last executing test programs:

2m53.278514438s ago: executing program 0 (id=371):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, r0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x4000850}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0xa0502, 0x49)
io_setup(0x1, &(0x7f00000016c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x8, r4, &(0x7f0000000180)="282fa8c2", 0x4, 0x5, 0x0, 0x0, r4}])
sendfile(r1, r2, 0x0, 0x20000023896)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYRESHEX=r2, @ANYRES32=0x0, @ANYRESDEC=r3, @ANYRES32=r4], 0x13c}, 0x1, 0x0, 0x0, 0x880}, 0x0)

2m52.346559524s ago: executing program 0 (id=378):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, 0x0, &(0x7f0000000100))
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0100000003000000060000000b"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r4}, 0xc)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000140)={'dt2814\x00', [0xb02f, 0x401, 0xe2, 0x3, 0x88d7, 0x80000001, 0x1007, 0x1, 0x1002, 0xfffffdff, 0x200, 0x7, 0x10000007, 0x1, 0x5, 0x1ff, 0x8, 0x3, 0x101, 0x8e, 0x10c, 0x4005, 0x2, 0xa, 0x5, 0x1, 0xb0c4, 0xe, 0xff, 0x400002, 0x4000004]})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000600), 0xfec8)
recvmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001cc0)=""/4096, 0x1000}, {&(0x7f0000000240)=""/83, 0x53}], 0x2, 0x0, 0x0, 0x2000000}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)=""/129, 0x81}], 0x1}, 0xfffffeff}], 0x2, 0xe9, 0x0)

2m51.884032383s ago: executing program 0 (id=379):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000140)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000002c0)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x10001})
ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000040)={0x28, 0x5, 0x0, 0x0, 0x3, 0xfffffffffffffffa, 0x3fff})
syz_open_dev$sndpcmp(0x0, 0x0, 0x40000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = open(0x0, 0x14927e, 0x9)
fallocate(r2, 0x0, 0x4000, 0x1001f0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
getsockopt$ax25_int(r3, 0x101, 0x5, 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
openat$cgroup_pressure(r6, &(0x7f0000002500)='io.pressure\x00', 0x2, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
getsockname$packet(r0, 0x0, &(0x7f0000014580))
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2, 0xe}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x3], [0x0, 0x8, 0x0, 0x0, 0x5]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x9}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)

2m50.197452873s ago: executing program 0 (id=385):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x8040)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="f78d9ca38fff48f3be52163448412b", 0xf}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4f", 0x45}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x40000103)

2m48.898630773s ago: executing program 0 (id=388):
mkdir(&(0x7f0000000280)='./file0\x00', 0x18b)
utime(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)={0xfffffffffffffb1f, 0x9})
r0 = accept4$x25(0xffffffffffffffff, &(0x7f0000000080)={0x9, @remote}, &(0x7f0000000180)=0x12, 0x80800)
accept4(r0, 0x0, &(0x7f00000001c0), 0x100800)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000000008010200000000000000000200000a090001007379ffffffffffffff7f0240dada000005000300210000002f595aa6c6a891b8768d7194dd9ee4d23030e83cc4dd89da80"], 0x30}, 0x1, 0x0, 0x0, 0x4014}, 0x4008000)
mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x40d51e82f7aa5494}}, 0x18)

2m48.723948437s ago: executing program 0 (id=390):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000006000095001500000000"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000ff", 0x15}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="11000000040000000400000022bf000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000009467caca1efdcf7276c365f5e86b8138ed0b9a5505569019d9e5683c83e297dd75a48b00d17133dfc23c37d81cef525cdfd8620d447972e94dd5ec7176931f2868db0f048ce11c18d55fa2bd3e73b44d92cf1a0880a458929fc01ef457407328c885b25c35a2ad8b27434d93a89c24859a5b7be6a1887340328fdfa47d25d71cbf9278414dda084509b7e6b97eda0757c38403093453c58aa8dc8bcbd5a27530bb2c20581a85cd889acb428d291a6d0818ff5c518f4b3435630e680c69138c5197a5ae0e48f62e08f132205a2808fe9569d2b4e73b42592c18998ae486821ee5fecbeaa4852c0b189e2d5778fb8d7e4670e10aa6bb80f0995c02748396053855dc17559f9107d471c3b6431238ee2a5283107dcbe4cf6544cb143488adf6a56ec354291e9bb1eb739b971ac7024b0aef66758d647305fca60a6c60ea8519643138bcdd9ce8cc749cdce8a509fd2d404b9089abde22c8d9aa2935c6f46a0940fe5fc7bacf18ddc78c0f71f0d7d9e97fb8bdafccf990d7e219d377f3549c86b157a1"], 0x50)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x80000)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000140), &(0x7f0000000080)=@tcp6=r5, 0x2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r6=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x8})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r7 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8)
r8 = syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0xffffffff, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000040)=<r9=>0x0, &(0x7f0000000140)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r7})
io_uring_enter(r8, 0x44fd, 0x3, 0x1, 0x0, 0x0)
rt_sigsuspend(&(0x7f0000000040)={[0xfffffffffffbfefd]}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8364197c333a44d670c9ebe85ff00000000bfa100000000000007010000fffdffffb702000008000000b703000084615ec3f7bf81370000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
r11 = socket(0x2, 0x803, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYRES32, @ANYRESOCT=r6, @ANYRESDEC=r7, @ANYRES16, @ANYRES16=r12, @ANYRES32=r5, @ANYRES16=r0], 0xa0}}, 0x4840)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x400000000000004)
r13 = socket$inet(0x2b, 0x801, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r13, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000080)=0x68)

2m32.894969374s ago: executing program 32 (id=390):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000006000095001500000000"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000ff", 0x15}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="11000000040000000400000022bf000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000009467caca1efdcf7276c365f5e86b8138ed0b9a5505569019d9e5683c83e297dd75a48b00d17133dfc23c37d81cef525cdfd8620d447972e94dd5ec7176931f2868db0f048ce11c18d55fa2bd3e73b44d92cf1a0880a458929fc01ef457407328c885b25c35a2ad8b27434d93a89c24859a5b7be6a1887340328fdfa47d25d71cbf9278414dda084509b7e6b97eda0757c38403093453c58aa8dc8bcbd5a27530bb2c20581a85cd889acb428d291a6d0818ff5c518f4b3435630e680c69138c5197a5ae0e48f62e08f132205a2808fe9569d2b4e73b42592c18998ae486821ee5fecbeaa4852c0b189e2d5778fb8d7e4670e10aa6bb80f0995c02748396053855dc17559f9107d471c3b6431238ee2a5283107dcbe4cf6544cb143488adf6a56ec354291e9bb1eb739b971ac7024b0aef66758d647305fca60a6c60ea8519643138bcdd9ce8cc749cdce8a509fd2d404b9089abde22c8d9aa2935c6f46a0940fe5fc7bacf18ddc78c0f71f0d7d9e97fb8bdafccf990d7e219d377f3549c86b157a1"], 0x50)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x80000)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000140), &(0x7f0000000080)=@tcp6=r5, 0x2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r6=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x8})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r7 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8)
r8 = syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0xffffffff, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000040)=<r9=>0x0, &(0x7f0000000140)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r7})
io_uring_enter(r8, 0x44fd, 0x3, 0x1, 0x0, 0x0)
rt_sigsuspend(&(0x7f0000000040)={[0xfffffffffffbfefd]}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8364197c333a44d670c9ebe85ff00000000bfa100000000000007010000fffdffffb702000008000000b703000084615ec3f7bf81370000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
r11 = socket(0x2, 0x803, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYRES32, @ANYRESOCT=r6, @ANYRESDEC=r7, @ANYRES16, @ANYRES16=r12, @ANYRES32=r5, @ANYRES16=r0], 0xa0}}, 0x4840)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x400000000000004)
r13 = socket$inet(0x2b, 0x801, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r13, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000080)=0x68)

15.082974934s ago: executing program 4 (id=831):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xe, 0x0, &(0x7f0000000680)="668995da8b9413350fff9ffc047c", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000000)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, &(0x7f0000000380)=""/240, &(0x7f0000000900)=""/103, 0x0})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(0xffffffffffffffff, &(0x7f0000001800)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x1, 0x2b, 0x1c, 0x68, 0x0, 0x60, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, "11f3305280f125e6"}}, 0x2a)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000980)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

11.836228063s ago: executing program 4 (id=843):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0))
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, r1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xfffffffb}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000380)={0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x4000850}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0xa0502, 0x49)
io_setup(0x1, &(0x7f00000016c0)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x8, r7, &(0x7f0000000180)="282fa8c2", 0x4, 0x5, 0x0, 0x0, r7}])
sendfile(r4, r5, 0x0, 0x20000023896)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYRESHEX=r5, @ANYRES32=0x0, @ANYRESDEC=r6, @ANYRES32=r7], 0x13c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)
socket$netlink(0x10, 0x3, 0x0)

10.064018653s ago: executing program 3 (id=847):
ioctl$VIDIOC_G_AUDOUT(0xffffffffffffffff, 0x80345631, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x12)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=<r1=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x39)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r2, &(0x7f0000000300)="cb17", 0x0}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e20, 0x1, @mcast1, 0x7}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000004c00)=""/102392, 0x18ff8)
syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xb)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2fdfffffd}, 0xc)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xfffffffffffffd28}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x2000c010)
close_range(r0, 0xffffffffffffffff, 0x0)
r8 = socket(0x10, 0x80003, 0x0)
write(r8, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c080}, 0x0)

9.385545998s ago: executing program 3 (id=849):
prlimit64(0x0, 0xf, &(0x7f0000000140)={0x800a, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000002a00000008005800000000000e0001006e656464657673696d0000000f3502006e657467657673696d3000000800030003001000"], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7000001000000008500000006000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_io_uring_setup(0x1847, &(0x7f0000000640)={0x0, 0xec25, 0x40, 0x1, 0x40000333}, &(0x7f00000006c0)=<r6=>0x0, &(0x7f0000000300)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1})
io_uring_enter(r5, 0x847ba, 0x79c, 0xe, 0x0, 0x0)
write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc)
listen(r3, 0x8)
r8 = accept4(r3, 0x0, 0x0, 0x0)
sendto$inet(r8, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r8, 0x84, 0x22, &(0x7f0000000580)={0x2, 0x0, 0x6, 0xffffffff}, 0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
write$binfmt_aout(r8, &(0x7f0000000800)=ANY=[@ANYBLOB="cc0001e78c0000000603000007000010fe020000010000000000000000000000c0aaec5702450b9808ac49b42171aa81080000000000000053df6528a7307a30c121264cafaac11d72c324454250e325e487d3c90c119af4cb41c547e921e389a947d981565dbd51504decf6c1b7eeac1679fd511ad4b947ea1ba6aa4b0290da1d0ee4cb9bbfd6b07ef98c362089ffe5865e75cf2f8e173c66a0cab655c31fd35ffc832b20b8d74cf03beb26df2dd552c6d45cc00425a5a4763e60bb4e3ceea9ec53b2c0fccb3c668360b051d9cb5130e54decf5d749cfd2610a2c1d6b112be5f908aa48fb03c00278824104f686986979e6f7dfd834b50a2f8146d8faf6d395dae4b09cd126f2c540d7d563e6f3cf25cd37df9a03bbd776ed1d144f319497cecc21599c275e16a801449a7b302b7b3a2751c7162cf78356a1d85bd154bbc11433ef904399ee3f452cb4107305cb556d35c617aa686c8803911c515e64bffd8fda691ec1a77f48c6ed7ecaf6dcd6bea33d52a3b0a4e3fe92f6a79f2c000000000000d228ec4d02e4a3372ed597b624c1469576f01d7f189bf4113c3c9ae7145cfe30e5f68b2555bd91a8262ee0af4a28a92223668666530fc00c47858aad3219594808fb7744a2bfd1a650ad609262eed5f3cb23f8ebf3d15fbc9bc25d9b09baa5ad6191efa69a6b6a15b97e977a5b3a12deb4aab8a3e71c6e405af32dfcafb52e440be7188de6dc65e10a53807e4fc897996d6bd8724b3486d1f0"], 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r9, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$rxrpc(0x21, 0x2, 0xa)

9.084032522s ago: executing program 4 (id=851):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000540)=0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xef)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000300)=0x40)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7e) (fail_nth: 3)

8.55262499s ago: executing program 4 (id=854):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
clock_gettime(0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = io_uring_setup(0x1ddd, &(0x7f0000000440)={0x0, 0x40000000, 0x0, 0x1, 0x8})
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000740)={&(0x7f0000001000)={[{0x0}]}, 0x1}, 0x1)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r4, 0x17, 0x0, 0x1)
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
syz_usb_disconnect(r5)
read$char_usb(r6, 0x0, 0x0)

7.327914474s ago: executing program 2 (id=857):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00006000000080002000500000014"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)

7.240876913s ago: executing program 5 (id=858):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x401, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
prlimit64(r1, 0xc, &(0x7f0000000180)={0x8, 0x6}, &(0x7f0000000f80))
sendmsg$nl_route_sched(r4, 0x0, 0x880)
connect$inet(0xffffffffffffffff, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000080))
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001000), 0x2, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r7=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000340)={0x15, 0x110, 0xfa00, {r7, 0x0, 0x30, 0x30, 0x0, @in6={0x1b, 0x4000, 0x0, @loopback, 0xbff}, @ib={0x1b, 0x38e, 0x0, {}, 0x0, 0x3ffffffc, 0x8}}}, 0x118)
write$RDMA_USER_CM_CMD_CONNECT(r5, &(0x7f0000001040)={0x6, 0x118, 0xfa00, {{0x7, 0x57f8, "669c45f4ec60bff12e4890888348296a0a1e79424ddda61b15bedab068d4ea1bb7bef7630c4a8e9755efff90f85c12750a5c4382919d84bfb58ed40af09511a3ec419547f797e60d32f10039f2db430d25f4fea3d1e0897c2b3334a3c9f727c945624aea27468fdde417e1e04fa3543c78d48a143d6af22a0c0268d1945a52ed7674e8623452f77b4796af87978f3b3b932f01ec257b2b25b1351d303e2b1abc2ace4b273a65553c1d237f736aaf4e8bf19a7bf47aaeab957c75fe6567b10ddbedb89eb8ef4bd839198b4cc36c21cef7bb472031fd7a7c689e1e80b4855bf525b0cd689f3e6cf9c921da8a855fa8efbf4bbc5c82491fd490489e5b07a288b5d8", 0xfc, 0x8, 0x80, 0x80, 0x21, 0x6, 0x0, 0x1}, r7}}, 0x120)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

6.39516335s ago: executing program 2 (id=859):
ioctl$VIDIOC_G_AUDOUT(0xffffffffffffffff, 0x80345631, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x12)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=<r1=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x39)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r2, &(0x7f0000000300)="cb17", 0x0}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e20, 0x1, @mcast1, 0x7}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000004c00)=""/102392, 0x18ff8)
syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xb)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2fdfffffd}, 0xc)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xfffffffffffffd28}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x2000c010)
close_range(r0, 0xffffffffffffffff, 0x0)
r8 = socket(0x10, 0x80003, 0x0)
write(r8, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c080}, 0x0)

6.269801697s ago: executing program 5 (id=860):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x401, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
prlimit64(r1, 0xc, &(0x7f0000000180)={0x8, 0x6}, &(0x7f0000000f80))
sendmsg$nl_route_sched(r4, 0x0, 0x880)
connect$inet(0xffffffffffffffff, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000080))
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001000), 0x2, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r7=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000340)={0x15, 0x110, 0xfa00, {r7, 0x0, 0x30, 0x30, 0x0, @in6={0x1b, 0x4000, 0x0, @loopback, 0xbff}, @ib={0x1b, 0x38e, 0x0, {}, 0x0, 0x3ffffffc, 0x8}}}, 0x118)
write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r7, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_CONNECT(r5, &(0x7f0000001040)={0x6, 0x118, 0xfa00, {{0x7, 0x57f8, "669c45f4ec60bff12e4890888348296a0a1e79424ddda61b15bedab068d4ea1bb7bef7630c4a8e9755efff90f85c12750a5c4382919d84bfb58ed40af09511a3ec419547f797e60d32f10039f2db430d25f4fea3d1e0897c2b3334a3c9f727c945624aea27468fdde417e1e04fa3543c78d48a143d6af22a0c0268d1945a52ed7674e8623452f77b4796af87978f3b3b932f01ec257b2b25b1351d303e2b1abc2ace4b273a65553c1d237f736aaf4e8bf19a7bf47aaeab957c75fe6567b10ddbedb89eb8ef4bd839198b4cc36c21cef7bb472031fd7a7c689e1e80b4855bf525b0cd689f3e6cf9c921da8a855fa8efbf4bbc5c82491fd490489e5b07a288b5d8", 0xfc, 0x8, 0x80, 0x80, 0x21, 0x6, 0x0, 0x1}, r7}}, 0x120)

5.447763555s ago: executing program 2 (id=861):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc000060000000800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)

5.368207468s ago: executing program 4 (id=862):
r0 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x880)

