T974] dvb-usb: found a 'YUAN High-Tech DiBcom STK7700D' in cold state, will try to load a firmware
[  727.547006][T13742] sctp: [Deprecated]: syz.6.1997 (pid 13742) Use of int in maxseg socket option.
[  727.547006][T13742] Use struct sctp_assoc_value instead
[  727.590785][  T974] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  727.636662][  T974] dib0700: firmware download failed at 7 with -22
[  727.718947][  T974] usb 4-1: USB disconnect, device number 25
[  727.757246][ T5944] dvb-usb: found a 'YUAN High-Tech DiBcom STK7700D' in cold state, will try to load a firmware
[  727.777141][ T5944] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  727.786413][ T5944] dib0700: firmware download failed at 7 with -22
[  727.813607][ T5944] usb 1-1: USB disconnect, device number 67
[  727.860316][T13745] netlink: 'syz.4.1998': attribute type 10 has an invalid length.
[  727.870471][T13745] hsr0: entered promiscuous mode
[  727.893157][T13745] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  727.916605][T13745] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  727.931191][T13745] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  728.511278][T13752] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(4)
[  728.517806][T13752] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  728.526965][T13752] vhci_hcd vhci_hcd.0: Device attached
[  728.534849][T13754] unknown channel width for channel at 909000KHz?
[  728.757650][ T5833] Bluetooth: hci5: command 0x1003 tx timeout
[  728.803008][ T5838] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  731.318740][ T5969] usb 46-1: SetAddress Request (2) to port 0
[  731.331411][ T5969] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd
[  731.343156][T13765] fuse: Bad value for 'fd'
[  731.391468][T13754] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2002'.
[  732.176049][T13756] bridge0: port 1(bridge_slave_0) entered disabled state
[  732.334788][T13756] bridge0: port 2(bridge_slave_1) entered disabled state
[  732.362276][T13755] vhci_hcd: connection reset by peer
[  732.374819][  T988] vhci_hcd: stop threads
[  732.379562][  T988] vhci_hcd: release socket
[  732.385780][  T988] vhci_hcd: disconnect device
[  732.616127][T13782] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2008'.
[  732.651292][ T5944] usb 2-1: new full-speed USB device number 56 using dummy_hcd
[  732.801358][ T5944] usb 2-1: device descriptor read/64, error -71
[  733.111281][ T5944] usb 2-1: new full-speed USB device number 57 using dummy_hcd
[  733.333919][ T5944] usb 2-1: device descriptor read/64, error -71
[  733.491392][ T5944] usb usb2-port1: attempt power cycle
[  733.536796][T13797] afs: Unknown parameter 'dyn3��g�8��q��T��~�'
[  733.558995][T13797] overlayfs: overlapping lowerdir path
[  733.844068][ T5944] usb 2-1: new full-speed USB device number 58 using dummy_hcd
[  733.883963][ T5944] usb 2-1: device descriptor read/8, error -71
[  734.481403][ T5944] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[  735.081756][ T5944] usb 2-1: device descriptor read/8, error -71
[  735.271632][ T5944] usb usb2-port1: unable to enumerate USB device
[  735.518417][T13804] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2016'.
[  735.566298][T13804] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2016'.
[  735.602836][T13804] netlink: 'syz.6.2016': attribute type 11 has an invalid length.
[  735.622095][T13810] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  735.622095][T13810]    program syz.3.2017 not setting count and/or reply_len properly
[  736.331283][ T5944] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  736.381564][ T5969] usb 46-1: device descriptor read/8, error -110
[  736.401351][   T48] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  736.523891][ T5944] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  736.551259][   T48] usb 4-1: Using ep0 maxpacket: 16
[  736.557881][   T48] usb 4-1: no configurations
[  736.564543][   T48] usb 4-1: can't read configurations, error -22
[  736.579838][ T5944] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  736.627531][ T5944] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  736.682593][ T5944] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  736.691862][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.729083][ T5944] usb 2-1: Product: syz
[  736.741481][   T48] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  736.753633][ T5944] usb 2-1: Manufacturer: syz
[  736.758582][ T5944] usb 2-1: SerialNumber: syz
[  736.772048][  T117] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  736.775453][ T5944] hub 2-1:1.0: bad descriptor, ignoring hub
[  736.794787][ T5969] usb usb46-port1: attempt power cycle
[  736.801238][ T5944] hub 2-1:1.0: probe with driver hub failed with error -5
[  736.913866][   T48] usb 4-1: Using ep0 maxpacket: 16
[  736.923946][   T48] usb 4-1: no configurations
[  736.928616][   T48] usb 4-1: can't read configurations, error -22
[  736.935814][   T48] usb usb4-port1: attempt power cycle
[  736.985214][  T117] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  736.996763][  T117] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  737.009380][  T117] usb 5-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  737.047007][  T117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.085775][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  737.085868][   T30] audit: type=1400 audit(2000000268.275:633): avc:  denied  { accept } for  pid=13815 comm="syz.1.2020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  737.139824][T13171] usb 1-1: new full-speed USB device number 68 using dummy_hcd
[  737.142056][  T117] usb 5-1: config 0 descriptor??
[  737.147937][ T5944] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 60 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  737.281859][T10326] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  737.283327][   T48] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  737.318215][T13171] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[  737.342794][T13171] usb 1-1: config 0 has no interface number 0
[  737.383618][   T48] usb 4-1: Using ep0 maxpacket: 16
[  737.402341][T13830] binder: 13815:13830 ioctl 6628 0 returned -22
[  737.405975][   T48] usb 4-1: no configurations
[  737.414234][   T48] usb 4-1: can't read configurations, error -22
[  737.420825][T13171] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  737.431807][T13171] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.439927][T13171] usb 1-1: Product: syz
[  737.444701][T13171] usb 1-1: Manufacturer: syz
[  737.444810][ T5969] usb usb46-port1: unable to enumerate USB device
[  737.449339][T13171] usb 1-1: SerialNumber: syz
[  737.459313][T13171] usb 1-1: config 0 descriptor??
[  737.535768][T10326] usb 7-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  737.561339][   T48] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  737.573259][T10326] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.592349][   T48] usb 4-1: Using ep0 maxpacket: 16
[  737.599220][   T48] usb 4-1: no configurations
[  737.618147][   T48] usb 4-1: can't read configurations, error -22
[  737.627522][T10326] usb 7-1: Product: syz
[  737.629442][   T48] usb usb4-port1: unable to enumerate USB device
[  737.657811][T10326] usb 7-1: Manufacturer: syz
[  737.666778][  T117] hid-led 0003:1D34:0004.0012: item fetching failed at offset 5/7
[  737.675290][T10326] usb 7-1: SerialNumber: syz
[  737.706245][  T117] hid-led 0003:1D34:0004.0012: probe with driver hid-led failed with error -22
[  737.762606][T10326] usb 7-1: config 0 descriptor??
[  737.834769][T13820] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2022'.
[  738.062590][ T5969] usb 2-1: USB disconnect, device number 60
[  738.076455][T10326] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -22
[  738.849372][ T5969] usblp0: removed
[  740.177477][T13838] fuse: Bad value for 'user_id'
[  740.189596][T13838] fuse: Bad value for 'user_id'
[  740.721674][T13171] asix 1-1:0.251: probe with driver asix failed with error -71
[  740.857175][T13171] usb 1-1: USB disconnect, device number 68
[  740.960144][   T30] audit: type=1400 audit(2000000272.145:634): avc:  denied  { bind } for  pid=13843 comm="syz.4.2028" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  741.293228][T13171] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  741.491920][T13171] usb 1-1: Using ep0 maxpacket: 16
[  741.533766][T13171] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  741.545222][T13171] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  741.555858][T13171] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  741.565143][T13171] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  741.593778][T13171] usb 1-1: config 0 descriptor??
[  741.614318][ T6824] Bluetooth: hci5: Frame reassembly failed (-84)
[  741.649705][ T5969] usb 7-1: USB disconnect, device number 6
[  742.133745][   T30] audit: type=1400 audit(2000000273.295:635): avc:  denied  { read open } for  pid=13846 comm="syz.0.2029" path="/" dev="configfs" ino=1103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  743.083415][   T30] audit: type=1400 audit(2000000273.315:636): avc:  denied  { add_name } for  pid=13846 comm="syz.0.2029" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  743.760406][   T30] audit: type=1400 audit(2000000273.315:637): avc:  denied  { create } for  pid=13846 comm="syz.0.2029" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:configfs_t tclass=file permissive=1
[  743.769972][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  743.793308][ T5833] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  744.743105][T13091] Bluetooth: hci5: Frame reassembly failed (-84)
[  744.877223][T13171] usb 1-1: string descriptor 0 read error: -71
[  745.131917][T13171] usbhid 1-1:0.0: can't add hid device: -71
[  745.138127][T13171] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  745.164869][T13171] usb 1-1: USB disconnect, device number 69
[  745.258698][T13883] FAULT_INJECTION: forcing a failure.
[  745.258698][T13883] name failslab, interval 1, probability 0, space 0, times 0
[  745.272211][T13883] CPU: 0 UID: 0 PID: 13883 Comm: syz.0.2040 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  745.272238][T13883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  745.272248][T13883] Call Trace:
[  745.272253][T13883]  <TASK>
[  745.272258][T13883]  dump_stack_lvl+0x16c/0x1f0
[  745.272280][T13883]  should_fail_ex+0x512/0x640
[  745.272298][T13883]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  745.272318][T13883]  should_failslab+0xc2/0x120
[  745.272329][T13883]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  745.272350][T13883]  ? __alloc_skb+0x2b2/0x380
[  745.272370][T13883]  __alloc_skb+0x2b2/0x380
[  745.272386][T13883]  ? __pfx___alloc_skb+0x10/0x10
[  745.272404][T13883]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  745.272420][T13883]  netlink_alloc_large_skb+0x69/0x130
[  745.272434][T13883]  netlink_sendmsg+0x6a1/0xdd0
[  745.272449][T13883]  ? __pfx_netlink_sendmsg+0x10/0x10
[  745.272467][T13883]  ____sys_sendmsg+0xa95/0xc70
[  745.272482][T13883]  ? copy_msghdr_from_user+0x10a/0x160
[  745.272500][T13883]  ? __pfx_____sys_sendmsg+0x10/0x10
[  745.272519][T13883]  ___sys_sendmsg+0x134/0x1d0
[  745.272538][T13883]  ? __pfx____sys_sendmsg+0x10/0x10
[  745.272554][T13883]  ? __lock_acquire+0x622/0x1c90
[  745.272581][T13883]  __sys_sendmsg+0x16d/0x220
[  745.272591][T13883]  ? __pfx___sys_sendmsg+0x10/0x10
[  745.272611][T13883]  do_syscall_64+0xcd/0x4c0
[  745.272622][T13883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.272634][T13883] RIP: 0033:0x7f3f3bd8e9a9
[  745.272643][T13883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  745.272654][T13883] RSP: 002b:00007f3f3cb48038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  745.272665][T13883] RAX: ffffffffffffffda RBX: 00007f3f3bfb6080 RCX: 00007f3f3bd8e9a9
[  745.272672][T13883] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005
[  745.272679][T13883] RBP: 00007f3f3cb48090 R08: 0000000000000000 R09: 0000000000000000
[  745.272685][T13883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  745.272691][T13883] R13: 0000000000000000 R14: 00007f3f3bfb6080 R15: 00007fff1e74ad48
[  745.272705][T13883]  </TASK>
[  745.940953][T13888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  746.035442][T13888] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  746.772436][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  746.772494][ T5833] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  746.856602][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  747.164094][ T5969] usb 1-1: new low-speed USB device number 70 using dummy_hcd
[  747.346203][ T5969] usb 1-1: unable to get BOS descriptor or descriptor too short
[  747.350414][T13900] fuse: Bad value for 'max_read'
[  747.365179][   T30] audit: type=1400 audit(2000000278.535:638): avc:  denied  { create } for  pid=13898 comm="syz.4.2044" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  747.419658][T13898] mmap: syz.4.2044 (13898): VmData 29208576 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  747.438005][ T5969] usb 1-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  747.509207][   T30] audit: type=1400 audit(2000000278.535:639): avc:  denied  { unlink } for  pid=13898 comm="syz.4.2044" name="file0" dev="tmpfs" ino=2416 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  747.541199][ T5969] usb 1-1: config 1 interface 0 has no altsetting 0
[  747.573104][ T5969] usb 1-1: language id specifier not provided by device, defaulting to English
[  747.725577][   T30] audit: type=1400 audit(2000000278.535:640): avc:  denied  { mounton } for  pid=13898 comm="syz.4.2044" path="/452/file0" dev="tmpfs" ino=2417 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  747.790190][ T5969] usb 1-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  747.799601][ T5969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.815761][ T5969] usb 1-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓䁪ᜃ램닆芚פֿᥘ掎묗䷄㪭毦祒ꂄ⪕㇗ሑ땃㢽꺗ꪒ悓䒬簾叼딶되羔⊽㍣︮疊㭶笠睪闣韩仔齄撎랙椱ᩊ๿匼娝疂䄨蛽홺嘬㶱〡糒솜琬嫳⒍鐌滃帔蚚幾캧㝢았깽╜틻㳃뜧ࠩ鏪躉렉옶辵钝芓徂㞝
[  747.844947][    C0] vkms_vblank_simulate: vblank timer overrun
[  747.895960][T13895] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  750.681318][ T5969] usbhid 1-1:1.0: can't add hid device: -71
[  750.709057][ T5969] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  750.767015][ T5969] usb 1-1: USB disconnect, device number 70
[  750.938644][T13924] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2052'.