5.255915006s ago: executing program 4 (id=863):
syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x201, 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000400)={0x10000001})
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x9)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a3000000000090002"], 0xbc}}, 0x0)
setrlimit(0x8, &(0x7f00000000c0)={0xb5, 0x8b79})
r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000006c0), 0xffffffffffffffff)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0xfffffffffffffffd, 0x11002, &(0x7f0000000700)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@max_read={'max_read', 0x3d, 0x1}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x5}}, {@max_read={'max_read', 0x3d, 0xd}}, {@blksize}], [{@pcr={'pcr', 0x3d, 0x24}}, {@uid_lt}]}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000040)={0x4a02, 0x3}, 0xb, 0x0)
landlock_restrict_self(r6, 0x0)
faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x8c6, 0x0})

5.232851363s ago: executing program 5 (id=864):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
close(0xffffffffffffffff)
listen(0xffffffffffffffff, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r4, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}}, 0x800)

5.146341003s ago: executing program 5 (id=865):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000002c80)=ANY=[@ANYBLOB="1201939e0a000000010902120001000000000904001700bee4f900"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x301)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00100000000001f8001142fce7df8f670da626cd0b6fcd1cc99908009753d191018f3a4360bab9fd967536bafb0427dd9c2838aea6b84461e0c2c4505117d30bce6a00600557f6e49a0a1d655921cf536cf93905003a440bd6e77e33ed057fa71cbc290b245b5a23b1564c629cc9e7af61ac510a331cbf53ab7e5fea489542a7d7a80aba91a641641579a28b67dbd1605c9b2cf5e633d3134d86913fc57c7e38475f6c27b070ef4ff5b478661dbb9aed77c181fb1fd3ae4db10d4a792f2f88c8ce1235ada10147"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

5.036829162s ago: executing program 2 (id=866):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000005f00)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r1, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800410}, 0xc, &(0x7f00000001c0)={&(0x7f0000000b80)={0x724, 0x0, 0x800, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x450, 0x11d, 0x0, 0x1, [{0x264, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x64}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x1d8, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x3c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xff, 0xd, 0x4, 0xc000, 0xf0, 0x2, 0xc8, 0xdf]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x320, 0x2, 0x401, 0x10, 0x7, 0x0, 0x1, 0x4]}}]}, @NL80211_BAND_2GHZ={0x84, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x11, 0x1, [0xb, 0xb, 0x5, 0x1, 0x16, 0x24, 0x6, 0x0, 0x5, 0x36, 0x33, 0x2, 0x5]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7fff, 0x89c8, 0x2, 0xff, 0x9, 0x63, 0x100, 0x9]}}, @NL80211_TXRATE_HT={0x48, 0x2, [{0x1, 0x9}, {0x7, 0x2}, {0x0, 0x8}, {0x7, 0x7}, {0x2, 0x8}, {0x1, 0x4}, {0x4, 0x2}, {0x1, 0x2}, {0x5, 0xa}, {0x1}, {0x6, 0x7}, {0x5}, {0x1, 0x4}, {0x4, 0x8}, {0x1, 0x8}, {0x4, 0x7}, {0x2, 0x8}, {0x0, 0x5}, {0x6, 0x1}, {0x2, 0x7}, {0x2, 0x6}, {0x7, 0x4}, {0x4}, {0x7, 0x6}, {0x7, 0xa}, {0x3, 0x3}, {0x7, 0x4}, {0x2, 0x8}, {0x3, 0xa}, {0x1, 0x5}, {0x7, 0x8}, {0x0, 0x3}, {0x3, 0x2}, {0x7, 0x8}, {0x3, 0x1}, {0x2}, {0x5, 0x6}, {}, {0x5, 0x7}, {0x0, 0x3}, {0x4, 0x7}, {0x1, 0x2}, {0x6, 0x2}, {0x6, 0x1}, {0x2, 0x8}, {0x1}, {0x5, 0x6}, {0x6, 0x4}, {0x2, 0x1}, {0x7, 0xa}, {0x4, 0x4}, {0x7}, {0x0, 0x9}, {0x7, 0x1}, {0x1, 0x5}, {0x7, 0x7}, {0x6, 0x7}, {0x6, 0x4}, {0x1, 0x1}, {0x2, 0x1b}, {0x2, 0x2}, {0x5, 0x6}, {0x2}, {0x2, 0xa}, {0x2, 0x5}, {0x7, 0xa}, {0x0, 0xa}, {0x0, 0x3}]}]}, @NL80211_BAND_60GHZ={0x1c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x8}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_60GHZ={0xd0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x16, 0x2, [{0x5, 0x2}, {0x6, 0x8}, {0x2, 0x1}, {0x5, 0x3}, {0x4}, {0x0, 0x7}, {0x2, 0x4}, {0x1, 0x1}, {0x5, 0x2}, {0x1, 0x6}, {0x4, 0x2}, {0x5, 0x5}, {0x6, 0x7}, {0x4, 0x4}, {0x6, 0x8}, {0x0, 0x3}, {0x4, 0x4}, {0x7, 0x5}]}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x1, 0x7}, {0x2, 0x2}, {0x7, 0x7}, {0x0, 0x7}, {0x6, 0x6}, {0x1, 0x2}, {0x4, 0x2}, {0x3, 0x7}, {0x3, 0x7}]}, @NL80211_TXRATE_HT={0x32, 0x2, [{0x6, 0x7}, {0x5}, {0x4, 0x9}, {0x3, 0x8}, {0x7, 0x6}, {0x0, 0x2}, {0x6}, {0x0, 0x3}, {0x7, 0x8}, {0x5, 0x3}, {0x3, 0x5}, {0x2, 0x2}, {0x7, 0x4}, {0x2, 0x3}, {0x7, 0x1}, {0x4, 0x3}, {0x0, 0x6}, {}, {0x3, 0x7}, {0x6, 0xa}, {0x0, 0x5}, {0x3, 0x5}, {0x4, 0x6}, {0x6, 0xa}, {0x6}, {0x7, 0x1}, {0x4}, {0x0, 0x9}, {0x3, 0x5}, {0x0, 0x6}, {0x0, 0x2}, {0x5, 0x3}, {0x1, 0x8}, {0x5}, {0x1, 0x2}, {0x1}, {0x0, 0x3}, {0x3, 0x2}, {0x6, 0x3}, {0x5}, {0x5, 0x2}, {0x4, 0x6}, {0x7, 0x4}, {0x7, 0x6}, {0x4, 0x8}, {0x0, 0x9}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x4d, 0x2, [{0x7, 0x3}, {0x4, 0x4}, {0x0, 0x6}, {0x6, 0x7}, {0x3, 0x7}, {0x2, 0x3}, {0x5, 0x8}, {0x0, 0x1}, {0x6, 0x4}, {0x1}, {0x0, 0x2}, {0x7, 0x3}, {0x4, 0x6}, {0x0, 0xa}, {0x6, 0x6}, {0x6, 0x2}, {0x4, 0x2}, {0x3, 0x8}, {0x0, 0x8}, {0x7, 0x4}, {0x7, 0x1}, {0x1, 0x2}, {0x5, 0x6}, {0x0, 0x3}, {0x4, 0x5}, {0x0, 0x1}, {0x3, 0x5}, {0x4, 0x4}, {0x7, 0x8}, {0x1, 0x1}, {0x0, 0x3}, {0x5, 0x6}, {0x4, 0x3}, {0x3}, {0x0, 0x4}, {0x3, 0x9}, {0x4, 0x2}, {0x7, 0x8}, {0x1, 0x5}, {0x1, 0x1}, {0x1, 0x5}, {}, {0x3, 0x4}, {0x7, 0x9}, {0x0, 0x7}, {0x3, 0x5}, {0x2, 0x1}, {0x4, 0x9}, {0x5, 0x4}, {0x1, 0x4}, {0x4, 0xa}, {0x1, 0x3}, {0x4, 0x8}, {0x3, 0xa}, {0x3, 0x5}, {0x2, 0xa}, {0x3, 0x3}, {0x1, 0x3}, {0x4, 0x7}, {0x1, 0x3}, {0x2, 0x3}, {0x5, 0x5}, {0x4, 0xa}, {0x7, 0x7}, {0x0, 0x1}, {0x0, 0x2}, {0x3, 0x8}, {0x7, 0x2}, {0x3, 0x2}, {0x1, 0x7}, {0x3}, {0x7, 0x9}, {0x3, 0x5}]}]}, @NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x1b, 0x2, [{0x3, 0x7}, {0x1, 0xa}, {0x3, 0x6}, {0x6, 0x3}, {0x6}, {0x2, 0x4}, {0x1, 0x5}, {0x4}, {0x1, 0x5}, {0x3, 0x1}, {0x5, 0x5}, {0x1, 0xa}, {0x7, 0x9}, {0x7, 0x3}, {0x0, 0x1}, {0x6, 0x9}, {0x2, 0xa}, {0x5, 0x7}, {0x1, 0x5}, {0x0, 0x8}, {0x7, 0x2}, {0x1, 0x6}, {0x0, 0x3}]}]}]}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x54, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x50, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x2, 0x36, 0x3, 0x36, 0x3, 0x8, 0x36, 0xb, 0x30, 0x36, 0x6, 0x1b, 0x1, 0xb, 0x5, 0x0, 0x2, 0x12, 0x1, 0x9]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x2, 0x48, 0x6c, 0x5a, 0xc, 0x36, 0xc, 0x6c, 0x16, 0x18, 0x36, 0x16, 0x6, 0x0, 0x60, 0x1, 0x60, 0x2, 0x9, 0x12, 0x16, 0x18, 0x1, 0x9, 0x36, 0xbdff3f9974123d2d, 0x6, 0x4, 0x1b]}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x1}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x5d}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf6}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0x19c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xf7}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x174, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x80, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x35, 0x3a3, 0xe3fd, 0x101, 0x81, 0x7, 0x8]}}, @NL80211_TXRATE_HT={0xa, 0x2, [{0x5, 0x3}, {0x7, 0x5}, {0x3, 0x4}, {0x2, 0x2}, {0x1, 0x3}, {0x3, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x0, 0xa7, 0x0, 0x7f, 0x9, 0xff, 0x6]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x48, 0x6c, 0x0, 0x5, 0x12, 0x48, 0x5, 0x24, 0x6, 0x30, 0xb, 0x2, 0x18, 0x3, 0x4, 0x18, 0x18, 0x24, 0x12, 0x9, 0x16, 0x12, 0x1, 0x6c, 0x60, 0x6, 0xb, 0x36]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_60GHZ={0x14, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x3}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_60GHZ={0xdc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x12, 0x12, 0x6c, 0x0, 0x60, 0x60, 0x0, 0x16, 0x16, 0x5, 0x1b, 0xb, 0x6c, 0x48, 0xc, 0x24, 0x3e, 0x16, 0x4, 0x65, 0x6, 0x6, 0x30, 0x30, 0x9, 0x18]}, @NL80211_TXRATE_HT={0x50, 0x2, [{0x2, 0x3}, {0x1, 0x5}, {0x2, 0x8}, {0x4, 0x3}, {0x3, 0x8}, {}, {0x7, 0xa}, {0x6, 0x5}, {0x0, 0x6}, {0x6, 0x5}, {0x2, 0xb}, {0x1}, {0x6, 0x1}, {0x6, 0x5}, {}, {0x3, 0xa}, {0x1, 0x9}, {0x0, 0x7}, {0x1, 0x2}, {0x3, 0x7}, {0x7, 0x5}, {0x2, 0xa}, {0x0, 0x4}, {0x4, 0x6}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x3}, {0x6, 0x9}, {0x5}, {0x0, 0x2}, {0x2, 0xa}, {0x1, 0x3}, {0x4, 0xb}, {0x2, 0x7}, {0x7, 0x5}, {0x0, 0xa}, {0x3, 0x6}, {0x1, 0x8}, {0x3, 0x6}, {0x1, 0x4}, {0x1, 0x3}, {0x1, 0x9}, {0x0, 0x7}, {0x1, 0x5}, {0x1, 0x2}, {}, {0x4, 0x9}, {0x3, 0xa}, {0x1, 0xa}, {0x0, 0xa}, {0x7}, {}, {0x6, 0x9}, {0x7, 0x4}, {0x4, 0x3}, {0x4, 0x8}, {0x0, 0x4}, {0x7}, {0x0, 0x4}, {0x4, 0xa}, {0x0, 0x2}, {0x3, 0x9}, {0x0, 0x8}, {0x6, 0xa}, {0x2}, {0x3, 0x3}, {0x0, 0x4}, {0x2, 0x2}, {0x4, 0x3}, {0x4, 0x1}, {0x5, 0xa}, {0x5, 0x7}, {0x6, 0x5}, {0x0, 0x9}, {0x4, 0x4}, {0x2, 0x5}]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x6, 0x1, 0x9, 0x2, 0x36, 0x48, 0x1b, 0x18, 0x5, 0x48, 0xc, 0x5, 0x2, 0x12, 0x1a, 0xc, 0x48, 0x60, 0x48, 0x9, 0x48, 0x12, 0x4, 0x9, 0x4, 0x60, 0x16, 0xb, 0x5]}, @NL80211_TXRATE_HT={0x1d, 0x2, [{0x2, 0x7}, {0x0, 0x2}, {0x2, 0x9}, {0x0, 0x7}, {0x5}, {0x3}, {0x1, 0x1}, {0x5, 0x7}, {0x5, 0x4}, {0x4, 0x3}, {0x3, 0x8}, {0x3}, {0x3}, {0x1, 0x5}, {0x3, 0x2}, {0x4, 0x8}, {0x6, 0x7}, {0x0, 0x3}, {0x2, 0x4}, {0x0, 0x4}, {0x6}, {}, {0x7}, {0x0, 0x4}, {0x1, 0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0xffff, 0x80, 0x3ff, 0x3, 0x9, 0xe, 0x2]}}]}]}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xde}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x96}]}]}, @NL80211_ATTR_TID_CONFIG={0xd8, 0x11d, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x3d}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x43}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x6}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xe5a9}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xfffffffffffff000}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0x48, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x54}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}, @NL80211_ATTR_TID_CONFIG={0x198, 0x11d, 0x0, 0x1, [{0x194, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x184, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x9c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x63, 0xeed0, 0x0, 0x2, 0x5, 0x59, 0x2, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x401, 0x7ff, 0x6, 0x401, 0x72c, 0xe19, 0x1]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x0, 0x2}, {0x1, 0x5}, {0x3, 0x1}, {0x2, 0x2}, {0x6, 0x2}, {0x6, 0x9}, {0x1}, {0x3, 0xa}, {0x1, 0x9}, {0x4, 0x2}, {0x4, 0x8}, {0x1, 0x4}, {0x2, 0x3}, {0x7, 0x1}, {0x4, 0x8}, {0x1, 0x2}, {0x1, 0x2}, {0x4, 0x2}, {0x7, 0x1}, {0x2, 0x5}, {0x3, 0x8}, {0x2, 0x1}, {0x3, 0x2}, {0x1, 0x1}, {0x5, 0x6}, {0x4, 0x1}, {0x1, 0x9}, {0x1, 0x9}, {0x1, 0x1}, {0x2, 0x3}, {0x5, 0x6}, {0x0, 0x2}, {0x6, 0xa}, {0x3, 0x9}, {0x5, 0x5}, {0x0, 0x5}, {0x1, 0x7}, {0x0, 0x2}, {0x2, 0x3}, {0x5, 0x9}, {0x7, 0x2}, {0x2, 0x8}, {0x1}, {0x1, 0x1}, {0x0, 0x8}, {}, {0x3, 0x9}, {0x5, 0x4}, {0x1}, {0x3, 0x8}, {0x3, 0x5}, {0x7, 0xa}, {0x5, 0x1}, {0x3, 0x1}, {0x6, 0x2}, {0x6, 0x7}, {0x4, 0x9}, {0x0, 0x9}, {0x7, 0x4}, {0x1, 0x1}, {0x3, 0x7}, {0x1, 0x4}, {0x0, 0x6}, {0x6}, {0x1}, {0x4, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x400, 0x200, 0x9, 0x6, 0x1840, 0xa7d, 0xfff]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0xb, 0x1, [0x30, 0xc, 0x5, 0x3, 0x8, 0x36, 0x36]}]}, @NL80211_BAND_2GHZ={0x7c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x32, 0x2, [{0x0, 0x9}, {0x3, 0x16}, {0x3, 0x5}, {0x5, 0x8}, {0x1, 0x5}, {0x5, 0x8}, {0x4, 0x2}, {0x4, 0x3}, {0x5, 0x9}, {0x6, 0x1}, {0x2, 0x5}, {}, {0x6, 0x1}, {0x7, 0x7}, {0x1, 0x2}, {0x5, 0x4}, {0x5, 0x7}, {0x0, 0xa}, {0x0, 0x4}, {0x7, 0x7}, {0x1, 0x2}, {0x3}, {0x2, 0xa}, {0x5, 0x2}, {0x7, 0x4}, {0x2, 0x2}, {0x6, 0xa}, {0x1, 0x7}, {0x0, 0x3}, {0x1, 0x5}, {0x7, 0xa}, {0x0, 0x7}, {0x5, 0x6}, {0x1, 0x3}, {0x7, 0x3}, {0x5, 0x4}, {0x7, 0x8}, {0x3, 0x6}, {0x6, 0x5}, {0x0, 0x7}, {0x1, 0x3}, {0x2, 0x5}, {0x0, 0x8}, {0x4, 0xa}, {0x2, 0x5}, {0x0, 0xa}]}, @NL80211_TXRATE_LEGACY={0x10, 0x1, [0x18, 0x0, 0x12, 0x6, 0x60, 0x14bd8d37dc4a0a5c, 0x36, 0x24, 0x6, 0x9, 0x30, 0x24]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x1d30, 0x2c85, 0x1ff, 0x200, 0x6, 0xfff9, 0xff4]}}]}, @NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0x5c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x6, 0x7}, {0x3, 0x7}, {0x3, 0xa}, {0x4, 0x8}, {0x7, 0x1}, {0x4, 0x6}, {0x2, 0x4}, {0x1, 0x2}, {0x3, 0x3}, {0x5, 0x4}, {0x2, 0x3}, {0x3, 0x9}, {0x6, 0x9}, {0x1, 0x2}, {0x1, 0x3}, {0x0, 0x2}, {0x4, 0x4}, {0x7, 0x9}, {0x4, 0x6}, {0x7, 0x4}, {0x0, 0x3}, {0x2, 0x6}, {0x1, 0x9}, {0x1, 0x7}, {0x7, 0x9}, {0x1, 0x1}, {0x6, 0x2}, {0x6, 0x2}, {0x1, 0x8}, {0x5, 0xa}, {0x1, 0x2}, {0x3, 0x7}, {0x0, 0x2}, {0x2, 0x4}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}]}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}, @NL80211_ATTR_TID_CONFIG={0x48, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x6}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x34}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x10, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}]}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}]}]}, 0x724}, 0x1, 0x0, 0x0, 0x80}, 0x8090)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000e80b00000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000030900010073797a30000000000900030073797a310000000054000000060a010400000000000000000100000008000b40000000002c0004802800018007000100637400001c0002800800014000000001080002400000000805000300190000000900010073797a30"], 0xc8}, 0x1, 0x0, 0x0, 0x5090}, 0x0)
mount$fuseblk(0x0, 0x0, 0x0, 0x1000, &(0x7f0000000480)=ANY=[@ANYBLOB="2d4151661756e47f8adcf691d8e1e4bdba6046bdf7575c00a3d1f3d471fcbf8fcf4e122684e425279cc0a311aee92ded53fb7ff479c5766b938fde3c9a6ca595e003d34b93103680e23025bb77ee11423b51ecf7d97349cb6abb35ead68344da89c7b156b584653e4b19a01e67c94d62b0183eac1fa1fd5a3236e19cfdeb0b7e1cb05094fedeb3f9a3dfca57b640be8083fcfd892fbee587fbebb94a2b6d58fc860a1ea0fe6272efba47f9282927d9ab8a03377cc09fcb47722172ad91749d422946ffadfe6b1e2cabfd5b"])
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ptrace$peekuser(0x3, r3, 0x1)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
tkill(0x0, 0xb)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r7, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})