[  751.203316][T13928] afs: Unknown parameter 'dyn3��g�8��q��T��~�'
[  751.220667][T13928] overlayfs: overlapping lowerdir path
[  752.061320][T13930] sp0: Synchronizing with TNC
[  752.977436][  T988] Bluetooth: hci5: Frame reassembly failed (-84)
[  753.530110][T13945] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2057'.
[  753.601265][T13945] bridge_slave_1: left allmulticast mode
[  753.681381][T10326] usb 5-1: USB disconnect, device number 64
[  753.691187][T13945] bridge_slave_1: left promiscuous mode
[  753.853625][T13952] tty tty26: ldisc open failed (-12), clearing slot 25
[  753.878824][T13945] bridge0: port 2(bridge_slave_1) entered disabled state
[  755.012751][ T5838] Bluetooth: hci5: command 0x1003 tx timeout
[  755.031227][ T5833] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  755.282036][T13945] bridge_slave_0: left allmulticast mode
[  756.090907][T13945] bridge_slave_0: left promiscuous mode
[  756.454659][T13945] bridge0: port 1(bridge_slave_0) entered disabled state
[  756.975689][T10326] usb 5-1: new low-speed USB device number 65 using dummy_hcd
[  757.274510][T10326] usb 5-1: unable to get BOS descriptor or descriptor too short
[  757.324672][T10326] usb 5-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  757.387350][T10326] usb 5-1: config 1 interface 0 has no altsetting 0
[  757.414639][T10326] usb 5-1: language id specifier not provided by device, defaulting to English
[  757.645511][T10326] usb 5-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  757.660876][T10326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.834543][T13961] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  757.843993][T13961] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  757.853615][T13961] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  757.941229][T10326] usb 5-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓䁪ᜃ램닆芚פֿᥘ掎묗䷄㪭毦祒ꂄ⪕㇗ሑ땃㢽꺗ꪒ悓䒬簾叼딶되羔⊽㍣︮疊㭶笠睪闣韩仔齄撎랙椱ᩊ๿匼娝疂䄨蛽홺嘬㶱〡糒솜琬嫳⒍鐌滃帔蚚幾캧㝢았깽╜틻㳃뜧ࠩ鏪躉렉옶辵钝芓徂㞝
[  758.047319][T13968] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  758.333455][T10326] usbhid 5-1:1.0: can't add hid device: -71
[  758.348566][T10326] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  758.367408][T10326] usb 5-1: USB disconnect, device number 65
[  760.531542][T13171] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  760.701195][T13171] usb 1-1: Using ep0 maxpacket: 32
[  760.728287][T13171] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  760.751214][T13171] usb 1-1: config 0 has no interface number 0
[  760.757361][T13171] usb 1-1: config 0 interface 184 has no altsetting 0
[  760.803882][T13171] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  760.838562][T13171] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.866969][T13171] usb 1-1: Product: syz
[  760.880721][T13171] usb 1-1: Manufacturer: syz
[  760.918603][T13171] usb 1-1: SerialNumber: syz
[  760.937058][T13171] usb 1-1: config 0 descriptor??
[  760.962763][T13171] smsc75xx v1.0.0
[  761.231963][T14001] afs: Unknown parameter 'dyn3��g�8��q��T��~�'
[  761.261445][T14001] overlayfs: overlapping lowerdir path
[  762.676601][   T24] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  762.771907][   T24] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  762.996268][T14014] fido_id[14014]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  763.242660][T13171] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  763.438137][T13171] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  763.531389][T10326] usb 2-1: new low-speed USB device number 61 using dummy_hcd
[  763.564717][T13171] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  763.644566][T13171] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  763.689471][T14025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2082'.
[  763.697799][T13171] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  763.710158][T14025] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2082'.
[  763.785251][T14025] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  763.794543][T14025] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  763.803504][T14025] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  763.812422][T14025] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  763.926704][T13171] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  763.977880][T13171] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  763.993396][T14025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2082'.
[  764.002972][T14025] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2082'.
[  764.076089][T10326] usb 2-1: unable to get BOS descriptor or descriptor too short
[  764.127061][T13171] usb 1-1: USB disconnect, device number 71
[  764.170723][T10326] usb 2-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  764.199486][T10326] usb 2-1: config 1 interface 0 has no altsetting 0
[  764.227332][T10326] usb 2-1: language id specifier not provided by device, defaulting to English
[  764.417881][T10326] usb 2-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  764.461284][T10326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.469839][T10326] usb 2-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓䁪ᜃ램닆芚פֿᥘ掎묗䷄㪭毦祒ꂄ⪕㇗ሑ땃㢽꺗ꪒ悓䒬簾叼딶되羔⊽㍣︮疊㭶笠睪闣韩仔齄撎랙椱ᩊ๿匼娝疂䄨蛽홺嘬㶱〡糒솜琬嫳⒍鐌滃帔蚚幾캧㝢았깽╜틻㳃뜧ࠩ鏪躉렉옶辵钝芓徂㞝
[  764.471489][   T13] Bluetooth: hci5: Frame reassembly failed (-84)
[  764.499099][    C0] vkms_vblank_simulate: vblank timer overrun
[  764.645947][T14023] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  765.086649][ T5840] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  765.091422][T10326] usbhid 2-1:1.0: can't add hid device: -71
[  765.106380][ T5840] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  765.117950][T10326] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  765.126290][ T5840] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  765.146007][ T5840] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  765.157082][ T5840] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  765.172261][ T5838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  765.179680][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  765.187484][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  765.206364][T10326] usb 2-1: USB disconnect, device number 61
[  765.245093][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  765.295651][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  765.363219][T14034] lo speed is unknown, defaulting to 1000
[  765.908545][T14034] chnl_net:caif_netlink_parms(): no params data found
[  766.139192][T14034] bridge0: port 1(bridge_slave_0) entered blocking state
[  766.148320][T14034] bridge0: port 1(bridge_slave_0) entered disabled state
[  766.158618][T14034] bridge_slave_0: entered allmulticast mode
[  766.166887][T14034] bridge_slave_0: entered promiscuous mode
[  766.189170][T14034] bridge0: port 2(bridge_slave_1) entered blocking state
[  766.201255][T14034] bridge0: port 2(bridge_slave_1) entered disabled state
[  766.215423][T14034] bridge_slave_1: entered allmulticast mode
[  766.233305][T14034] bridge_slave_1: entered promiscuous mode
[  766.334547][T14034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  766.375420][T14034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  766.385584][   T10] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  766.451922][ T5840] Bluetooth: hci5: command 0x1003 tx timeout
[  766.465162][ T5833] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  766.532109][T13171] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  766.562380][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  766.590362][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  766.617827][   T10] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  766.662464][T14034] team0: Port device team_slave_0 added
[  766.662673][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.700590][T14034] team0: Port device team_slave_1 added
[  766.724445][T13171] usb 5-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  766.749915][   T10] usb 2-1: config 0 descriptor??
[  766.778437][T13171] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.810403][T13171] usb 5-1: Product: syz
[  766.821149][T13171] usb 5-1: Manufacturer: syz
[  766.831382][T13171] usb 5-1: SerialNumber: syz
[  766.841998][T13171] usb 5-1: config 0 descriptor??
[  766.898275][T13171] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22
[  767.094025][T14034] batman_adv: batadv0: Adding interface: batadv_slave_0
[  767.143576][T14034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  767.332107][ T5833] Bluetooth: hci6: command tx timeout
[  767.400635][T14034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  767.427792][   T10] usbhid 2-1:0.0: can't add hid device: -71
[  767.437850][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  767.452041][T14034] batman_adv: batadv0: Adding interface: batadv_slave_1
[  767.493118][T14034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  767.645717][T14034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  767.651770][   T10] usb 2-1: USB disconnect, device number 62
[  767.789675][T14034] hsr_slave_0: entered promiscuous mode
[  767.799474][T14034] hsr_slave_1: entered promiscuous mode
[  767.808474][T14034] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  767.824121][T14034] Cannot create hsr debugfs directory
[  768.174545][T14062] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  768.309840][T14061] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  768.971232][T14072] FAULT_INJECTION: forcing a failure.
[  768.971232][T14072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  768.972714][T14072] 
[  768.972723][T14072] ======================================================
[  768.972727][T14072] WARNING: possible circular locking dependency detected
[  768.972732][T14072] 6.16.0-rc7-syzkaller #0 Not tainted
[  768.972738][T14072] ------------------------------------------------------
[  768.972742][T14072] syz.1.2093/14072 is trying to acquire lock:
[  768.972748][T14072] ffffffff8e4d2380 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  768.972780][T14072] 
[  768.972780][T14072] but task is already holding lock:
[  768.972783][T14072] ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  768.972809][T14072] 
[  768.972809][T14072] which lock already depends on the new lock.
[  768.972809][T14072] 
[  768.972812][T14072] 
[  768.972812][T14072] the existing dependency chain (in reverse order) is:
[  768.972816][T14072] 
[  768.972816][T14072] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  768.972828][T14072]        _raw_spin_lock_nested+0x31/0x40
[  768.972844][T14072]        raw_spin_rq_lock_nested+0x29/0x130
[  768.972857][T14072]        task_rq_lock+0xcf/0x490
[  768.972869][T14072]        cgroup_move_task+0x81/0x2a0
[  768.972884][T14072]        css_set_move_task+0x288/0x5f0
[  768.972893][T14072]        cgroup_post_fork+0x201/0x9e0
[  768.972905][T14072]        copy_process+0x5c82/0x7650
[  768.972919][T14072]        kernel_clone+0xfc/0x960
[  768.972931][T14072]        user_mode_thread+0xc7/0x110
[  768.972945][T14072]        rest_init+0x23/0x2b0
[  768.972956][T14072]        start_kernel+0x3ee/0x4d0
[  768.972973][T14072]        x86_64_start_reservations+0x18/0x30
[  768.972990][T14072]        x86_64_start_kernel+0x130/0x190
[  768.973005][T14072]        common_startup_64+0x13e/0x148
[  768.973024][T14072] 
[  768.973024][T14072] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  768.973037][T14072]        _raw_spin_lock_irqsave+0x3a/0x60
[  768.973051][T14072]        try_to_wake_up+0xb2/0x1680
[  768.973063][T14072]        __wake_up_common+0x135/0x1f0
[  768.973072][T14072]        __wake_up+0x31/0x60
[  768.973085][T14072]        tty_port_default_wakeup+0x2a/0x40
[  768.973098][T14072]        serial8250_tx_chars+0x68e/0x860
[  768.973109][T14072]        serial8250_handle_irq+0x761/0xcb0
[  768.973121][T14072]        serial8250_default_handle_irq+0x9a/0x210
[  768.973133][T14072]        serial8250_interrupt+0x103/0x210
[  768.973147][T14072]        __handle_irq_event_percpu+0x229/0x7d0
[  768.973160][T14072]        handle_irq_event+0xab/0x1e0
[  768.973171][T14072]        handle_edge_irq+0x28e/0xab0
[  768.973183][T14072]        __common_interrupt+0xe2/0x250
[  768.973196][T14072]        common_interrupt+0xba/0xe0
[  768.973208][T14072]        asm_common_interrupt+0x26/0x40
[  768.973218][T14072]        pv_native_safe_halt+0xf/0x20
[  768.973234][T14072]        default_idle+0x13/0x20
[  768.973244][T14072]        default_idle_call+0x6d/0xb0
[  768.973254][T14072]        do_idle+0x391/0x510
[  768.973266][T14072]        cpu_startup_entry+0x4f/0x60
[  768.973279][T14072]        start_secondary+0x21d/0x2b0
[  768.973292][T14072]        common_startup_64+0x13e/0x148
[  768.973302][T14072] 
[  768.973302][T14072] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  768.973314][T14072]        _raw_spin_lock_irqsave+0x3a/0x60
[  768.973328][T14072]        __wake_up+0x1c/0x60
[  768.973341][T14072]        tty_port_default_wakeup+0x2a/0x40
[  768.973352][T14072]        serial8250_tx_chars+0x68e/0x860
[  768.973362][T14072]        serial8250_handle_irq+0x761/0xcb0
[  768.973374][T14072]        serial8250_default_handle_irq+0x9a/0x210