4.918637319s ago: executing program 3 (id=867):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf40457"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48800}, 0x10)
r3 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
close(r3)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00')
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=<r6=>r5, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r6, 0x24, 0x0, 0xffff, &(0x7f0000000000)=[0x0], 0x40e8, 0x0, 0x0, 0x0, 0x0}, 0x40)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r8, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x3d, 0x0, 0x1, 0x20}, {0x4d}]})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0), 0x40043, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
writev(r9, &(0x7f0000000600)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd6067", 0x14}, {&(0x7f00000001c0)="b700001806005abeef4ba0d5984462732834d1", 0x13}, {&(0x7f0000000100)}, {&(0x7f0000000580)="8c07c00ab5f435ed8959e855a1bcb46d", 0x10}], 0x4)
bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r7, &(0x7f00000005c0)=ANY=[@ANYBLOB="0e00000002"], 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@fallback=r2, 0x2f, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100800000000000000066000000", @ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0x4008800}, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x300000b, 0x100010, r1, 0xffffc000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)

4.774467961s ago: executing program 1 (id=868):
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000f80), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='mpol=bind:7'])

4.050710365s ago: executing program 2 (id=869):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00006000000080002000500000014"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)

3.989923831s ago: executing program 1 (id=870):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680))
preadv(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}], 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv(r1, &(0x7f00000001c0), 0x0, 0xe, 0x4)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000280)}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r3, 0x0, 0x0, 0x480e0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108)
close(0x3)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x0, &(0x7f0000000100)})
clock_adjtime(0x0, &(0x7f0000000040)={0xd51, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x201, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xe438, 0x0, 0x3, 0x800000000})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x84042, 0x0)

3.813738476s ago: executing program 2 (id=871):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000004c0)={0x0, 0x0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, 0x0, 0x118)
openat$cgroup_int(r4, &(0x7f0000000000)='cgroup.max.depth\x00', 0x2, 0x0)
r5 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309)
syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, &(0x7f0000000080)=ANY=[])
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="0d01"], 0x0)
syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])
close(0x5)
close(0x4)

3.262334938s ago: executing program 1 (id=872):
ioctl$VIDIOC_G_AUDOUT(0xffffffffffffffff, 0x80345631, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x12)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=<r1=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x39)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r2, &(0x7f0000000300)="cb17", 0x0}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e20, 0x1, @mcast1, 0x7}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000004c00)=""/102392, 0x18ff8)
syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xb)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2fdfffffd}, 0xc)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xfffffffffffffd28}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x2000c010)
close_range(r0, 0xffffffffffffffff, 0x0)
r8 = socket(0x10, 0x80003, 0x0)
write(r8, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)

2.926126538s ago: executing program 3 (id=873):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, 0x0, &(0x7f0000000100))
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r3}, 0xc)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000140)={'dt2814\x00', [0xb02f, 0x401, 0xe2, 0x3, 0x88d7, 0x80000001, 0x1007, 0x1, 0x1002, 0xfffffdff, 0x200, 0x7, 0x10000007, 0x1, 0x5, 0x1ff, 0x8, 0x3, 0x101, 0x8e, 0x10c, 0x4005, 0x2, 0xa, 0x5, 0x1, 0xb0c4, 0xe, 0xff, 0x400002, 0x4000004]})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r5 = accept$alg(r4, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
write$binfmt_script(r5, &(0x7f0000000600), 0xfec8)
recvmmsg(r5, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001cc0)=""/4096, 0x1000}, {&(0x7f0000000240)=""/83, 0x53}], 0x2, 0x0, 0x0, 0x2000000}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)=""/129, 0x81}], 0x1}, 0xfffffeff}], 0x2, 0xe9, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x2)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x5)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r8, &(0x7f0000000300)={0x2, 0x4e21, @loopback}, 0x8)

2.427648487s ago: executing program 1 (id=874):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x401, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
prlimit64(r1, 0xc, &(0x7f0000000180)={0x8, 0x6}, &(0x7f0000000f80))
sendmsg$nl_route_sched(r4, 0x0, 0x880)
connect$inet(0xffffffffffffffff, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000080))
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001000), 0x2, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r7=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000340)={0x15, 0x110, 0xfa00, {r7, 0x0, 0x30, 0x30, 0x0, @in6={0x1b, 0x4000, 0x0, @loopback, 0xbff}, @ib={0x1b, 0x38e, 0x0, {}, 0x0, 0x3ffffffc, 0x8}}}, 0x118)
write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r7, 0x2}}, 0x18)
write$RDMA_USER_CM_CMD_CONNECT(r5, &(0x7f0000001040)={0x6, 0x118, 0xfa00, {{0x7, 0x57f8, "669c45f4ec60bff12e4890888348296a0a1e79424ddda61b15bedab068d4ea1bb7bef7630c4a8e9755efff90f85c12750a5c4382919d84bfb58ed40af09511a3ec419547f797e60d32f10039f2db430d25f4fea3d1e0897c2b3334a3c9f727c945624aea27468fdde417e1e04fa3543c78d48a143d6af22a0c0268d1945a52ed7674e8623452f77b4796af87978f3b3b932f01ec257b2b25b1351d303e2b1abc2ace4b273a65553c1d237f736aaf4e8bf19a7bf47aaeab957c75fe6567b10ddbedb89eb8ef4bd839198b4cc36c21cef7bb472031fd7a7c689e1e80b4855bf525b0cd689f3e6cf9c921da8a855fa8efbf4bbc5c82491fd490489e5b07a288b5d8", 0xfc, 0x8, 0x80, 0x80, 0x21, 0x6, 0x0, 0x1}, r7}}, 0x120)

1.611692714s ago: executing program 5 (id=875):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000004c0)={0x0, 0x0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
close(0x5)
close(0x4) (fail_nth: 1)

1.274002771s ago: executing program 1 (id=876):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc000060000000800020005000000140006"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)

1.270957567s ago: executing program 3 (id=877):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setrlimit(0x0, &(0x7f00000001c0)={0x90, 0x2})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x0, 'queue0\x00', 0x10000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000380))
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x3, 0x3ff})
request_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3\x9f*sgrVen:De', 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0)
read$FUSE(r3, &(0x7f0000001b40)={0x2020}, 0x205c)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

341.808072ms ago: executing program 3 (id=878):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000600)=ANY=[@ANYBLOB="38000000180001000000000000004108000000fc00000900090000060015000200000014001680100008800c00018006000100000100"], 0x38}}, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)}}], 0x1, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @hoplimit={{0x14}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x2, 0x70, 0x0, [@mcast1]}}}], 0x70}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

306.649345ms ago: executing program 1 (id=879):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r7, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x0)
creat(&(0x7f0000000100)='./file1/file0\x00', 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x8d0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newtfilter={0x70, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x8}, {0xfff2}, {0xfff1, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0x44, 0x2, [@TCA_BPF_ACT={0x34, 0x1, [@m_vlan={0x30, 0x9, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}]}}]}, 0x70}}, 0x0)
socket$packet(0x11, 0x3, 0x300)

0s ago: executing program 5 (id=880):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(0x0, r0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0xffffffffffffff01)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000100))
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0)
read$qrtrtun(r3, 0x0, 0xeffd)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000200))
mmap(&(0x7f0000535000/0x3000)=nil, 0x3000, 0x4, 0x20010, 0xffffffffffffffff, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f00000003c0), &(0x7f0000000400)=0x30)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$mice(0xffffffffffffff9c, 0x0, 0x101)
r6 = epoll_create(0xff9)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, 0x0)
sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000001740)=ANY=[@ANYBLOB="02000000", @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdf2509000000"], 0x14}, 0x1, 0x0, 0x0, 0x4008080}, 0x40000)
r7 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000000340)={r7})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_ENABLE(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[], 0x6c}}, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000100))

kernel console output (not intermixed with test programs):