[  768.973386][T14072]        serial8250_interrupt+0x103/0x210
[  768.973399][T14072]        __handle_irq_event_percpu+0x229/0x7d0
[  768.973411][T14072]        handle_irq_event+0xab/0x1e0
[  768.973423][T14072]        handle_edge_irq+0x28e/0xab0
[  768.973434][T14072]        __common_interrupt+0xe2/0x250
[  768.973446][T14072]        common_interrupt+0xba/0xe0
[  768.973458][T14072]        asm_common_interrupt+0x26/0x40
[  768.973467][T14072]        pv_native_safe_halt+0xf/0x20
[  768.973481][T14072]        default_idle+0x13/0x20
[  768.973491][T14072]        default_idle_call+0x6d/0xb0
[  768.973502][T14072]        do_idle+0x391/0x510
[  768.973513][T14072]        cpu_startup_entry+0x4f/0x60
[  768.973526][T14072]        start_secondary+0x21d/0x2b0
[  768.973538][T14072]        common_startup_64+0x13e/0x148
[  768.973548][T14072] 
[  768.973548][T14072] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  768.973560][T14072]        _raw_spin_lock_irqsave+0x3a/0x60
[  768.973574][T14072]        serial8250_console_write+0x181/0x1890
[  768.973587][T14072]        console_flush_all+0x801/0xc60
[  768.973599][T14072]        console_unlock+0xd8/0x210
[  768.973610][T14072]        vprintk_emit+0x418/0x6d0
[  768.973622][T14072]        _printk+0xc7/0x100
[  768.973630][T14072]        register_console+0xc2d/0x11b0
[  768.973643][T14072]        univ8250_console_init+0x5f/0x90
[  768.973659][T14072]        console_init+0x14f/0x680
[  768.973668][T14072]        start_kernel+0x29f/0x4d0
[  768.973683][T14072]        x86_64_start_reservations+0x18/0x30
[  768.973699][T14072]        x86_64_start_kernel+0x130/0x190
[  768.973714][T14072]        common_startup_64+0x13e/0x148
[  768.973723][T14072] 
[  768.973723][T14072] -> #0 (console_owner){-.-.}-{0:0}:
[  768.973736][T14072]        __lock_acquire+0x126f/0x1c90
[  768.973744][T14072]        lock_acquire+0x179/0x350
[  768.973752][T14072]        console_lock_spinning_enable+0xb0/0xd0
[  768.973764][T14072]        console_flush_all+0x7aa/0xc60
[  768.973776][T14072]        console_unlock+0xd8/0x210
[  768.973787][T14072]        vprintk_emit+0x418/0x6d0
[  768.973799][T14072]        _printk+0xc7/0x100
[  768.973807][T14072]        should_fail_ex+0x4e7/0x640
[  768.973822][T14072]        strncpy_from_user+0x3b/0x2e0
[  768.973836][T14072]        strncpy_from_user_nofault+0x7f/0x180
[  768.973847][T14072]        bpf_bprintf_prepare+0xede/0x14b0
[  768.973862][T14072]        bpf_trace_printk+0xda/0x190
[  768.973877][T14072]        bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[  768.973886][T14072]        bpf_trace_run2+0x230/0x590
[  768.973895][T14072]        __bpf_trace_contention_begin+0xc9/0x110
[  768.973905][T14072]        trace_contention_begin.constprop.0+0xde/0x160
[  768.973917][T14072]        __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  768.973933][T14072]        do_raw_spin_lock+0x20e/0x2b0
[  768.973944][T14072]        raw_spin_rq_lock_nested+0x7e/0x130
[  768.973957][T14072]        __schedule+0x301/0x5dd0
[  768.973970][T14072]        preempt_schedule_common+0x44/0xc0
[  768.973985][T14072]        preempt_schedule_thunk+0x16/0x30
[  768.973998][T14072]        d_alloc_parallel+0xb82/0x12e0
[  768.974013][T14072]        lookup_open.isra.0+0x665/0x1580
[  768.974030][T14072]        path_openat+0x893/0x2cb0
[  768.974045][T14072]        do_filp_open+0x20b/0x470
[  768.974060][T14072]        do_sys_openat2+0x11b/0x1d0
[  768.974071][T14072]        __x64_sys_open+0x153/0x1e0
[  768.974082][T14072]        do_syscall_64+0xcd/0x4c0
[  768.974091][T14072]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.974101][T14072] 
[  768.974101][T14072] other info that might help us debug this:
[  768.974101][T14072] 
[  768.974104][T14072] Chain exists of:
[  768.974104][T14072]   console_owner --> &p->pi_lock --> &rq->__lock
[  768.974104][T14072] 
[  768.974118][T14072]  Possible unsafe locking scenario:
[  768.974118][T14072] 
[  768.974121][T14072]        CPU0                    CPU1
[  768.974124][T14072]        ----                    ----
[  768.974127][T14072]   lock(&rq->__lock);
[  768.974133][T14072]                                lock(&p->pi_lock);
[  768.974140][T14072]                                lock(&rq->__lock);
[  768.974146][T14072]   lock(console_owner);
[  768.974153][T14072] 
[  768.974153][T14072]  *** DEADLOCK ***
[  768.974153][T14072] 
[  768.974155][T14072] 6 locks held by syz.1.2093/14072:
[  768.974161][T14072]  #0: ffff888025730428 (sb_writers#17){.+.+}-{0:0}, at: path_openat+0x1f0f/0x2cb0
[  768.974192][T14072]  #1: ffff88805bb4b398 (&sb->s_type->i_mutex_key#21){++++}-{4:4}, at: path_openat+0x1534/0x2cb0
[  768.974223][T14072]  #2: ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  768.974248][T14072]  #3: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1b6/0x590
[  768.974271][T14072]  #4: ffffffff8e5b27c0 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  768.974292][T14072]  #5: ffffffff8e5b2830 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  768.974316][T14072] 
[  768.974316][T14072] stack backtrace:
[  768.974322][T14072] CPU: 0 UID: 0 PID: 14072 Comm: syz.1.2093 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  768.974334][T14072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  768.974341][T14072] Call Trace:
[  768.974345][T14072]  <TASK>
[  768.974349][T14072]  dump_stack_lvl+0x116/0x1f0
[  768.974367][T14072]  print_circular_bug+0x275/0x350
[  768.974384][T14072]  check_noncircular+0x14c/0x170
[  768.974401][T14072]  __lock_acquire+0x126f/0x1c90
[  768.974412][T14072]  lock_acquire+0x179/0x350
[  768.974421][T14072]  ? console_lock_spinning_enable+0x9f/0xd0
[  768.974435][T14072]  ? console_lock_spinning_enable+0x88/0xd0
[  768.974448][T14072]  console_lock_spinning_enable+0xb0/0xd0
[  768.974461][T14072]  ? console_lock_spinning_enable+0x9f/0xd0
[  768.974473][T14072]  console_flush_all+0x7aa/0xc60
[  768.974487][T14072]  ? __pfx_console_flush_all+0x10/0x10
[  768.974502][T14072]  ? is_printk_cpu_sync_owner+0x32/0x40
[  768.974517][T14072]  console_unlock+0xd8/0x210
[  768.974529][T14072]  ? __pfx_console_unlock+0x10/0x10
[  768.974542][T14072]  ? do_raw_spin_unlock+0xf0/0x230
[  768.974553][T14072]  ? _printk+0xc7/0x100
[  768.974562][T14072]  ? __down_trylock_console_sem+0xb0/0x140
[  768.974574][T14072]  vprintk_emit+0x418/0x6d0
[  768.974587][T14072]  ? __pfx_vprintk_emit+0x10/0x10
[  768.974602][T14072]  _printk+0xc7/0x100
[  768.974611][T14072]  ? __pfx__printk+0x10/0x10
[  768.974621][T14072]  ? __pfx____ratelimit+0x10/0x10
[  768.974637][T14072]  ? __pfx_search_extable+0x10/0x10
[  768.974647][T14072]  ? strncpy_from_user+0x1d5/0x2e0
[  768.974662][T14072]  should_fail_ex+0x4e7/0x640
[  768.974677][T14072]  ? __pfx_trace_clock_local+0x10/0x10
[  768.974691][T14072]  strncpy_from_user+0x3b/0x2e0
[  768.974705][T14072]  ? __rb_reserve_next.constprop.0+0x723/0x16c0
[  768.974722][T14072]  strncpy_from_user_nofault+0x7f/0x180
[  768.974733][T14072]  bpf_bprintf_prepare+0xede/0x14b0
[  768.974750][T14072]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  768.974766][T14072]  ? rb_commit+0x11f/0x9f0
[  768.974780][T14072]  ? bpf_trace_run2+0x3db/0x590
[  768.974790][T14072]  bpf_trace_printk+0xda/0x190
[  768.974806][T14072]  ? __pfx_bpf_trace_printk+0x10/0x10
[  768.974823][T14072]  ? bpf_trace_run2+0x3db/0x590
[  768.974835][T14072]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[  768.974843][T14072]  bpf_trace_run2+0x230/0x590
[  768.974854][T14072]  ? __pfx_bpf_trace_run2+0x10/0x10
[  768.974865][T14072]  ? find_held_lock+0x2b/0x80
[  768.974879][T14072]  __bpf_trace_contention_begin+0xc9/0x110
[  768.974889][T14072]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  768.974902][T14072]  trace_contention_begin.constprop.0+0xde/0x160
[  768.974915][T14072]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  768.974933][T14072]  ? __lock_acquire+0xb8a/0x1c90
[  768.974942][T14072]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  768.974962][T14072]  do_raw_spin_lock+0x20e/0x2b0
[  768.974974][T14072]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  768.974985][T14072]  ? rcu_qs+0x2b/0xe0
[  768.974997][T14072]  ? rcu_note_context_switch+0x192/0x1e00
[  768.975011][T14072]  raw_spin_rq_lock_nested+0x7e/0x130
[  768.975029][T14072]  ? preempt_schedule_common+0x44/0xc0
[  768.975044][T14072]  ? preempt_schedule_common+0x44/0xc0
[  768.975059][T14072]  __schedule+0x301/0x5dd0
[  768.975074][T14072]  ? find_held_lock+0x2b/0x80
[  768.975088][T14072]  ? __lock_acquire+0xb8a/0x1c90
[  768.975098][T14072]  ? __pfx___schedule+0x10/0x10
[  768.975113][T14072]  ? mark_held_locks+0x49/0x80
[  768.975129][T14072]  ? irqentry_exit+0x3b/0x90
[  768.975137][T14072]  ? lockdep_hardirqs_on+0x7c/0x110
[  768.975154][T14072]  ? preempt_schedule_thunk+0x16/0x30
[  768.975167][T14072]  preempt_schedule_common+0x44/0xc0
[  768.975183][T14072]  preempt_schedule_thunk+0x16/0x30
[  768.975197][T14072]  ? d_alloc_parallel+0xb70/0x12e0
[  768.975211][T14072]  ? d_alloc_parallel+0xb7d/0x12e0
[  768.975224][T14072]  d_alloc_parallel+0xb82/0x12e0
[  768.975240][T14072]  ? find_held_lock+0x2b/0x80
[  768.975253][T14072]  ? __pfx_d_alloc_parallel+0x10/0x10
[  768.975267][T14072]  ? __d_lookup+0x266/0x4a0
[  768.975282][T14072]  lookup_open.isra.0+0x665/0x1580
[  768.975298][T14072]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  768.975315][T14072]  ? __pfx_down_write+0x10/0x10
[  768.975326][T14072]  ? mnt_get_write_access+0x20c/0x300
[  768.975339][T14072]  path_openat+0x893/0x2cb0
[  768.975357][T14072]  ? __pfx_path_openat+0x10/0x10
[  768.975375][T14072]  do_filp_open+0x20b/0x470
[  768.975391][T14072]  ? __pfx_do_filp_open+0x10/0x10
[  768.975411][T14072]  ? _raw_spin_unlock+0x28/0x50
[  768.975425][T14072]  ? alloc_fd+0x471/0x7d0
[  768.975442][T14072]  do_sys_openat2+0x11b/0x1d0
[  768.975454][T14072]  ? __pfx_do_sys_openat2+0x10/0x10
[  768.975467][T14072]  ? __pfx___schedule+0x10/0x10
[  768.975482][T14072]  __x64_sys_open+0x153/0x1e0
[  768.975494][T14072]  ? __pfx___x64_sys_open+0x10/0x10
[  768.975507][T14072]  ? rcu_is_watching+0x12/0xc0
[  768.975521][T14072]  do_syscall_64+0xcd/0x4c0
[  768.975531][T14072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.975541][T14072] RIP: 0033:0x7ffb2918e9a9
[  768.975551][T14072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  768.975562][T14072] RSP: 002b:00007ffb26fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  768.975572][T14072] RAX: ffffffffffffffda RBX: 00007ffb293b6080 RCX: 00007ffb2918e9a9