.234513][ T7351]  ? __kmalloc_cache_noprof+0x5f/0x800
[  215.234548][ T7351]  should_failslab+0xc2/0x120
[  215.234576][ T7351]  __kmalloc_cache_noprof+0x80/0x800
[  215.234607][ T7351]  ? xa_load+0x153/0x2c0
[  215.234625][ T7351]  ? cma_alloc_port+0x9a/0x620
[  215.234660][ T7351]  ? cma_alloc_port+0x9a/0x620
[  215.234688][ T7351]  cma_alloc_port+0x9a/0x620
[  215.234721][ T7351]  rdma_bind_addr_dst+0x1a60/0x2d20
[  215.234750][ T7351]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  215.234783][ T7351]  rdma_listen+0x10c/0xdf0
[  215.234807][ T7351]  ? __pfx_rdma_listen+0x10/0x10
[  215.234833][ T7351]  ? __pfx_ucma_get_ctx+0x10/0x10
[  215.234863][ T7351]  ucma_listen+0x173/0x220
[  215.234886][ T7351]  ? __pfx_ucma_listen+0x10/0x10
[  215.234912][ T7351]  ? __pfx_ucma_listen+0x10/0x10
[  215.234933][ T7351]  ucma_write+0x1fb/0x330
[  215.234954][ T7351]  ? __pfx_ucma_write+0x10/0x10
[  215.234973][ T7351]  ? bpf_lsm_file_permission+0x9/0x10
[  215.234994][ T7351]  ? security_file_permission+0x71/0x210
[  215.235017][ T7351]  ? rw_verify_area+0xcf/0x6c0
[  215.235041][ T7351]  ? __pfx_ucma_write+0x10/0x10
[  215.235060][ T7351]  vfs_write+0x2a0/0x11d0
[  215.235091][ T7351]  ? __pfx_vfs_write+0x10/0x10
[  215.235115][ T7351]  ? find_held_lock+0x2b/0x80
[  215.235147][ T7351]  ? __fget_files+0x204/0x3c0
[  215.235179][ T7351]  ? __fget_files+0x20e/0x3c0
[  215.235215][ T7351]  ksys_write+0x1f8/0x250
[  215.235240][ T7351]  ? __pfx_ksys_write+0x10/0x10
[  215.235274][ T7351]  do_syscall_64+0xcd/0xf80
[  215.235306][ T7351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.235327][ T7351] RIP: 0033:0x7fd10c38f749
[  215.235345][ T7351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.235365][ T7351] RSP: 002b:00007fd10d297038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  215.235385][ T7351] RAX: ffffffffffffffda RBX: 00007fd10c5e5fa0 RCX: 00007fd10c38f749
[  215.235399][ T7351] RDX: 0000000000000010 RSI: 0000200000000180 RDI: 0000000000000003
[  215.235412][ T7351] RBP: 00007fd10d297090 R08: 0000000000000000 R09: 0000000000000000
[  215.235425][ T7351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  215.235437][ T7351] R13: 00007fd10c5e6038 R14: 00007fd10c5e5fa0 R15: 00007ffc77022728
[  215.235467][ T7351]  </TASK>
[  216.372689][ T5826] Bluetooth: hci2: unexpected event for opcode 0x2060
[  216.384484][ T7364] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  216.463435][ T7368] FAULT_INJECTION: forcing a failure.
[  216.463435][ T7368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.504271][ T7368] CPU: 0 UID: 0 PID: 7368 Comm: syz.1.372 Not tainted syzkaller #0 PREEMPT(full) 
[  216.504299][ T7368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  216.504310][ T7368] Call Trace:
[  216.504317][ T7368]  <TASK>
[  216.504324][ T7368]  dump_stack_lvl+0x16c/0x1f0
[  216.504357][ T7368]  should_fail_ex+0x512/0x640
[  216.504382][ T7368]  _copy_from_user+0x2e/0xd0
[  216.504403][ T7368]  snd_seq_write+0x3ed/0x6d0
[  216.504440][ T7368]  ? __pfx_snd_seq_write+0x10/0x10
[  216.504470][ T7368]  ? bpf_lsm_file_permission+0x9/0x10
[  216.504490][ T7368]  ? security_file_permission+0x71/0x210
[  216.504510][ T7368]  ? rw_verify_area+0xcf/0x6c0
[  216.504533][ T7368]  ? __pfx_snd_seq_write+0x10/0x10
[  216.504560][ T7368]  vfs_write+0x2a0/0x11d0
[  216.504588][ T7368]  ? __pfx_vfs_write+0x10/0x10
[  216.504609][ T7368]  ? find_held_lock+0x2b/0x80
[  216.504638][ T7368]  ? __fget_files+0x204/0x3c0
[  216.504668][ T7368]  ? __fget_files+0x20e/0x3c0
[  216.504701][ T7368]  ksys_write+0x1f8/0x250
[  216.504729][ T7368]  ? __pfx_ksys_write+0x10/0x10
[  216.504753][ T7368]  ? fput+0x70/0xf0
[  216.504784][ T7368]  do_syscall_64+0xcd/0xf80
[  216.504814][ T7368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.504833][ T7368] RIP: 0033:0x7fd10c38f749
[  216.504848][ T7368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.504865][ T7368] RSP: 002b:00007fd10d297038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  216.504883][ T7368] RAX: ffffffffffffffda RBX: 00007fd10c5e5fa0 RCX: 00007fd10c38f749
[  216.504896][ T7368] RDX: 000000000000ffc8 RSI: 0000200000000000 RDI: 0000000000000003
[  216.504908][ T7368] RBP: 00007fd10d297090 R08: 0000000000000000 R09: 0000000000000000
[  216.504920][ T7368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.504930][ T7368] R13: 00007fd10c5e6038 R14: 00007fd10c5e5fa0 R15: 00007ffc77022728
[  216.504957][ T7368]  </TASK>
[  216.729719][ T7370] netlink: 24 bytes leftover after parsing attributes in process `syz.3.373'.
[  216.757027][ T2217] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  217.342162][ T7378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.376'.
[  217.550605][ T7378] netlink: 'syz.3.376': attribute type 9 has an invalid length.
[  217.724194][ T7378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.376'.
[  217.744147][ T7387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.376'.
[  217.753265][ T7387] netlink: 'syz.3.376': attribute type 9 has an invalid length.
[  217.834511][ T7387] netlink: 8 bytes leftover after parsing attributes in process `syz.3.376'.
[  218.276791][ T7378] netlink: 12 bytes leftover after parsing attributes in process `syz.3.376'.
[  219.250838][ T7402] overlayfs: missing 'lowerdir'
[  219.424564][ T7405] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  220.801174][   T30] audit: type=1400 audit(1765116051.244:442): avc:  denied  { unmount } for  pid=7420 comm="syz.0.388" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  221.315773][   T30] audit: type=1400 audit(1765116051.664:443): avc:  denied  { bind } for  pid=7427 comm="syz.3.392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  221.465329][ T7433] netlink: 12 bytes leftover after parsing attributes in process `syz.3.392'.
[  222.713800][   T30] audit: type=1400 audit(1765116053.154:444): avc:  denied  { create } for  pid=7409 comm="syz.4.386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  224.117570][   T30] audit: type=1400 audit(1765116054.564:445): avc:  denied  { setopt } for  pid=7456 comm="syz.2.399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  224.204255][ T7457] mkiss: ax0: crc mode is auto.
[  225.094025][ T5834] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  225.218054][ T7466] Invalid source name
[  225.222044][ T7466] UBIFS error (pid: 7466): cannot open "./file0", error -22
[  225.222597][ T7466] fuse: Bad value for 'fd'
[  225.235027][ T5834] usb 2-1: device descriptor read/64, error -71
[  225.703966][ T5834] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  225.880363][ T5834] usb 2-1: device descriptor read/64, error -71
[  226.354845][   T30] audit: type=1400 audit(1765116056.804:446): avc:  denied  { sys_module } for  pid=7474 comm="syz.2.405" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  226.404177][ T5834] usb usb2-port1: attempt power cycle
[  226.566427][ T7484] FAULT_INJECTION: forcing a failure.
[  226.566427][ T7484] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  226.594278][ T7484] CPU: 0 UID: 0 PID: 7484 Comm: syz.4.407 Not tainted syzkaller #0 PREEMPT(full) 
[  226.594309][ T7484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  226.594321][ T7484] Call Trace:
[  226.594328][ T7484]  <TASK>
[  226.594337][ T7484]  dump_stack_lvl+0x16c/0x1f0
[  226.594374][ T7484]  should_fail_ex+0x512/0x640
[  226.594401][ T7484]  _copy_from_user+0x2e/0xd0
[  226.594426][ T7484]  drm_ioctl+0x4fb/0xc30
[  226.594452][ T7484]  ? __pfx_drm_mode_setcrtc+0x10/0x10
[  226.594487][ T7484]  ? __pfx_drm_ioctl+0x10/0x10
[  226.594520][ T7484]  ? selinux_file_ioctl+0x180/0x270
[  226.594553][ T7484]  ? selinux_file_ioctl+0xb4/0x270
[  226.594586][ T7484]  ? __pfx_drm_ioctl+0x10/0x10
[  226.594608][ T7484]  __x64_sys_ioctl+0x18e/0x210
[  226.594635][ T7484]  do_syscall_64+0xcd/0xf80
[  226.594668][ T7484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.594690][ T7484] RIP: 0033:0x7fbe0f38f749
[  226.594707][ T7484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.594728][ T7484] RSP: 002b:00007fbe10187038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  226.594748][ T7484] RAX: ffffffffffffffda RBX: 00007fbe0f5e5fa0 RCX: 00007fbe0f38f749
[  226.594763][ T7484] RDX: 0000200000000600 RSI: 00000000c06864a2 RDI: 0000000000000003
[  226.594776][ T7484] RBP: 00007fbe10187090 R08: 0000000000000000 R09: 0000000000000000
[  226.594790][ T7484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.594802][ T7484] R13: 00007fbe0f5e6038 R14: 00007fbe0f5e5fa0 R15: 00007ffeb4c69028
[  226.594832][ T7484]  </TASK>
[  226.850736][ T5834] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  226.937076][ T5834] usb 2-1: device descriptor read/8, error -71
[  227.238889][ T5834] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  227.354431][ T5834] usb 2-1: device descriptor read/8, error -71
[  227.511040][ T5834] usb usb2-port1: unable to enumerate USB device
[  227.902289][   T30] audit: type=1400 audit(1765116058.344:447): avc:  denied  { append } for  pid=7496 comm="syz.4.412" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  228.953885][ T7504] mkiss: ax0: crc mode is auto.
[  229.188089][ T7509] netlink: 12 bytes leftover after parsing attributes in process `syz.3.414'.
[  233.477109][ T7541] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  234.543259][ T7560] overlayfs: missing 'lowerdir'
[  234.819577][   T30] audit: type=1400 audit(1765116065.254:448): avc:  denied  { create } for  pid=7562 comm="syz.4.427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  235.559468][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[  235.643891][ T7573] mmap: syz.3.429 (7573) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  236.020488][ T7579] netlink: 'syz.3.429': attribute type 10 has an invalid length.
[  236.027791][ T7573] bridge_slave_0: left allmulticast mode
[  236.043812][ T7579] netlink: 2 bytes leftover after parsing attributes in process `syz.3.429'.
[  236.637817][ T7573] bridge_slave_0: left promiscuous mode
[  236.647522][ T7573] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.755770][   T30] audit: type=1400 audit(1765116067.204:449): avc:  denied  { write } for  pid=7571 comm="syz.3.429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  236.777349][ T7587] netlink: 16 bytes leftover after parsing attributes in process `syz.3.429'.
[  236.863231][ T7573] bridge_slave_1: left allmulticast mode
[  236.889107][ T7573] bridge_slave_1: left promiscuous mode
[  236.900080][ T7573] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.979783][ T7573] bond0: (slave bond_slave_0): Releasing backup interface
[  236.998834][ T7573] bond0: (slave bond_slave_1): Releasing backup interface
[  237.006248][   T30] audit: type=1400 audit(1765116067.454:450): avc:  denied  { ioctl } for  pid=7592 comm="syz-executor" path="socket:[15998]" dev="sockfs" ino=15998 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  237.036932][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  237.055024][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  237.063098][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  237.065989][ T7573] team0: Port device team_slave_0 removed
[  237.077174][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  237.085550][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  237.113775][   T30] audit: type=1400 audit(1765116067.544:451): avc:  denied  { mounton } for  pid=7592 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  237.142353][ T7573] team0: Port device team_slave_1 removed
[  237.174662][ T7573] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  237.193784][ T7573] batman_adv: batadv0: Removing interface: batadv_slave_0
[  237.221317][ T7573] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  237.228843][ T7573] batman_adv: batadv0: Removing interface: batadv_slave_1
[  237.249898][ T7573] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  237.268038][ T7579] team0: entered promiscuous mode
[  237.273236][ T7579] bridge0: port 1(team0) entered blocking state
[  237.280839][ T7579] bridge0: port 1(team0) entered disabled state
[  237.291182][ T7579] team0: entered allmulticast mode
[  237.303733][ T7579] bridge0: port 1(team0) entered blocking state
[  237.310054][ T7579] bridge0: port 1(team0) entered forwarding state
[  237.333610][ T1298] bridge0: port 1(team0) entered disabled state
[  238.652428][ T4577] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.777771][   T30] audit: type=1400 audit(1765116069.214:452): avc:  denied  { write } for  pid=7612 comm="syz.2.437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  239.001925][   T30] audit: type=1400 audit(1765116069.224:453): avc:  denied  { read } for  pid=7612 comm="syz.2.437" path="socket:[16733]" dev="sockfs" ino=16733 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  239.073624][ T4577] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.154821][ T5826] Bluetooth: hci5: command tx timeout
[  239.286661][   T30] audit: type=1400 audit(1765116069.724:454): avc:  denied  { kexec_image_load } for  pid=7612 comm="syz.2.437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  239.426945][ T4577] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.697160][ T4577] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.316100][ T7592] chnl_net:caif_netlink_parms(): no params data found
[  240.838487][   T30] audit: type=1400 audit(1765116071.284:455): avc:  denied  { read open } for  pid=7643 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  240.879922][ T4577] bridge_slave_1: left allmulticast mode
[  240.885058][   T30] audit: type=1400 audit(1765116071.284:456): avc:  denied  { getattr } for  pid=7643 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  240.911422][ T4577] bridge_slave_1: left promiscuous mode
[  240.938700][ T4577] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.017551][ T4577] bridge_slave_0: left allmulticast mode
[  241.052628][ T4577] bridge_slave_0: left promiscuous mode
[  241.074415][ T4577] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.233742][ T5826] Bluetooth: hci5: command tx timeout
[  241.300647][   T30] audit: type=1400 audit(1765116071.734:457): avc:  denied  { add_name } for  pid=7642 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  241.364629][   T30] audit: type=1400 audit(1765116071.774:458): avc:  denied  { create } for  pid=7642 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  241.457197][   T30] audit: type=1400 audit(1765116071.774:459): avc:  denied  { write } for  pid=7642 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=3285 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  241.500203][ T5834] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  241.544198][   T30] audit: type=1400 audit(1765116071.774:460): avc:  denied  { append } for  pid=7642 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" dev="tmpfs" ino=3285 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  241.740995][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.750009][   T30] audit: type=1400 audit(1765116072.014:461): avc:  denied  { remove_name } for  pid=7659 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=3285 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  241.753164][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  241.852078][ T5834] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  241.865223][ T5834] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  241.918617][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.927011][   T30] audit: type=1400 audit(1765116072.014:462): avc:  denied  { unlink } for  pid=7659 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=3285 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  241.952120][ T5834] usb 2-1: config 0 descriptor??
[  242.324650][ T4577] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  242.338052][ T4577] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  242.363641][ T4577] bond0 (unregistering): Released all slaves
[  242.374460][ T5834] usbhid 2-1:0.0: can't add hid device: -71
[  242.381976][ T5834] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  242.402259][ T5834] usb 2-1: USB disconnect, device number 9
[  243.112490][ T7592] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.129666][ T7592] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.137230][ T7671] Invalid source name
[  243.141217][ T7671] UBIFS error (pid: 7671): cannot open "./file0", error -22
[  243.142279][ T7671] fuse: Bad value for 'fd'
[  243.159801][ T7592] bridge_slave_0: entered allmulticast mode
[  243.175406][ T7592] bridge_slave_0: entered promiscuous mode
[  243.313945][ T5826] Bluetooth: hci5: command tx timeout
[  243.336694][ T7592] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.355319][ T7592] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.394037][ T7592] bridge_slave_1: entered allmulticast mode
[  243.436106][ T7592] bridge_slave_1: entered promiscuous mode
[  243.589378][   T30] audit: type=1400 audit(1765116074.034:463): avc:  denied  { getopt } for  pid=7686 comm="syz.2.449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  243.722524][ T4577] hsr_slave_0: left promiscuous mode
[  243.734197][ T7685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.450'.
[  243.743509][ T4577] hsr_slave_1: left promiscuous mode
[  243.752950][ T4577] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  243.760948][ T4577] batman_adv: batadv0: Removing interface: batadv_slave_0
[  243.783764][ T4577] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  243.794076][ T4577] batman_adv: batadv0: Removing interface: batadv_slave_1
[  243.823514][   T30] audit: type=1400 audit(1765116074.264:464): avc:  denied  { write } for  pid=7684 comm="syz.4.450" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  243.879285][ T7701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.452'.
[  243.925317][ T4577] batadv_slave_1: left promiscuous mode
[  243.944222][ T4577] veth1_macvtap: left promiscuous mode
[  244.026447][ T4577] veth0_macvtap: left promiscuous mode
[  244.032080][ T4577] veth1_vlan: left promiscuous mode
[  244.039135][ T4577] veth0_vlan: left promiscuous mode
[  245.294176][ T7720] Invalid source name
[  245.298265][ T7720] UBIFS error (pid: 7720): cannot open "./file0", error -22
[  245.303883][ T7720] fuse: Bad value for 'fd'
[  245.513761][ T5826] Bluetooth: hci5: command tx timeout
[  246.063723][ T5834] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  246.248310][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  246.262825][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  246.283317][ T5834] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  246.308766][ T5834] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  246.331018][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.360013][ T5834] usb 2-1: config 0 descriptor??
[  246.566069][ T4577] team0 (unregistering): Port device team_slave_1 removed
[  246.621520][ T4577] team0 (unregistering): Port device team_slave_0 removed
[  246.789244][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  246.806776][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  246.825776][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  246.845743][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  246.853308][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  246.906054][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  246.925383][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  246.947087][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  246.965832][ T5834] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  247.010856][ T5834] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  247.058969][ T5834] usb 2-1: USB disconnect, device number 10
[  247.163184][ T7736] fido_id[7736]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  247.371139][ T7592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  247.431477][ T7592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.625658][ T7592] team0: Port device team_slave_0 added
[  247.681165][ T7592] team0: Port device team_slave_1 added
[  247.702905][ T7746] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.460'.
[  248.034786][ T5834] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  248.184277][ T7592] batman_adv: batadv0: Adding interface: batadv_slave_0
[  248.198032][ T7592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  248.233095][ T7592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  248.246511][ T7592] batman_adv: batadv0: Adding interface: batadv_slave_1
[  248.253468][ T7592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  248.291296][ T7592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.309744][ T4577] IPVS: stop unused estimator thread 0...