[  768.975579][T14072] RDX: 0000000000000080 RSI: 0000000000103a42 RDI: 0000200000000040
[  768.975585][T14072] RBP: 00007ffb26fd5090 R08: 0000000000000000 R09: 0000000000000000
[  768.975592][T14072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  768.975598][T14072] R13: 0000000000000000 R14: 00007ffb293b6080 R15: 00007fffac6cf698
[  768.975608][T14072]  </TASK>
[  770.321486][T14072] CPU: 0 UID: 0 PID: 14072 Comm: syz.1.2093 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  770.321501][T14072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  770.321508][T14072] Call Trace:
[  770.321512][T14072]  <TASK>
[  770.321517][T14072]  dump_stack_lvl+0x116/0x1f0
[  770.321539][T14072]  should_fail_ex+0x512/0x640
[  770.321556][T14072]  ? __pfx_trace_clock_local+0x10/0x10
[  770.321571][T14072]  strncpy_from_user+0x3b/0x2e0
[  770.321586][T14072]  ? __rb_reserve_next.constprop.0+0x723/0x16c0
[  770.321603][T14072]  strncpy_from_user_nofault+0x7f/0x180
[  770.321616][T14072]  bpf_bprintf_prepare+0xede/0x14b0
[  770.321634][T14072]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  770.321651][T14072]  ? rb_commit+0x11f/0x9f0
[  770.321665][T14072]  ? bpf_trace_run2+0x3db/0x590
[  770.321676][T14072]  bpf_trace_printk+0xda/0x190
[  770.321692][T14072]  ? __pfx_bpf_trace_printk+0x10/0x10
[  770.321709][T14072]  ? bpf_trace_run2+0x3db/0x590
[  770.321722][T14072]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[  770.321731][T14072]  bpf_trace_run2+0x230/0x590
[  770.321742][T14072]  ? __pfx_bpf_trace_run2+0x10/0x10
[  770.321753][T14072]  ? find_held_lock+0x2b/0x80
[  770.321768][T14072]  __bpf_trace_contention_begin+0xc9/0x110
[  770.321779][T14072]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  770.321792][T14072]  trace_contention_begin.constprop.0+0xde/0x160
[  770.321806][T14072]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  770.321825][T14072]  ? __lock_acquire+0xb8a/0x1c90
[  770.321834][T14072]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  770.321854][T14072]  do_raw_spin_lock+0x20e/0x2b0
[  770.321866][T14072]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  770.321877][T14072]  ? rcu_qs+0x2b/0xe0
[  770.321889][T14072]  ? rcu_note_context_switch+0x192/0x1e00
[  770.321904][T14072]  raw_spin_rq_lock_nested+0x7e/0x130
[  770.321918][T14072]  ? preempt_schedule_common+0x44/0xc0
[  770.321934][T14072]  ? preempt_schedule_common+0x44/0xc0
[  770.321949][T14072]  __schedule+0x301/0x5dd0
[  770.321964][T14072]  ? find_held_lock+0x2b/0x80
[  770.321978][T14072]  ? __lock_acquire+0xb8a/0x1c90
[  770.321988][T14072]  ? __pfx___schedule+0x10/0x10
[  770.322003][T14072]  ? mark_held_locks+0x49/0x80
[  770.322019][T14072]  ? irqentry_exit+0x3b/0x90
[  770.322029][T14072]  ? lockdep_hardirqs_on+0x7c/0x110
[  770.322045][T14072]  ? preempt_schedule_thunk+0x16/0x30
[  770.322060][T14072]  preempt_schedule_common+0x44/0xc0
[  770.322080][T14072]  preempt_schedule_thunk+0x16/0x30
[  770.322094][T14072]  ? d_alloc_parallel+0xb70/0x12e0
[  770.322109][T14072]  ? d_alloc_parallel+0xb7d/0x12e0
[  770.322122][T14072]  d_alloc_parallel+0xb82/0x12e0
[  770.322138][T14072]  ? find_held_lock+0x2b/0x80
[  770.322151][T14072]  ? __pfx_d_alloc_parallel+0x10/0x10
[  770.322166][T14072]  ? __d_lookup+0x266/0x4a0
[  770.322181][T14072]  lookup_open.isra.0+0x665/0x1580
[  770.322197][T14072]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  770.322215][T14072]  ? __pfx_down_write+0x10/0x10
[  770.322226][T14072]  ? mnt_get_write_access+0x20c/0x300
[  770.322240][T14072]  path_openat+0x893/0x2cb0
[  770.322258][T14072]  ? __pfx_path_openat+0x10/0x10
[  770.322276][T14072]  do_filp_open+0x20b/0x470
[  770.322292][T14072]  ? __pfx_do_filp_open+0x10/0x10
[  770.322312][T14072]  ? _raw_spin_unlock+0x28/0x50
[  770.322327][T14072]  ? alloc_fd+0x471/0x7d0
[  770.322344][T14072]  do_sys_openat2+0x11b/0x1d0
[  770.322357][T14072]  ? __pfx_do_sys_openat2+0x10/0x10
[  770.322370][T14072]  ? __pfx___schedule+0x10/0x10
[  770.322385][T14072]  __x64_sys_open+0x153/0x1e0
[  770.322397][T14072]  ? __pfx___x64_sys_open+0x10/0x10
[  770.322411][T14072]  ? rcu_is_watching+0x12/0xc0
[  770.322424][T14072]  do_syscall_64+0xcd/0x4c0
[  770.322435][T14072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.322447][T14072] RIP: 0033:0x7ffb2918e9a9
[  770.322456][T14072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  770.322467][T14072] RSP: 002b:00007ffb26fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  770.322478][T14072] RAX: ffffffffffffffda RBX: 00007ffb293b6080 RCX: 00007ffb2918e9a9
[  770.322485][T14072] RDX: 0000000000000080 RSI: 0000000000103a42 RDI: 0000200000000040
[  770.322492][T14072] RBP: 00007ffb26fd5090 R08: 0000000000000000 R09: 0000000000000000
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  770.322498][T14072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  770.322504][T14072] R13: 0000000000000000 R14: 00007ffb293b6080 R15: 00007fffac6cf698
[  770.322514][T14072]  </TASK>
[  770.332520][T14034] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  770.340968][T14072] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2093'.