[  248.340504][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.366728][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.377157][ T5834] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  248.390243][ T5834] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  248.399359][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.431991][ T5834] usb 2-1: config 0 descriptor??
[  249.006145][ T7592] hsr_slave_0: entered promiscuous mode
[  249.012811][ T7592] hsr_slave_1: entered promiscuous mode
[  249.019233][ T7592] debugfs: 'hsr0' already exists in 'hsr'
[  249.025024][ T7592] Cannot create hsr debugfs directory
[  249.164549][ T7765] netlink: 12 bytes leftover after parsing attributes in process `syz.4.463'.
[  250.016563][ T7773] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  250.016787][ T5834] usbhid 2-1:0.0: can't add hid device: -71
[  250.037220][ T5834] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  250.095667][ T5834] usb 2-1: USB disconnect, device number 11
[  250.611999][ T7779] Invalid source name
[  250.616039][ T7779] UBIFS error (pid: 7779): cannot open "./file0", error -22
[  250.620800][ T7779] fuse: Bad value for 'fd'
[  250.933059][ T7790] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  250.939530][ T7790] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  250.949176][ T7790] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  250.982497][ T7592] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  251.002478][ T7592] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  251.013137][ T7790] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  251.024598][ T7592] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  251.039688][ T7592] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  251.335057][ T7800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.470'.
[  251.830360][ T7592] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.844434][ T7592] 8021q: adding VLAN 0 to HW filter on device team0
[  251.911923][  T400] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.919146][  T400] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.977901][  T400] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.985079][  T400] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.985954][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout
[  252.996530][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  253.304584][ T7841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.475'.
[  253.353285][ T7840] netlink: 8 bytes leftover after parsing attributes in process `syz.2.476'.
[  253.428816][ T7592] 8021q: adding VLAN 0 to HW filter on device batadv0
[  253.733078][ T7849] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  253.952970][ T7852] Invalid source name
[  253.956999][ T7852] UBIFS error (pid: 7852): cannot open "./file0", error -22
[  253.957626][ T7852] fuse: Bad value for 'fd'
[  254.166224][ T7855] ip6erspan0: entered promiscuous mode
[  254.833943][ T6178] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  254.988453][ T6178] usb 4-1: Using ep0 maxpacket: 8
[  255.019554][ T6178] usb 4-1: config 255 has an invalid interface number: 222 but max is 0
[  255.051690][ T6178] usb 4-1: config 255 has no interface number 0
[  255.074722][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[  255.085057][ T7877] netlink: 16 bytes leftover after parsing attributes in process `syz.2.484'.
[  255.098098][ T6178] usb 4-1: config 255 interface 222 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  255.125371][ T6178] usb 4-1: config 255 interface 222 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  255.148607][ T7592] veth0_vlan: entered promiscuous mode
[  255.190728][ T7592] veth1_vlan: entered promiscuous mode
[  255.193778][ T6178] usb 4-1: config 255 interface 222 altsetting 0 has an endpoint descriptor with address 0x16, changing to 0x6
[  255.271310][ T7592] veth0_macvtap: entered promiscuous mode
[  255.289651][ T7592] veth1_macvtap: entered promiscuous mode
[  255.304835][ T6178] usb 4-1: config 255 interface 222 altsetting 0 endpoint 0x1 has an invalid bInterval 48, changing to 7
[  255.323133][ T6178] usb 4-1: New USB device found, idVendor=04f1, idProduct=3008, bcdDevice=4c.f3
[  255.335431][ T6178] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.344655][ T6178] usb 4-1: Product: syz
[  255.350661][ T6178] usb 4-1: Manufacturer: syz
[  255.359414][ T6178] usb 4-1: SerialNumber: syz
[  255.383144][ T7592] batman_adv: batadv0: Interface activated: batadv_slave_0
[  255.403321][ T6178] asix 4-1:255.222: probe with driver asix failed with error -22
[  255.434367][ T5834] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  255.451526][ T7592] batman_adv: batadv0: Interface activated: batadv_slave_1
[  255.476331][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  255.482831][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  255.498317][  T400] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.535170][  T400] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.552610][  T400] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.563038][  T400] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  255.583771][ T5834] usb 3-1: device descriptor read/64, error -71
[  255.607941][ T6178] usb 4-1: USB disconnect, device number 13
[  255.821700][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.829667][ T5834] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  255.839033][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.935654][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.946227][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.959040][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  255.959054][   T30] audit: type=1400 audit(1765116086.404:468): avc:  denied  { mounton } for  pid=7592 comm="syz-executor" path="/root/syzkaller.fCYShw/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  255.990743][ T5834] usb 3-1: device descriptor read/64, error -71
[  255.998741][   T30] audit: type=1400 audit(1765116086.444:469): avc:  denied  { mount } for  pid=7592 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  256.021391][   T30] audit: type=1400 audit(1765116086.444:470): avc:  denied  { mounton } for  pid=7592 comm="syz-executor" path="/root/syzkaller.fCYShw/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  256.054466][   T30] audit: type=1400 audit(1765116086.444:471): avc:  denied  { mounton } for  pid=7592 comm="syz-executor" path="/root/syzkaller.fCYShw/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=19557 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  256.105896][ T5834] usb usb3-port1: attempt power cycle
[  256.150541][   T30] audit: type=1400 audit(1765116086.594:472): avc:  denied  { mounton } for  pid=7592 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  256.298871][   T30] audit: type=1400 audit(1765116086.594:473): avc:  denied  { mount } for  pid=7592 comm="syz-executor" name="/" dev="gadgetfs" ino=8406 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  256.453822][ T5834] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  256.674214][ T5881] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  256.753490][ T5834] usb 3-1: device descriptor read/8, error -71
[  257.028285][   T30] audit: type=1400 audit(1765116086.594:474): avc:  denied  { mount } for  pid=7592 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  257.079349][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.096587][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.126791][   T30] audit: type=1400 audit(1765116086.594:475): avc:  denied  { mounton } for  pid=7592 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  257.162623][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  257.183792][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[  257.183788][ T5881] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  257.183821][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.283417][ T5881] usb 4-1: config 0 descriptor??
[  257.305582][ T5834] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  257.324838][ T5834] usb 3-1: device descriptor read/8, error -71
[  257.373100][ T7904] netlink: 'syz.4.489': attribute type 10 has an invalid length.
[  257.383443][ T7904] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.390833][ T7904] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.413262][ T7904] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.420379][ T7904] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.427932][ T7904] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.435018][ T7904] bridge0: port 1(bridge_slave_0) entered forwarding state
[  257.442850][ T5834] usb usb3-port1: unable to enumerate USB device
[  257.615698][ T7908] Invalid source name
[  257.620208][ T7908] UBIFS error (pid: 7908): cannot open "./file0", error -22
[  257.774417][ T7907] fuse: Bad value for 'fd'
[  257.783384][ T7904] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  257.875301][ T7904] netlink: 4 bytes leftover after parsing attributes in process `syz.4.489'.
[  257.920111][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  257.937597][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  257.945182][   T30] audit: type=1326 audit(1765116088.384:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7902 comm="syz.4.489" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe0f38f749 code=0x0
[  257.970449][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  257.979382][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  257.987444][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  257.996238][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  258.004547][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  258.012413][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  258.020850][ T5881] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  258.171284][ T5881] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  258.234687][ T7913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.492'.
[  258.243767][ T5881] usb 4-1: USB disconnect, device number 14
[  258.268406][ T7913] netlink: 'syz.2.492': attribute type 9 has an invalid length.
[  258.440593][ T7917] netlink: 8 bytes leftover after parsing attributes in process `syz.2.492'.
[  258.874753][ T7913] netlink: 16 bytes leftover after parsing attributes in process `syz.2.492'.
[  258.902618][ T7913] netlink: 12 bytes leftover after parsing attributes in process `syz.2.492'.
[  258.965798][ T7917] netlink: 'syz.2.492': attribute type 9 has an invalid length.
[  258.987585][ T7917] netlink: 16 bytes leftover after parsing attributes in process `syz.2.492'.
[  260.164735][ T7920] fido_id[7920]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  261.094019][ T6178] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  261.315566][ T6178] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  261.415036][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.569302][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.626817][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  261.642224][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.666171][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.679391][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  261.698040][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.707849][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.719007][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  261.730175][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.739792][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.824819][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  261.832929][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.845759][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.874216][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  261.895845][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.916974][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  261.929565][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  261.970810][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  261.993774][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  262.212259][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  262.224753][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  262.243714][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  262.371597][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  262.394282][ T6178] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  262.437030][ T6178] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  262.954034][   T89] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  263.031136][ T6178] usb 4-1: Product: syz
[  263.035469][ T6178] usb 4-1: Manufacturer: syz
[  263.040125][ T6178] usb 4-1: SerialNumber: syz
[  263.051046][ T6178] usb 4-1: config 0 descriptor??
[  263.071292][ T6178] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  263.148307][   T89] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  263.268269][ T5881] usb 4-1: USB disconnect, device number 15
[  263.276207][ T5881] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  263.341500][   T89] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  263.358353][   T89] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.674199][ T7960] netlink: 296 bytes leftover after parsing attributes in process `syz.3.504'.
[  263.734705][   T30] audit: type=1400 audit(1765116607.181:477): avc:  denied  { recv } for  pid=7885 comm="syz.1.486" saddr=10.128.0.169 src=30006 daddr=10.128.1.35 dest=41130 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  263.764765][   T89] usb 3-1: config 0 descriptor??
[  263.798786][ T7965] netlink: 4 bytes leftover after parsing attributes in process `syz.3.505'.
[  263.815231][   T30] audit: type=1400 audit(1765116607.241:478): avc:  denied  { write } for  pid=7964 comm="syz.3.505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  264.660762][   T89] lenovo 0003:17EF:6047.0005: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[  265.068624][   T89] lenovo 0003:17EF:6047.0005: Failed to switch middle button: -71
[  265.077572][   T30] audit: type=1400 audit(1765117121.526:479): avc:  denied  { egress } for  pid=15 comm="ksoftirqd/0" saddr=fe80::1b daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  265.079180][   T89] lenovo 0003:17EF:6047.0005: Fn-lock setting failed: -71
[  265.127250][   T89] lenovo 0003:17EF:6047.0005: Sensitivity setting failed: -71
[  265.623106][   T89] usb 3-1: USB disconnect, device number 8
[  265.873743][   T30] audit: type=1400 audit(1765117121.526:480): avc:  denied  { sendto } for  pid=15 comm="ksoftirqd/0" saddr=fe80::1b daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  266.549385][ T8001] mkiss: ax0: crc mode is auto.
[  266.825106][ T8009] Invalid source name
[  266.829211][ T8009] UBIFS error (pid: 8009): cannot open "./file0", error -22
[  266.836316][ T8009] fuse: Bad value for 'fd'
[  267.354766][ T8002] mkiss: ax0: crc mode is auto.
[  268.084241][   T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  268.336563][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.367808][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.400521][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  268.463761][   T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  268.477411][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.501272][ T8026] FAULT_INJECTION: forcing a failure.
[  268.501272][ T8026] name failslab, interval 1, probability 0, space 0, times 0
[  268.529247][   T24] usb 3-1: config 0 descriptor??
[  268.568060][ T8026] CPU: 1 UID: 0 PID: 8026 Comm: syz.1.520 Not tainted syzkaller #0 PREEMPT(full) 
[  268.568098][ T8026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  268.568111][ T8026] Call Trace:
[  268.568117][ T8026]  <TASK>
[  268.568125][ T8026]  dump_stack_lvl+0x16c/0x1f0
[  268.568160][ T8026]  should_fail_ex+0x512/0x640
[  268.568182][ T8026]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[  268.568221][ T8026]  should_failslab+0xc2/0x120
[  268.568248][ T8026]  kmem_cache_alloc_node_noprof+0x86/0x800
[  268.568268][ T8026]  ? __alloc_skb+0x156/0x410
[  268.568296][ T8026]  ? __alloc_skb+0x156/0x410
[  268.568315][ T8026]  __alloc_skb+0x156/0x410
[  268.568335][ T8026]  ? __alloc_skb+0x35d/0x410
[  268.568356][ T8026]  ? __pfx___alloc_skb+0x10/0x10
[  268.568378][ T8026]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  268.568408][ T8026]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  268.568455][ T8026]  netlink_alloc_large_skb+0x69/0x140
[  268.568486][ T8026]  netlink_sendmsg+0x698/0xdd0
[  268.568520][ T8026]  ? __pfx_netlink_sendmsg+0x10/0x10
[  268.568560][ T8026]  ____sys_sendmsg+0xa5d/0xc30
[  268.568589][ T8026]  ? copy_msghdr_from_user+0x10a/0x160
[  268.568613][ T8026]  ? __pfx_____sys_sendmsg+0x10/0x10
[  268.568655][ T8026]  ___sys_sendmsg+0x134/0x1d0
[  268.568682][ T8026]  ? __pfx____sys_sendmsg+0x10/0x10
[  268.568740][ T8026]  __sys_sendmsg+0x16d/0x220
[  268.568767][ T8026]  ? __pfx___sys_sendmsg+0x10/0x10
[  268.568812][ T8026]  do_syscall_64+0xcd/0xf80
[  268.568844][ T8026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.568864][ T8026] RIP: 0033:0x7fd10c38f749
[  268.568881][ T8026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.568900][ T8026] RSP: 002b:00007fd10d297038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  268.568920][ T8026] RAX: ffffffffffffffda RBX: 00007fd10c5e5fa0 RCX: 00007fd10c38f749
[  268.568933][ T8026] RDX: 0000000024000840 RSI: 0000200000009b40 RDI: 0000000000000003
[  268.568944][ T8026] RBP: 00007fd10d297090 R08: 0000000000000000 R09: 0000000000000000
[  268.568956][ T8026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.568967][ T8026] R13: 00007fd10c5e6038 R14: 00007fd10c5e5fa0 R15: 00007ffc77022728
[  268.568995][ T8026]  </TASK>
[  269.183404][   T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  269.215935][   T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  269.229649][   T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  269.253814][   T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  269.261251][   T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  269.318030][   T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  269.333778][   T24] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  269.373383][   T24] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  269.444042][   T24] usb 3-1: USB disconnect, device number 9
[  272.044437][ T8067] Invalid source name
[  272.048489][ T8067] UBIFS error (pid: 8067): cannot open "./file0", error -22
[  272.057827][ T8067] fuse: Bad value for 'fd'
[  273.150391][   T30] audit: type=1400 audit(1765117129.596:481): avc:  denied  { mount } for  pid=8077 comm="syz.4.530" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  273.212713][ T8081] block device autoloading is deprecated and will be removed.
[  273.569461][ T8089] mkiss: ax0: crc mode is auto.
[  273.745213][ T8091] program syz.4.530 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  274.061931][   T30] audit: type=1400 audit(1765117130.256:482): avc:  denied  { ioctl } for  pid=8077 comm="syz.4.530" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x89f3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  274.244565][   T30] audit: type=1400 audit(1765117130.696:483): avc:  denied  { connect } for  pid=8092 comm="syz.1.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  275.111012][ T8105] overlayfs: missing 'lowerdir'
[  276.783908][ T6178] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  277.324752][ T6178] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  277.364224][ T6178] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.403973][ T6178] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.539285][ T6178] usb 5-1: config 0 interface 0 has no altsetting 0
[  277.951242][ T6178] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.960397][ T6178] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.973441][ T6178] usb 5-1: config 0 interface 0 has no altsetting 0
[  277.981329][ T6178] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.991650][ T6178] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  278.002675][ T6178] usb 5-1: config 0 interface 0 has no altsetting 0
[  278.010546][ T6178] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  278.022015][ T6178] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  278.033062][ T6178] usb 5-1: config 0 interface 0 has no altsetting 0
[  278.071127][ T6178] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  278.123855][ T8143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.545'.
[  278.271796][ T6178] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  278.283256][ T6178] usb 5-1: config 0 interface 0 has no altsetting 0
[  278.294424][ T6178] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  278.303319][ T6178] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  278.336366][ T6178] usb 5-1: config 0 interface 0 has no altsetting 0