[  770.386835][ T5833] Bluetooth: hci6: command tx timeout
[  770.933339][T14034] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  771.113213][T14034] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  771.156327][T10326] usb 5-1: USB disconnect, device number 66
[  771.618900][T14032] bond0: (slave syz_tun): Releasing backup interface
[  772.414253][T13122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  772.424319][T13122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  772.433315][T13122] bond0 (unregistering): Released all slaves
[  772.441048][T13122] bond1 (unregistering): Released all slaves
[  772.471185][T13122] tipc: Left network mode
[  772.611699][T13122] hsr_slave_0: left promiscuous mode
[  772.617268][T13122] hsr_slave_1: left promiscuous mode
[  772.623081][T13122] batman_adv: batadv0: Removing interface: batadv_slave_0
[  772.630458][T13122] batman_adv: batadv0: Removing interface: batadv_slave_1
[  772.862975][T13122] team0 (unregistering): Port device team_slave_1 removed
[  772.893614][T13122] team0 (unregistering): Port device team_slave_0 removed
[  773.366083][T13122] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.434864][T13122] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.483397][T13122] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.533622][T13122] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.605069][T13122] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.615377][T13122] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  773.644569][T13122] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.654842][T13122] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  773.703907][T13122] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.714321][T13122] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  773.773818][T13122] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.784307][T13122] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  773.870224][T13122] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  773.880545][T13122] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  773.938519][T13122] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  773.948894][T13122] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  773.998123][T13122] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  774.008530][T13122] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  774.057688][T13122] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  774.068122][T13122] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  774.468675][T13122] netdevsim netdevsim3 netdevsim0 (unregistering): left allmulticast mode
[  774.477395][T13122] netdevsim netdevsim3 netdevsim0 (unregistering): left promiscuous mode
[  774.553192][T13122] bridge_slave_1: left allmulticast mode
[  774.559322][T13122] bridge_slave_1: left promiscuous mode
[  774.565626][T13122] bridge0: port 2(bridge_slave_1) entered disabled state
[  774.573382][T13122] bridge_slave_0: left allmulticast mode
[  774.579004][T13122] bridge_slave_0: left promiscuous mode
[  774.585504][T13122] bridge0: port 1(bridge_slave_0) entered disabled state
[  774.594633][T13122] bridge_slave_1: left allmulticast mode
[  774.600259][T13122] bridge_slave_1: left promiscuous mode
[  774.606102][T13122] bridge0: port 2(bridge_slave_1) entered disabled state
[  774.614218][T13122] bridge_slave_0: left allmulticast mode
[  774.619838][T13122] bridge_slave_0: left promiscuous mode
[  774.625519][T13122] bridge0: port 1(bridge_slave_0) entered disabled state
[  774.670118][T13122] bond1 (unregistering): (slave gretap1): Releasing active interface
[  774.736105][T13122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  774.745662][T13122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  774.754900][T13122] bond0 (unregistering): Released all slaves
[  774.762833][T13122] bond1 (unregistering): Released all slaves
[  774.794409][T13122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  774.803794][T13122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  774.813608][T13122] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  774.824082][T13122] bond0 (unregistering): Released all slaves
[  774.832222][T13122] bond1 (unregistering): Released all slaves
[  774.929426][T13122] dvmrp0 (unregistering): left allmulticast mode
[  775.154529][T13122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  775.163688][T13122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  775.173134][T13122] bond0 (unregistering): (slave team0): Releasing backup interface
[  775.181539][T13122] bond0 (unregistering): Released all slaves
[  775.236626][T13122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  775.246042][T13122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  775.255449][T13122] bond0 (unregistering): Released all slaves
[  775.320443][T13122] batman_adv: batadv0: Removing interface: gretap1
[  775.330035][T13122] bond1 (unregistering): (slave gretap2): Releasing active interface
[  775.498598][T13122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  775.507754][T13122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  775.517172][T13122] bond0 (unregistering): (slave team0): Releasing backup interface
[  775.525772][T13122] bond0 (unregistering): Released all slaves
[  775.607184][T13122] bond1 (unregistering): Released all slaves
[  775.696975][T13122] : left promiscuous mode
[  775.753510][T13122] tipc: Disabling bearer <udp:s>
[  775.758587][T13122] tipc: Left network mode
[  775.778261][T13122] tipc: Left network mode
[  776.130415][T13122] mac80211_hwsim hwsim17 wlan0 (unregistering): left promiscuous mode
[  776.194124][T13122] hsr_slave_0: left promiscuous mode
[  776.199709][T13122] hsr_slave_1: left promiscuous mode
[  776.207335][T13122] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  776.215882][T13122] batman_adv: batadv0: Removing interface: batadv_slave_0
[  776.223588][T13122] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  776.230959][T13122] batman_adv: batadv0: Removing interface: batadv_slave_1
[  776.239673][T13122] hsr_slave_0: left promiscuous mode
[  776.245321][T13122] hsr_slave_1: left promiscuous mode
[  776.250795][T13122] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  776.258267][T13122] batman_adv: batadv0: Removing interface: batadv_slave_0
[  776.265742][T13122] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  776.273333][T13122] batman_adv: batadv0: Removing interface: batadv_slave_1
[  776.284121][T13122] hsr_slave_0: left promiscuous mode
[  776.289693][T13122] hsr_slave_1: left promiscuous mode
[  776.295227][T13122] batman_adv: batadv0: Removing interface: batadv_slave_0
[  776.302844][T13122] batman_adv: batadv0: Removing interface: batadv_slave_1
[  776.311845][T13122] hsr_slave_0: left promiscuous mode
[  776.317336][T13122] hsr_slave_1: left promiscuous mode
[  776.323169][T13122] batman_adv: batadv0: Removing interface: batadv_slave_0
[  776.330542][T13122] batman_adv: batadv0: Removing interface: batadv_slave_1
[  776.339588][T13122] hsr_slave_0: left promiscuous mode
[  776.345297][T13122] hsr_slave_1: left promiscuous mode
[  776.350760][T13122] batman_adv: batadv0: Removing interface: batadv_slave_1
[  776.362035][T13122] veth1_macvtap: left promiscuous mode
[  776.367505][T13122] veth0_macvtap: left promiscuous mode
[  776.373155][T13122] veth1_vlan: left promiscuous mode
[  776.378559][T13122] veth0_vlan: left promiscuous mode
[  776.384341][T13122] veth1_vlan: left promiscuous mode
[  776.389526][T13122] veth0_vlan: left promiscuous mode
[  776.490257][T13122] team0 (unregistering): Port device team_slave_1 removed
[  776.501250][T13122] team0 (unregistering): Port device team_slave_0 removed
[  776.720956][T13122] team0 (unregistering): Port device team_slave_1 removed
[  776.734731][T13122] team0 (unregistering): Port device team_slave_0 removed
[  777.022915][T13122] team0 (unregistering): Port device team_slave_1 removed
[  777.054747][T13122] team0 (unregistering): Port device team_slave_0 removed
[  777.373228][T13122] team0 (unregistering): Port device team_slave_1 removed
[  777.393372][T13122] team0 (unregistering): Port device team_slave_0 removed
[  777.646384][T13122] team0 (unregistering): Port device team_slave_1 removed
[  777.679598][T13122] team0 (unregistering): Port device team_slave_0 removed
[  777.945384][   T24] lo speed is unknown, defaulting to 1000
[  777.951161][   T24] infiniband syz0: ib_query_port failed (-19)