[  278.353483][ T6178] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  278.470073][   T30] audit: type=1400 audit(1765117134.896:484): avc:  denied  { getopt } for  pid=8140 comm="syz.3.544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  278.717030][ T6178] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  279.036476][ T8156] netlink: 4 bytes leftover after parsing attributes in process `syz.2.547'.
[  279.103969][ T6178] usb 5-1: config 0 interface 0 has no altsetting 0
[  279.111868][ T6178] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  279.133726][ T6178] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  279.148824][ T6178] usb 5-1: config 0 interface 0 has no altsetting 0
[  279.171569][ T6178] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  279.662671][ T6178] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  279.696982][ T6178] usb 5-1: Product: syz
[  279.711577][ T6178] usb 5-1: Manufacturer: syz
[  279.736825][ T6178] usb 5-1: SerialNumber: syz
[  279.969914][ T6178] usb 5-1: config 0 descriptor??
[  279.975058][ T7901] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  280.025065][ T6178] usb 5-1: can't set config #0, error -71
[  280.439561][ T6178] usb 5-1: USB disconnect, device number 4
[  280.562421][ T7901] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  280.611961][ T7901] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  280.621197][ T7901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.028405][ T7901] usb 2-1: Product: syz
[  281.093925][ T7901] usb 2-1: Manufacturer: syz
[  281.187258][ T8180] overlayfs: missing 'lowerdir'
[  281.205473][ T7901] usb 2-1: SerialNumber: syz
[  281.238344][ T7901] usb 2-1: config 0 descriptor??
[  281.390979][ T7901] usb 2-1: USB disconnect, device number 12
[  282.384067][ T7901] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  282.538518][ T8206] FAULT_INJECTION: forcing a failure.
[  282.538518][ T8206] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  282.576358][ T8206] CPU: 0 UID: 0 PID: 8206 Comm: syz.2.557 Not tainted syzkaller #0 PREEMPT(full) 
[  282.576385][ T8206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  282.576396][ T8206] Call Trace:
[  282.576403][ T8206]  <TASK>
[  282.576412][ T8206]  dump_stack_lvl+0x16c/0x1f0
[  282.576447][ T8206]  should_fail_ex+0x512/0x640
[  282.576472][ T8206]  _copy_to_user+0x32/0xd0
[  282.576496][ T8206]  simple_read_from_buffer+0xcb/0x170
[  282.576522][ T8206]  proc_fail_nth_read+0x197/0x240
[  282.576543][ T8206]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  282.576566][ T8206]  ? rw_verify_area+0xcf/0x6c0
[  282.576587][ T8206]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  282.576609][ T8206]  vfs_read+0x1e4/0xcf0
[  282.576635][ T8206]  ? __pfx___mutex_lock+0x10/0x10
[  282.576669][ T8206]  ? __pfx_vfs_read+0x10/0x10
[  282.576702][ T8206]  ? __fget_files+0x20e/0x3c0
[  282.576739][ T8206]  ksys_read+0x12a/0x250
[  282.576761][ T8206]  ? __pfx_ksys_read+0x10/0x10
[  282.576786][ T8206]  ? fput+0x70/0xf0
[  282.576817][ T8206]  do_syscall_64+0xcd/0xf80
[  282.576855][ T8206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.576875][ T8206] RIP: 0033:0x7fda7438e15c
[  282.576891][ T8206] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  282.576908][ T8206] RSP: 002b:00007fda75207030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  282.576927][ T8206] RAX: ffffffffffffffda RBX: 00007fda745e5fa0 RCX: 00007fda7438e15c
[  282.576940][ T8206] RDX: 000000000000000f RSI: 00007fda752070a0 RDI: 0000000000000005
[  282.576951][ T8206] RBP: 00007fda75207090 R08: 0000000000000000 R09: 0000000000000000
[  282.576962][ T8206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.576973][ T8206] R13: 00007fda745e6038 R14: 00007fda745e5fa0 R15: 00007ffe01bbc658
[  282.576999][ T8206]  </TASK>
[  282.803728][ T7901] usb 2-1: Using ep0 maxpacket: 16
[  282.866860][ T7901] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  282.887055][ T7901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  282.899863][ T7901] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  282.908920][ T7901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.916914][ T7901] usb 2-1: Product: syz
[  282.921055][ T7901] usb 2-1: Manufacturer: syz
[  282.925675][ T7901] usb 2-1: SerialNumber: syz
[  282.931800][ T7901] usb 2-1: config 0 descriptor??
[  282.946657][ T7901] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  282.957058][ T7901] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  283.827787][ T7901] em28xx 2-1:0.0: unknown em28xx chip ID (82)
[  284.020568][ T7901] em28xx 2-1:0.0: Config register raw data: 0x52
[  284.047451][ T6178] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  284.221287][ T7901] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  284.228794][ T6178] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  284.239932][ T7901] em28xx 2-1:0.0: No AC97 audio processor
[  284.251213][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  284.267159][ T7901] usb 2-1: USB disconnect, device number 13
[  284.283295][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  284.299437][ T7901] em28xx 2-1:0.0: Disconnecting em28xx
[  284.316777][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  284.328036][ T7901] em28xx 2-1:0.0: Freeing device
[  284.333747][   T55] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  284.346188][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  284.363131][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  284.389655][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  284.401866][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  284.460920][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  284.496569][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  284.512394][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  284.515964][   T55] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  284.532753][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  284.545778][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  284.553604][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  284.566939][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  284.583740][   T55] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.613178][   T55] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  284.630738][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  284.639429][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  284.649193][ T8228] netlink: 4 bytes leftover after parsing attributes in process `syz.5.561'.
[  284.659295][   T55] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  284.666204][ T8228] batadv_slave_1: entered promiscuous mode
[  284.669161][   T55] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.676411][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  284.700697][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  284.719487][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  284.832744][   T55] usb 3-1: config 0 descriptor??
[  284.845146][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  285.032768][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  285.044046][ T6178] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  285.053634][ T6178] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  285.070902][ T6178] usb 4-1: config 0 interface 0 has no altsetting 0
[  285.223679][ T6178] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  285.241139][ T6178] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  285.261118][ T6178] usb 4-1: Product: syz
[  285.271906][ T6178] usb 4-1: Manufacturer: syz
[  285.279534][ T6178] usb 4-1: SerialNumber: syz
[  285.302284][ T6178] usb 4-1: config 0 descriptor??
[  285.317112][ T6178] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  285.537062][   T24] usb 4-1: USB disconnect, device number 16
[  285.679418][ T8244] mkiss: ax0: crc mode is auto.
[  285.707190][   T55] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  285.727043][   T24] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  285.764620][   T55] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  285.778587][   T55] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  285.787788][   T55] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  285.796512][   T55] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  285.807585][ T8236] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  285.831191][ T8236] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  285.838028][   T55] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  285.872908][   T55] usb 3-1: USB disconnect, device number 10
[  285.941338][ T8247] fido_id[8247]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  287.894312][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[  287.898270][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  287.954184][ T8278] mkiss: ax0: crc mode is auto.
[  289.200380][ T8289] netlink: 12 bytes leftover after parsing attributes in process `syz.3.577'.
[  290.460562][ T8290] mkiss: ax0: crc mode is auto.
[  290.509322][ T8292] netlink: 24 bytes leftover after parsing attributes in process `syz.2.578'.
[  290.897582][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  291.493361][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.516295][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  291.577996][ T6178] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  291.653777][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  291.695442][   T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  291.717227][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.990052][ T8316] mkiss: ax0: crc mode is auto.
[  292.051554][ T6178] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  292.051935][   T24] usb 6-1: config 0 descriptor??
[  292.149174][ T6178] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  292.184055][ T6178] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  292.215969][ T6178] usb 2-1: config 0 interface 0 has no altsetting 0
[  292.246893][ T6178] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  292.277652][ T6178] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  292.488363][ T8303] netlink: 12 bytes leftover after parsing attributes in process `syz.4.581'.
[  292.883692][ T6178] usb 2-1: config 0 interface 0 has no altsetting 0
[  292.886252][   T24] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  292.899651][ T6178] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  292.935191][   T24] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  292.944105][ T6178] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  292.973027][ T6178] usb 2-1: config 0 interface 0 has no altsetting 0
[  292.973326][   T24] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  292.984845][ T6178] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  293.019193][ T6178] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  293.019204][   T24] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  293.019232][ T6178] usb 2-1: config 0 interface 0 has no altsetting 0
[  293.104392][ T6178] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  293.113311][ T6178] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  293.113753][   T24] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  293.151867][ T6178] usb 2-1: config 0 interface 0 has no altsetting 0
[  293.161188][   T24] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  293.170224][ T6178] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  293.225144][ T6178] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  293.234125][   T24] usb 6-1: USB disconnect, device number 2
[  293.283793][ T6178] usb 2-1: config 0 interface 0 has no altsetting 0
[  293.323434][ T6178] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  293.365293][ T6178] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  293.379643][ T6178] usb 2-1: config 0 interface 0 has no altsetting 0
[  293.390501][ T6178] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  293.401849][ T6178] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  293.410822][ T8323] fido_id[8323]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  293.427319][ T6178] usb 2-1: config 0 interface 0 has no altsetting 0
[  293.468349][ T6178] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  293.478470][ T6178] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  293.487090][ T6178] usb 2-1: Product: syz
[  293.491342][ T6178] usb 2-1: Manufacturer: syz
[  293.498781][ T6178] usb 2-1: SerialNumber: syz
[  293.521095][ T6178] usb 2-1: config 0 descriptor??
[  293.643883][ T6178] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  294.174539][ T6178] usb 2-1: USB disconnect, device number 14
[  294.189983][ T6178] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  294.470065][   T30] audit: type=1400 audit(1765117150.916:485): avc:  denied  { read } for  pid=8341 comm="syz.4.593" path="socket:[21178]" dev="sockfs" ino=21178 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  294.612510][ T8347] netlink: 4 bytes leftover after parsing attributes in process `syz.3.594'.
[  294.696661][ T8343] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  294.711553][ T8343] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  295.612074][ T8365] netlink: 12 bytes leftover after parsing attributes in process `syz.4.598'.
[  296.535829][ T8370] mkiss: ax0: crc mode is auto.
[  296.673748][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  296.763808][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  296.871442][ T8372] Invalid source name
[  296.875926][ T8372] UBIFS error (pid: 8372): cannot open "./file0", error -22
[  296.882828][ T8372] fuse: Bad value for 'fd'
[  297.246357][ T6055] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  297.410740][ T6055] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  297.435407][ T6055] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  297.464450][ T6055] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  297.492607][ T6055] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  297.625751][ T6055] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.649894][ T6055] usb 5-1: config 0 descriptor??
[  297.818058][ T8392] netlink: 16 bytes leftover after parsing attributes in process `syz.1.606'.
[  298.228789][ T8391] netlink: 4 bytes leftover after parsing attributes in process `syz.5.607'.
[  298.430048][ T6055] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  298.461780][ T6055] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  298.491735][ T6055] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  298.636359][ T6055] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  298.648377][ T6055] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  298.772966][ T8408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.608'.
[  299.167150][ T6055] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  299.213172][ T6055] usb 5-1: USB disconnect, device number 5
[  299.405613][ T8413] fido_id[8413]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  302.755468][ T8452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.621'.
[  303.053784][   T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  303.281737][   T30] audit: type=1400 audit(1765117159.726:486): avc:  denied  { write } for  pid=8468 comm="syz.2.626" name="mouse0" dev="devtmpfs" ino=923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  303.340411][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.421587][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.433323][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  303.447772][   T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  303.457984][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.460391][ T8460] overlayfs: missing 'lowerdir'
[  303.489517][   T24] usb 2-1: config 0 descriptor??
[  303.513930][ T6055] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  303.665820][ T6055] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  304.103053][ T6055] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  304.121193][ T6055] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  304.134350][ T6055] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  304.148809][ T6055] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.186837][ T6055] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  304.196352][ T6055] usb 3-1: invalid MIDI out EP 0
[  304.286125][   T24] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  304.293554][   T24] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  304.326375][   T24] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  304.335931][   T24] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  304.344049][   T24] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  304.396814][   T24] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  304.417700][ T6101] Bluetooth: hci4: Frame reassembly failed (-84)
[  304.433159][ T6055] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  304.490853][ T6101] Bluetooth: hci4: Frame reassembly failed (-84)
[  304.506936][ T5874] usb 2-1: USB disconnect, device number 15
[  305.934072][ T8493] netlink: 12 bytes leftover after parsing attributes in process `syz.4.630'.
[  306.211841][   T12] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 0
[  306.333285][ T8479] fido_id[8479]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  306.392246][ T3958] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  306.401677][   T30] audit: type=1400 audit(1765117162.846:487): avc:  denied  { ioctl } for  pid=8468 comm="syz.2.626" path="/dev/input/mouse0" dev="devtmpfs" ino=923 ioctlcmd=0x7005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  306.450577][ T5826] Bluetooth: hci4: command 0x1003 tx timeout
[  306.482884][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  306.503790][   T30] audit: type=1400 audit(1765117162.846:488): avc:  denied  { setopt } for  pid=8468 comm="syz.2.626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  307.622258][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.634'.
[  307.871102][ T8511] serio: Serial port ptm1
[  307.877547][ T5874] usb 3-1: USB disconnect, device number 11
[  308.224429][ T8518] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.636'.
[  309.946365][   T24] libceph: connect (1)[c::]:6789 error -101
[  309.952766][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  310.216757][   T24] libceph: connect (1)[c::]:6789 error -101
[  310.228922][ T8536] ceph: No mds server is up or the cluster is laggy
[  310.229396][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  310.556799][ T8545] mkiss: ax0: crc mode is auto.
[  310.785031][   T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  310.911853][ T8529] overlayfs: missing 'lowerdir'
[  311.042078][ T8546] mkiss: ax0: crc mode is auto.
[  311.116627][   T24] usb 5-1: config 0 has an invalid interface number: 156 but max is 0
[  311.125921][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  311.141653][   T24] usb 5-1: config 0 has no interface number 0
[  311.150746][   T24] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  311.162374][   T24] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  311.172321][   T24] usb 5-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.220556][   T24] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  311.347526][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.423621][   T30] audit: type=1400 audit(1765117167.856:489): avc:  denied  { shutdown } for  pid=8551 comm="syz.5.644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  311.458334][   T24] usb 5-1: config 0 descriptor??
[  311.499995][   T24] gspca_main: spca561-2.14.0 probing abcd:cdee
[  311.529684][   T30] audit: type=1400 audit(1765117167.856:490): avc:  denied  { read } for  pid=8551 comm="syz.5.644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  311.672194][   T24] spca561 5-1:0.156: probe with driver spca561 failed with error -22
[  311.702024][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  311.715456][   T24] usb 5-1: MIDIStreaming interface descriptor not found
[  311.862939][   T24] usb 5-1: USB disconnect, device number 6
[  312.696698][ T8561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.647'.
[  313.207126][ T8573] netlink: 16 bytes leftover after parsing attributes in process `syz.3.649'.
[  314.094182][ T8591] Invalid source name
[  314.098277][ T8591] UBIFS error (pid: 8591): cannot open "./file0", error -22
[  314.105769][ T8591] fuse: Bad value for 'fd'
[  315.141551][ T8603] Invalid source name
[  315.145697][ T8603] UBIFS error (pid: 8603): cannot open "./file0", error -22
[  315.148371][ T8603] fuse: Bad value for 'fd'
[  315.471714][ T8604] netlink: 4 bytes leftover after parsing attributes in process `syz.4.657'.
[  315.556183][ T8598] overlayfs: missing 'lowerdir'
[  315.604382][   T30] audit: type=1400 audit(1765117172.056:491): avc:  denied  { write } for  pid=8578 comm="syz.1.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  316.810665][ T8616] netlink: 12 bytes leftover after parsing attributes in process `syz.1.661'.
[  317.597885][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  317.604277][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  318.433726][ T7901] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  318.693999][ T8632] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  318.702933][ T8632] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  318.713361][ T7901] usb 2-1: New USB device found, idVendor=041e, idProduct=4011, bcdDevice=af.98
[  318.738493][ T7901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.750806][ T7901] usb 2-1: config 0 descriptor??
[  318.774203][ T7901] pwc: Creative Labs Webcam Pro Ex detected.
[  319.189265][ T8647] Invalid source name
[  319.193386][ T8647] UBIFS error (pid: 8647): cannot open "./file0", error -22
[  319.199124][ T8647] fuse: Bad value for 'fd'
[  319.543600][ T7901] pwc: recv_control_msg error -32 req 02 val 2b00
[  319.693890][ T7901] pwc: recv_control_msg error -32 req 02 val 2700
[  320.593816][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  320.754368][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  321.303921][ T7901] pwc: recv_control_msg error -71 req 02 val 2c00
[  321.544032][ T7901] pwc: recv_control_msg error -71 req 04 val 1000
[  321.582475][ T7901] pwc: recv_control_msg error -71 req 04 val 1300
[  321.619538][ T7901] pwc: recv_control_msg error -71 req 04 val 1400
[  321.704692][ T7901] pwc: recv_control_msg error -71 req 02 val 2000
[  321.712719][ T7901] pwc: recv_control_msg error -71 req 02 val 2100
[  321.720551][ T7901] pwc: recv_control_msg error -71 req 06 val 0600
[  321.727836][ T7901] pwc: recv_control_msg error -71 req 04 val 1500
[  321.850162][ T7901] pwc: recv_control_msg error -71 req 02 val 2500
[  321.884581][ T7901] pwc: recv_control_msg error -71 req 02 val 2400
[  322.025595][ T8666] netlink: 16 bytes leftover after parsing attributes in process `syz.1.671'.
[  322.373128][ T7901] pwc: recv_control_msg error -71 req 02 val 2600
[  322.382246][ T7901] pwc: recv_control_msg error -71 req 02 val 2900
[  322.389182][ T7901] pwc: recv_control_msg error -71 req 02 val 2800
[  322.418205][ T7901] pwc: recv_control_msg error -71 req 04 val 1100
[  322.529343][ T7901] pwc: recv_control_msg error -71 req 04 val 1200
[  322.556439][ T8656] mkiss: ax0: crc mode is auto.
[  322.648060][ T7901] pwc: Registered as video103.
[  322.701118][ T7901] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7
[  322.747876][ T7901] usb 2-1: USB disconnect, device number 16
[  322.839088][ T8665] overlayfs: missing 'lowerdir'
[  324.817876][ T8697] netlink: 4 bytes leftover after parsing attributes in process `syz.2.680'.
[  325.084031][ T7901] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  325.244195][ T7901] usb 5-1: Using ep0 maxpacket: 16
[  325.256643][ T7901] usb 5-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  325.321033][ T7901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.889705][ T7901] usb 5-1: config 0 descriptor??
[  325.891129][   T89] libceph: connect (1)[c::]:6789 error -101
[  325.924167][   T89] libceph: mon0 (1)[c::]:6789 connect error
[  326.014210][ T8708] ceph: No mds server is up or the cluster is laggy
[  326.387020][ T8722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.683'.
[  327.166512][ T8719] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  327.172854][ T8719] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  327.453717][ T5874] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  327.624494][ T5874] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  327.676416][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  327.718590][ T5874] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  327.762145][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[  327.809128][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  327.851392][ T5874] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  327.906972][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[  327.945377][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  327.993794][ T5874] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  328.053879][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[  328.079613][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  328.169081][ T5874] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  328.350126][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[  328.443948][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  328.453057][ T5874] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  328.504805][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[  328.533737][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  328.542787][ T5874] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  328.565191][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[  328.583102][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  328.615312][ T5874] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  328.640935][ T8728] qrtr: Invalid version 75
[  328.645607][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[  328.661293][ T5874] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  328.672726][ T5874] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  328.718541][ T5874] usb 3-1: config 0 interface 0 has no altsetting 0
[  328.748281][ T5874] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  328.777813][ T5874] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  328.795612][ T5874] usb 3-1: Product: syz
[  328.807414][ T5874] usb 3-1: Manufacturer: syz
[  328.831702][ T5874] usb 3-1: SerialNumber: syz
[  328.858663][ T5874] usb 3-1: config 0 descriptor??
[  328.917760][ T5874] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[  329.135213][ T7901] pegasus 5-1:0.0: can't reset MAC
[  329.136824][   T89] usb 3-1: USB disconnect, device number 12
[  329.142616][ T7901] pegasus 5-1:0.0: probe with driver pegasus failed with error -5
[  329.234797][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[  329.241830][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  329.360423][ T8737] mkiss: ax0: crc mode is auto.
[  329.414286][   T89] yurex 3-1:0.0: USB YUREX #0 now disconnected
[  329.556392][ T5902] usb 5-1: USB disconnect, device number 7
[  331.071284][ T8753] mkiss: ax0: crc mode is auto.
[  331.119375][ T8748] overlayfs: missing 'lowerdir'
[  331.421433][ T8767] Invalid source name
[  331.425504][ T8767] UBIFS error (pid: 8767): cannot open "./file0", error -22
[  331.426144][ T8767] fuse: Bad value for 'fd'
[  331.990559][ T8774] mkiss: ax0: crc mode is auto.
[  333.582302][ T5874] libceph: connect (1)[c::]:6789 error -101
[  333.592209][ T5874] libceph: mon0 (1)[c::]:6789 connect error
[  333.648020][ T8791] ceph: No mds server is up or the cluster is laggy
[  333.934508][   T30] audit: type=1400 audit(1765118216.260:492): avc:  denied  { shutdown } for  pid=8795 comm="syz.3.703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  335.513760][   T30] audit: type=1804 audit(1765118217.890:493): pid=8816 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.5.707" name="/newroot/47/bus/file0" dev="overlay" ino=291 res=1 errno=0
[  335.901318][ T8827] Invalid source name
[  335.905568][ T8827] UBIFS error (pid: 8827): cannot open "./file0", error -22
[  335.906742][ T8827] fuse: Bad value for 'fd'
[  336.283754][ T8831] mkiss: ax0: crc mode is auto.
[  337.128847][ T6055] libceph: connect (1)[c::]:6789 error -101
[  337.135980][ T6055] libceph: mon0 (1)[c::]:6789 connect error
[  337.276156][ T8842] ceph: No mds server is up or the cluster is laggy
[  337.324603][ T8847] netlink: 4 bytes leftover after parsing attributes in process `syz.2.713'.
[  337.533044][ T6055] libceph: connect (1)[c::]:6789 error -101
[  337.585409][ T6055] libceph: mon0 (1)[c::]:6789 connect error
[  337.590897][ T8849] mkiss: ax0: crc mode is auto.
[  339.368797][   T30] audit: type=1400 audit(1765118221.760:494): avc:  denied  { setopt } for  pid=8872 comm="syz.2.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  339.455896][   T30] audit: type=1400 audit(1765118221.900:495): avc:  denied  { bind } for  pid=8875 comm="syz.2.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  340.064641][ T5881] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  340.224639][ T5881] usb 3-1: Using ep0 maxpacket: 32
[  340.234495][ T5881] usb 3-1: config 2 has an invalid interface number: 88 but max is 0
[  340.250398][ T5881] usb 3-1: config 2 has no interface number 0
[  340.259519][ T5881] usb 3-1: config 2 interface 88 has no altsetting 0
[  340.272989][ T5881] usb 3-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  340.285628][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.294359][ T5881] usb 3-1: Product: syz
[  340.300948][ T5881] usb 3-1: Manufacturer: syz
[  340.306176][ T5881] usb 3-1: SerialNumber: syz
[  340.513552][ T8882] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  340.541078][ T8882] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  341.065816][ T8900] lo speed is unknown, defaulting to 1000
[  341.073321][ T8900] lo speed is unknown, defaulting to 1000
[  341.090679][ T8900] lo speed is unknown, defaulting to 1000
[  341.117191][ T8900] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  341.162955][ T8900] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  341.546804][ T8900] lo speed is unknown, defaulting to 1000
[  341.554414][ T8900] lo speed is unknown, defaulting to 1000
[  341.561582][ T8900] lo speed is unknown, defaulting to 1000
[  341.568575][ T8900] lo speed is unknown, defaulting to 1000
[  341.575788][ T8900] lo speed is unknown, defaulting to 1000
[  341.834578][   T30] audit: type=1400 audit(1765118224.240:496): avc:  denied  { associate } for  pid=8903 comm="syz.1.730" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  342.413795][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  342.593729][   T51] Bluetooth: hci5: command 0x0c1a tx timeout
[  342.720255][ T5881] asix 3-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  342.750274][ T5881] asix 3-1:2.88: probe with driver asix failed with error -71
[  343.141746][ T5881] usb 3-1: USB disconnect, device number 13
[  343.168336][ T8916] mkiss: ax0: crc mode is auto.
[  346.322798][ T5902] libceph: connect (1)[c::]:6789 error -101
[  346.325344][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  346.609825][ T5902] libceph: connect (1)[c::]:6789 error -101
[  346.634818][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  346.831697][ T8950] ceph: No mds server is up or the cluster is laggy
[  347.389678][ T8971] Invalid source name
[  347.393719][ T8971] UBIFS error (pid: 8971): cannot open "./file0", error -22
[  347.395090][ T8971] fuse: Bad value for 'fd'
[  348.434564][   T89] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  348.626351][   T89] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  348.662008][   T89] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.693072][   T89] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.735917][   T89] usb 2-1: config 0 interface 0 has no altsetting 0
[  348.762445][   T89] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.795766][   T89] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.844077][   T89] usb 2-1: config 0 interface 0 has no altsetting 0
[  348.869955][   T89] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.895721][   T89] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.911932][   T89] usb 2-1: config 0 interface 0 has no altsetting 0
[  348.935309][   T89] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  348.963693][   T89] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  348.979850][   T89] usb 2-1: config 0 interface 0 has no altsetting 0
[  349.032223][   T89] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  349.074175][   T89] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  349.100647][   T89] usb 2-1: config 0 interface 0 has no altsetting 0
[  349.115489][   T89] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  349.128035][   T89] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  349.150699][   T89] usb 2-1: config 0 interface 0 has no altsetting 0
[  349.162126][   T89] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  349.175416][   T89] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  349.192621][   T89] usb 2-1: config 0 interface 0 has no altsetting 0
[  349.256496][   T89] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  349.274739][   T89] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  349.297796][   T89] usb 2-1: config 0 interface 0 has no altsetting 0
[  349.315212][   T89] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  349.329586][   T89] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  349.338136][   T89] usb 2-1: Product: syz
[  349.342350][   T89] usb 2-1: Manufacturer: syz
[  349.348285][   T89] usb 2-1: SerialNumber: syz
[  349.356320][   T89] usb 2-1: config 0 descriptor??
[  349.366264][   T89] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  349.587676][ T5881] usb 2-1: USB disconnect, device number 17
[  349.600485][ T5881] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  349.879941][ T6055] libceph: connect (1)[c::]:6789 error -101
[  350.228691][ T6055] libceph: mon0 (1)[c::]:6789 connect error
[  350.285660][ T9000] ceph: No mds server is up or the cluster is laggy
[  350.665714][ T9010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.756'.
[  351.149216][ T9012] overlayfs: missing 'lowerdir'
[  351.326474][ T9015] lo speed is unknown, defaulting to 1000
[  351.568593][ T9025] Invalid source name
[  351.572586][ T9025] UBIFS error (pid: 9025): cannot open "./file0", error -22
[  351.573159][ T9025] fuse: Bad value for 'fd'
[  352.478168][ T9036] netlink: 16 bytes leftover after parsing attributes in process `syz.4.763'.
[  353.135454][ T9042] overlayfs: failed to get inode (-116)
[  353.164706][ T9042] overlayfs: failed to get inode (-116)
[  353.342711][ T9048] netlink: 4 bytes leftover after parsing attributes in process `syz.4.766'.
[  354.044845][ T9057] mkiss: ax0: crc mode is auto.
[  354.376718][ T9064] netlink: 24 bytes leftover after parsing attributes in process `syz.1.770'.
[  354.646283][ T9070] netlink: 4 bytes leftover after parsing attributes in process `syz.2.772'.
[  355.038064][ T9076] mkiss: ax0: crc mode is auto.
[  355.213261][   T30] audit: type=1400 audit(1765118750.650:497): avc:  denied  { getopt } for  pid=9072 comm="syz.3.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  356.687461][ T9085] netlink: 28 bytes leftover after parsing attributes in process `syz.1.776'.
[  357.164818][ T9037] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  357.185447][ T9100] netlink: 36 bytes leftover after parsing attributes in process `syz.3.782'.
[  357.296166][ T5903] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  357.333747][ T9037] usb 2-1: Using ep0 maxpacket: 16
[  357.341473][ T9037] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.353066][   T89] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  357.361356][ T9037] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  357.393853][ T9037] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  357.413278][ T9037] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  357.423109][ T9037] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.941409][ T9037] usb 2-1: config 0 descriptor??
[  357.946504][ T5903] usb 5-1: Using ep0 maxpacket: 8
[  357.953338][ T5903] usb 5-1: config 0 has no interfaces?
[  357.965874][ T5903] usb 5-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83
[  357.976499][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.984682][   T89] usb 6-1: device descriptor read/64, error -71
[  357.991339][ T5903] usb 5-1: Product: syz
[  357.995627][ T5903] usb 5-1: Manufacturer: syz
[  358.000332][ T5903] usb 5-1: SerialNumber: syz
[  358.022576][ T5903] usb 5-1: config 0 descriptor??
[  358.163582][   T30] audit: type=1400 audit(1765118753.600:498): avc:  denied  { create } for  pid=9088 comm="syz.1.777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  358.198639][   T30] audit: type=1400 audit(1765118753.630:499): avc:  denied  { read } for  pid=9088 comm="syz.1.777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  358.250217][ T9109] netlink: 24 bytes leftover after parsing attributes in process `syz.3.784'.
[  358.279677][ T9037] usbhid 2-1:0.0: can't add hid device: -71
[  358.286259][ T9037] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  358.297397][   T89] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  358.325864][ T9087] kvm: kvm [9086]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  358.339424][ T9037] usb 2-1: USB disconnect, device number 18
[  358.362525][ T9087] kvm: kvm [9086]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  358.460488][ T9112] netlink: 4 bytes leftover after parsing attributes in process `syz.1.785'.
[  358.494625][   T89] usb 6-1: device descriptor read/64, error -71
[  358.614836][   T89] usb usb6-port1: attempt power cycle
[  358.620386][ T9116] netlink: 28 bytes leftover after parsing attributes in process `syz.1.787'.
[  358.672373][ T5881] usb 5-1: USB disconnect, device number 8
[  359.093721][   T89] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  359.124989][   T89] usb 6-1: device descriptor read/8, error -71
[  359.364911][   T89] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  359.395109][   T89] usb 6-1: device descriptor read/8, error -71
[  359.514601][   T89] usb usb6-port1: unable to enumerate USB device
[  360.126310][ T9135] mkiss: ax0: crc mode is auto.
[  361.349977][ T9152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.794'.
[  361.433952][ T9037] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  362.204373][ T9037] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  362.219021][ T9037] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  362.267056][ T9156] netlink: 4 bytes leftover after parsing attributes in process `syz.3.797'.
[  362.287874][ T9037] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  362.313756][ T9037] usb 6-1: config 0 interface 0 has no altsetting 0
[  362.332342][ T9037] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  362.343173][ T9037] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  362.363178][ T9037] usb 6-1: config 0 interface 0 has no altsetting 0
[  362.377896][ T9037] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  362.404010][ T9037] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  362.428510][ T9160] netlink: 28 bytes leftover after parsing attributes in process `syz.3.798'.
[  362.432351][ T9037] usb 6-1: config 0 interface 0 has no altsetting 0
[  362.454777][ T9037] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  362.468134][ T9037] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  362.482186][ T9037] usb 6-1: config 0 interface 0 has no altsetting 0
[  362.492505][ T9037] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  362.503400][ T9037] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  362.528793][ T9037] usb 6-1: config 0 interface 0 has no altsetting 0
[  362.568390][ T9037] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  362.852828][   T30] audit: type=1400 audit(1765118758.220:500): avc:  denied  { getopt } for  pid=9161 comm="syz.2.799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  362.906176][   T30] audit: type=1400 audit(1765118758.220:501): avc:  denied  { bind } for  pid=9161 comm="syz.2.799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  363.018911][ T9037] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  363.093026][ T9037] usb 6-1: config 0 interface 0 has no altsetting 0
[  363.136219][ T9037] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  363.168865][ T9175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.800'.
[  363.203810][ T9037] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  364.402979][ T9037] usb 6-1: config 0 interface 0 has no altsetting 0
[  364.700195][ T9037] usb 6-1: unable to read config index 7 descriptor/start: -71
[  364.840343][ T9037] usb 6-1: can't read configurations, error -71
[  365.778303][ T9197] netlink: 16 bytes leftover after parsing attributes in process `syz.4.804'.
[  366.544057][   T30] audit: type=1400 audit(1765118761.980:502): avc:  denied  { recv } for  pid=9182 comm="syz.5.803" saddr=10.128.0.169 src=34428 daddr=10.128.1.35 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  366.586200][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.594290][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.602086][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.609904][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.618011][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.626291][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.634479][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.642527][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.650422][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  366.658234][ T9199] ICMPv6: RA: ndisc_router_discovery failed to add default route
[  368.287077][ T9213] siw: device registration error -23
[  368.648538][ T9210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.808'.
[  369.132660][ T9228] EXT4-fs: Conflicting test_dummy_encryption options
[  369.162164][ T9225] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  369.180483][ T9225] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  369.945548][   T30] audit: type=1400 audit(1765119278.389:503): avc:  denied  { cmd } for  pid=9239 comm="syz.4.815" path="socket:[25444]" dev="sockfs" ino=25444 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  370.033202][   T30] audit: type=1400 audit(1765119278.469:504): avc:  denied  { listen } for  pid=9239 comm="syz.4.815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  370.069702][   T30] audit: type=1400 audit(1765119278.499:505): avc:  denied  { getopt } for  pid=9239 comm="syz.4.815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  370.109626][ T9250] netlink: 20 bytes leftover after parsing attributes in process `syz.3.817'.
[  370.378321][ T9253] mkiss: ax0: crc mode is auto.
[  371.246719][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[  371.252841][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  371.662968][ T9268] siw: device registration error -23
[  372.124859][ T9267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.822'.
[  372.362091][   T30] audit: type=1400 audit(1765119280.799:506): avc:  denied  { listen } for  pid=9270 comm="syz.5.823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  372.407151][   T30] audit: type=1400 audit(1765119280.819:507): avc:  denied  { accept } for  pid=9270 comm="syz.5.823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  372.839584][ T9282] overlayfs: missing 'lowerdir'
[  373.249109][ T9287] FAULT_INJECTION: forcing a failure.
[  373.249109][ T9287] name failslab, interval 1, probability 0, space 0, times 0
[  373.262055][ T9287] CPU: 1 UID: 0 PID: 9287 Comm: syz.3.827 Not tainted syzkaller #0 PREEMPT(full) 
[  373.262084][ T9287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  373.262097][ T9287] Call Trace:
[  373.262110][ T9287]  <TASK>
[  373.262119][ T9287]  dump_stack_lvl+0x16c/0x1f0
[  373.262156][ T9287]  should_fail_ex+0x512/0x640
[  373.262185][ T9287]  should_failslab+0xc2/0x120
[  373.262213][ T9287]  __kmalloc_cache_noprof+0x80/0x800
[  373.262245][ T9287]  ? __pfx_security_netif_sid+0x10/0x10
[  373.262267][ T9287]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  373.262296][ T9287]  ? sel_netif_sid+0x634/0x950
[  373.262330][ T9287]  ? sel_netif_sid+0x634/0x950
[  373.262357][ T9287]  sel_netif_sid+0x634/0x950
[  373.262393][ T9287]  selinux_ip_postroute+0xb78/0xdd0
[  373.262420][ T9287]  ? __pfx_selinux_ip_postroute+0x10/0x10
[  373.262453][ T9287]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  373.262479][ T9287]  ? lockdep_hardirqs_on+0x7c/0x110
[  373.262509][ T9287]  ? ip6t_do_table+0xbf5/0x1c30
[  373.262536][ T9287]  ? __pfx_nf_nat_ipv6_out+0x10/0x10
[  373.262559][ T9287]  ? nf_nat_ipv6_out+0x3cc/0x4c0
[  373.262587][ T9287]  ? __pfx_selinux_ip_postroute+0x10/0x10
[  373.262610][ T9287]  nf_hook_slow+0xbe/0x200
[  373.262640][ T9287]  nf_hook+0x45e/0x780
[  373.262661][ T9287]  ? __pfx_ip6_finish_output+0x10/0x10
[  373.262684][ T9287]  ? __pfx_nf_hook+0x10/0x10
[  373.262710][ T9287]  ? __pfx_ip6_finish_output+0x10/0x10
[  373.262744][ T9287]  ip6_output+0x4b6/0x710
[  373.262765][ T9287]  ? __pfx_ip6_finish_output+0x10/0x10
[  373.262795][ T9287]  ip6_mr_output+0x233/0x11b0
[  373.262824][ T9287]  ? __pfx_nf_nat_ipv6_local_fn+0x10/0x10
[  373.262849][ T9287]  ? nf_nat_ipv6_local_fn+0x38a/0x530
[  373.262876][ T9287]  ? __pfx_ip6_mr_output+0x10/0x10
[  373.262904][ T9287]  ? __ip6_local_out+0x45b/0xa80
[  373.262931][ T9287]  ? nf_hook_slow+0x132/0x200
[  373.262963][ T9287]  ? __ip6_local_out+0x2f1/0xa80
[  373.262999][ T9287]  ? __pfx_dst_output+0x10/0x10
[  373.263035][ T9287]  ? ip6_local_out+0x2a9/0x4d0
[  373.263061][ T9287]  ip6_local_out+0x2a9/0x4d0
[  373.263094][ T9287]  ip6_send_skb+0x112/0x460
[  373.263127][ T9287]  udp_v6_send_skb+0x96f/0x1910
[  373.263161][ T9287]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  373.263198][ T9287]  udp_v6_push_pending_frames+0x139/0x210
[  373.263237][ T9287]  udpv6_sendmsg+0x163f/0x2d30
[  373.263267][ T9287]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  373.263310][ T9287]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  373.263339][ T9287]  ? avc_has_perm_noaudit+0x149/0x3b0
[  373.263367][ T9287]  ? avc_has_perm+0x144/0x1f0
[  373.263427][ T9287]  ? __import_iovec+0x1dd/0x650
[  373.263450][ T9287]  ? __might_fault+0xe3/0x190
[  373.263469][ T9287]  ? __might_fault+0x13b/0x190
[  373.263488][ T9287]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  373.263520][ T9287]  ? inet6_sendmsg+0x105/0x140
[  373.263547][ T9287]  inet6_sendmsg+0x105/0x140
[  373.263579][ T9287]  ____sys_sendmsg+0x705/0xc30
[  373.263614][ T9287]  ? copy_msghdr_from_user+0x10a/0x160
[  373.263638][ T9287]  ? __pfx_____sys_sendmsg+0x10/0x10
[  373.263675][ T9287]  ? __pfx__kstrtoull+0x10/0x10
[  373.263708][ T9287]  ___sys_sendmsg+0x134/0x1d0
[  373.263737][ T9287]  ? __pfx____sys_sendmsg+0x10/0x10
[  373.263778][ T9287]  ? find_held_lock+0x2b/0x80
[  373.263824][ T9287]  __sys_sendmmsg+0x200/0x420
[  373.263855][ T9287]  ? __pfx___sys_sendmmsg+0x10/0x10
[  373.263893][ T9287]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  373.263936][ T9287]  ? fput+0x70/0xf0
[  373.263964][ T9287]  ? ksys_write+0x1ac/0x250
[  373.263989][ T9287]  ? __pfx_ksys_write+0x10/0x10
[  373.264020][ T9287]  __x64_sys_sendmmsg+0x9c/0x100
[  373.264043][ T9287]  ? lockdep_hardirqs_on+0x7c/0x110
[  373.264069][ T9287]  do_syscall_64+0xcd/0xf80
[  373.264107][ T9287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.264130][ T9287] RIP: 0033:0x7f060ef8f749
[  373.264148][ T9287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.264165][ T9287] RSP: 002b:00007f060fdd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  373.264184][ T9287] RAX: ffffffffffffffda RBX: 00007f060f1e5fa0 RCX: 00007f060ef8f749
[  373.264198][ T9287] RDX: 0000000000000001 RSI: 0000200000004740 RDI: 0000000000000003
[  373.264211][ T9287] RBP: 00007f060fdd5090 R08: 0000000000000000 R09: 0000000000000000
[  373.264223][ T9287] R10: 00000000000048c0 R11: 0000000000000246 R12: 0000000000000001
[  373.264234][ T9287] R13: 00007f060f1e6038 R14: 00007f060f1e5fa0 R15: 00007ffcb17992e8
[  373.264263][ T9287]  </TASK>
[  374.252555][   T30] audit: type=1400 audit(1765119282.689:508): avc:  denied  { map } for  pid=9288 comm="syz.1.829" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  374.490049][   T30] audit: type=1400 audit(1765119282.929:509): avc:  denied  { create } for  pid=9288 comm="syz.1.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  374.679932][ T9300] netlink: 4 bytes leftover after parsing attributes in process `syz.5.830'.
[  375.403327][ T9309] siw: device registration error -23
[  375.995516][ T9311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.834'.
[  376.296812][   T30] audit: type=1400 audit(1765119284.729:510): avc:  denied  { create } for  pid=9317 comm="syz.2.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  376.372539][   T30] audit: type=1400 audit(1765119284.739:511): avc:  denied  { read } for  pid=9317 comm="syz.2.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  376.639143][ T9328] FAULT_INJECTION: forcing a failure.
[  376.639143][ T9328] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  376.654434][ T9328] CPU: 1 UID: 0 PID: 9328 Comm: syz.3.837 Not tainted syzkaller #0 PREEMPT(full) 
[  376.654462][ T9328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  376.654475][ T9328] Call Trace:
[  376.654482][ T9328]  <TASK>
[  376.654490][ T9328]  dump_stack_lvl+0x16c/0x1f0
[  376.654526][ T9328]  should_fail_ex+0x512/0x640
[  376.654555][ T9328]  should_fail_alloc_page+0xe7/0x130
[  376.654584][ T9328]  prepare_alloc_pages+0x401/0x670
[  376.654618][ T9328]  __alloc_frozen_pages_noprof+0x18b/0x2430
[  376.654641][ T9328]  ? kasan_save_track+0x14/0x30
[  376.654664][ T9328]  ? __kasan_kmalloc+0xaa/0xb0
[  376.654686][ T9328]  ? sock_kmalloc+0x111/0x170
[  376.654715][ T9328]  ? af_alg_sendmsg+0x129b/0x2980
[  376.654742][ T9328]  ? ____sys_sendmsg+0xa5d/0xc30
[  376.654771][ T9328]  ? ___sys_sendmsg+0x134/0x1d0
[  376.654795][ T9328]  ? __sys_sendmsg+0x16d/0x220
[  376.654818][ T9328]  ? do_syscall_64+0xcd/0xf80
[  376.654847][ T9328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.654877][ T9328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  376.654920][ T9328]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  376.654946][ T9328]  ? policy_nodemask+0xea/0x4e0
[  376.654976][ T9328]  alloc_pages_mpol+0x1fb/0x550
[  376.655006][ T9328]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  376.655033][ T9328]  ? sock_kmalloc+0x111/0x170
[  376.655070][ T9328]  alloc_pages_noprof+0x131/0x390
[  376.655099][ T9328]  af_alg_sendmsg+0x897/0x2980
[  376.655144][ T9328]  ? __pfx_af_alg_sendmsg+0x10/0x10
[  376.655178][ T9328]  ? security_socket_sendmsg+0xa6/0x240
[  376.655207][ T9328]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  376.655240][ T9328]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  376.655270][ T9328]  ____sys_sendmsg+0xa5d/0xc30
[  376.655303][ T9328]  ? copy_msghdr_from_user+0x10a/0x160
[  376.655329][ T9328]  ? __pfx_____sys_sendmsg+0x10/0x10
[  376.655365][ T9328]  ? __lock_acquire+0x436/0x2890
[  376.655399][ T9328]  ___sys_sendmsg+0x134/0x1d0
[  376.655427][ T9328]  ? __pfx____sys_sendmsg+0x10/0x10
[  376.655453][ T9328]  ? find_held_lock+0x2b/0x80
[  376.655509][ T9328]  ? __schedule+0x1090/0x6150
[  376.655546][ T9328]  __sys_sendmsg+0x16d/0x220
[  376.655572][ T9328]  ? __pfx___sys_sendmsg+0x10/0x10
[  376.655619][ T9328]  do_syscall_64+0xcd/0xf80
[  376.655653][ T9328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.655674][ T9328] RIP: 0033:0x7f060ef8f749
[  376.655692][ T9328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.655713][ T9328] RSP: 002b:00007f060fdb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  376.655733][ T9328] RAX: ffffffffffffffda RBX: 00007f060f1e6090 RCX: 00007f060ef8f749
[  376.655748][ T9328] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[  376.655761][ T9328] RBP: 00007f060fdb4090 R08: 0000000000000000 R09: 0000000000000000
[  376.655775][ T9328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.655787][ T9328] R13: 00007f060f1e6128 R14: 00007f060f1e6090 R15: 00007ffcb17992e8
[  376.655818][ T9328]  </TASK>
[  376.961217][ T9325] FAULT_INJECTION: forcing a failure.
[  376.961217][ T9325] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.976046][ T9325] CPU: 1 UID: 0 PID: 9325 Comm: syz.2.839 Not tainted syzkaller #0 PREEMPT(full) 
[  376.976063][ T9325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  376.976071][ T9325] Call Trace:
[  376.976075][ T9325]  <TASK>
[  376.976079][ T9325]  dump_stack_lvl+0x16c/0x1f0
[  376.976106][ T9325]  should_fail_ex+0x512/0x640
[  376.976121][ T9325]  _copy_from_user+0x2e/0xd0
[  376.976135][ T9325]  vmci_host_unlocked_ioctl+0x5fe/0x2040
[  376.976150][ T9325]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  376.976164][ T9325]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  376.976179][ T9325]  ? do_vfs_ioctl+0x128/0x14f0
[  376.976199][ T9325]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  376.976224][ T9325]  ? hook_file_ioctl_common+0x144/0x410
[  376.976242][ T9325]  ? selinux_file_ioctl+0x180/0x270
[  376.976258][ T9325]  ? selinux_file_ioctl+0xb4/0x270
[  376.976276][ T9325]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  376.976290][ T9325]  __x64_sys_ioctl+0x18e/0x210
[  376.976304][ T9325]  do_syscall_64+0xcd/0xf80
[  376.976322][ T9325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.976334][ T9325] RIP: 0033:0x7fda7438f749
[  376.976344][ T9325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.976355][ T9325] RSP: 002b:00007fda751e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  376.976367][ T9325] RAX: ffffffffffffffda RBX: 00007fda745e6090 RCX: 00007fda7438f749
[  376.976374][ T9325] RDX: 0000200000001680 RSI: 00000000000007b2 RDI: 0000000000000006
[  376.976381][ T9325] RBP: 00007fda751e6090 R08: 0000000000000000 R09: 0000000000000000
[  376.976388][ T9325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.976395][ T9325] R13: 00007fda745e6128 R14: 00007fda745e6090 R15: 00007ffe01bbc658
[  376.976410][ T9325]  </TASK>
[  377.321090][ T5934] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  377.484049][ T5934] usb 2-1: Using ep0 maxpacket: 8
[  377.491835][ T5934] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  377.538148][ T5934] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  377.568327][ T5934] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  377.603752][ T5934] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  377.649129][ T5934] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  377.709737][ T5934] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  377.760832][ T5934] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.763993][ T9338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.840'.
[  378.011742][ T9343] mkiss: ax0: crc mode is auto.
[  378.199040][ T5934] usb 2-1: usb_control_msg returned -32
[  378.229548][ T9346] netlink: 4 bytes leftover after parsing attributes in process `syz.3.841'.
[  378.293936][ T5934] usbtmc 2-1:16.0: can't read capabilities
[  378.361549][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  378.368054][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  378.514191][ T9348] FAULT_INJECTION: forcing a failure.
[  378.514191][ T9348] name failslab, interval 1, probability 0, space 0, times 0
[  378.617470][ T9348] CPU: 0 UID: 0 PID: 9348 Comm: syz.1.838 Not tainted syzkaller #0 PREEMPT(full) 
[  378.617500][ T9348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  378.617513][ T9348] Call Trace:
[  378.617520][ T9348]  <TASK>
[  378.617528][ T9348]  dump_stack_lvl+0x16c/0x1f0
[  378.617564][ T9348]  should_fail_ex+0x512/0x640
[  378.617588][ T9348]  ? kmem_cache_alloc_noprof+0x62/0x770
[  378.617613][ T9348]  should_failslab+0xc2/0x120
[  378.617641][ T9348]  kmem_cache_alloc_noprof+0x83/0x770
[  378.617662][ T9348]  ? stack_depot_save_flags+0x29/0x9b0
[  378.617684][ T9348]  ? alloc_empty_file+0x55/0x1e0
[  378.617711][ T9348]  ? alloc_empty_file+0x55/0x1e0
[  378.617728][ T9348]  ? kasan_save_track+0x14/0x30
[  378.617752][ T9348]  alloc_empty_file+0x55/0x1e0
[  378.617773][ T9348]  path_openat+0xde/0x3140
[  378.617801][ T9348]  ? do_syscall_64+0xcd/0xf80
[  378.617831][ T9348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.617863][ T9348]  ? __pfx_path_openat+0x10/0x10
[  378.617903][ T9348]  do_filp_open+0x20b/0x470
[  378.617933][ T9348]  ? __pfx_do_filp_open+0x10/0x10
[  378.617989][ T9348]  ? alloc_fd+0x471/0x7d0
[  378.618028][ T9348]  do_sys_openat2+0x11f/0x280
[  378.618048][ T9348]  ? __pfx_do_sys_openat2+0x10/0x10
[  378.618071][ T9348]  ? __fget_files+0x20e/0x3c0
[  378.618103][ T9348]  __x64_sys_openat+0x174/0x210
[  378.618123][ T9348]  ? __pfx___x64_sys_openat+0x10/0x10
[  378.618142][ T9348]  ? ksys_write+0x1ac/0x250
[  378.618180][ T9348]  do_syscall_64+0xcd/0xf80
[  378.618212][ T9348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.618234][ T9348] RIP: 0033:0x7fd10c38df90
[  378.618251][ T9348] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[  378.618272][ T9348] RSP: 002b:00007fd10d275b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  378.618293][ T9348] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd10c38df90
[  378.618307][ T9348] RDX: 0000000000000002 RSI: 00007fd10d275c10 RDI: 00000000ffffff9c
[  378.618321][ T9348] RBP: 00007fd10d275c10 R08: 0000000000000000 R09: 00007fd10d275987
[  378.618335][ T9348] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  378.618348][ T9348] R13: 00007fd10c5e6128 R14: 00007fd10c5e6090 R15: 00007ffc77022728
[  378.618379][ T9348]  </TASK>
[  379.689920][ T9364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.847'.
[  380.108424][ T5934] usb 2-1: USB disconnect, device number 19
[  380.412597][ T9373] netlink: 24 bytes leftover after parsing attributes in process `syz.5.850'.
[  380.433939][ T9370] siw: device registration error -23
[  380.571145][ T9372] netlink: 24 bytes leftover after parsing attributes in process `syz.3.849'.
[  380.650626][ T9376] FAULT_INJECTION: forcing a failure.
[  380.650626][ T9376] name failslab, interval 1, probability 0, space 0, times 0
[  380.672370][   T30] audit: type=1400 audit(1765119289.109:512): avc:  denied  { name_connect } for  pid=9367 comm="syz.3.849" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  380.693096][ T9376] CPU: 0 UID: 0 PID: 9376 Comm: syz.4.851 Not tainted syzkaller #0 PREEMPT(full) 
[  380.693123][ T9376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  380.693135][ T9376] Call Trace:
[  380.693141][ T9376]  <TASK>
[  380.693149][ T9376]  dump_stack_lvl+0x16c/0x1f0
[  380.693183][ T9376]  should_fail_ex+0x512/0x640
[  380.693206][ T9376]  should_failslab+0xc2/0x120
[  380.693231][ T9376]  __kmalloc_cache_noprof+0x80/0x800
[  380.693263][ T9376]  ? rcu_is_watching+0x12/0xc0
[  380.693282][ T9376]  ? gsm_send.isra.0+0x57/0x7f0
[  380.693300][ T9376]  ? gsm_send.isra.0+0x57/0x7f0
[  380.693309][ T9376]  ? tty_ioctl+0x522/0x1650
[  380.693324][ T9376]  gsm_send.isra.0+0x57/0x7f0
[  380.693338][ T9376]  gsm_queue+0x4c9/0x8b0
[  380.693350][ T9376]  gsm1_receive+0x6eb/0xc20
[  380.693363][ T9376]  gsmld_receive_buf+0x1e1/0x2e0
[  380.693380][ T9376]  ? __pfx_gsm1_receive+0x10/0x10
[  380.693392][ T9376]  ? __pfx_gsmld_receive_buf+0x10/0x10
[  380.693408][ T9376]  tty_ioctl+0x583/0x1650
[  380.693424][ T9376]  ? __pfx_tty_ioctl+0x10/0x10
[  380.693439][ T9376]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  380.693464][ T9376]  ? hook_file_ioctl_common+0x144/0x410
[  380.693481][ T9376]  ? selinux_file_ioctl+0x180/0x270
[  380.693498][ T9376]  ? selinux_file_ioctl+0xb4/0x270
[  380.693515][ T9376]  ? __pfx_tty_ioctl+0x10/0x10
[  380.693531][ T9376]  __x64_sys_ioctl+0x18e/0x210
[  380.693546][ T9376]  do_syscall_64+0xcd/0xf80
[  380.693567][ T9376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.693579][ T9376] RIP: 0033:0x7fbe0f38f749
[  380.693589][ T9376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  380.693601][ T9376] RSP: 002b:00007fbe10187038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  380.693619][ T9376] RAX: ffffffffffffffda RBX: 00007fbe0f5e5fa0 RCX: 00007fbe0f38f749
[  380.693631][ T9376] RDX: 0000200000000000 RSI: 0000000000005412 RDI: 0000000000000003
[  380.693642][ T9376] RBP: 00007fbe10187090 R08: 0000000000000000 R09: 0000000000000000
[  380.693654][ T9376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  380.693665][ T9376] R13: 00007fbe0f5e6038 R14: 00007fbe0f5e5fa0 R15: 00007ffeb4c69028
[  380.693683][ T9376]  </TASK>
[  381.178414][   T30] audit: type=1400 audit(1765119289.619:513): avc:  denied  { write } for  pid=9367 comm="syz.3.849" lport=37463 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  381.964751][ T9390] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  382.132970][   T30] audit: type=1400 audit(1765119290.509:514): avc:  denied  { setopt } for  pid=9367 comm="syz.3.849" lport=37463 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  382.283836][ T5934] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  382.471746][ T9404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.857'.
[  382.607327][ T5934] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  382.620737][ T5934] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  382.692580][ T9407] siw: device registration error -23
[  383.217590][ T5934] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  383.278333][ T5934] usb 5-1: config 0 interface 0 has no altsetting 0
[  383.293204][ T5934] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  383.360656][ T5934] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  383.371857][ T5934] usb 5-1: config 0 interface 0 has no altsetting 0
[  383.400339][ T5934] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  383.446595][ T9409] netlink: 4 bytes leftover after parsing attributes in process `syz.2.859'.
[  383.478188][ T5934] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  383.489484][ T5934] usb 5-1: config 0 interface 0 has no altsetting 0
[  383.500088][ T5934] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  383.637618][ T5934] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  383.648646][ T5934] usb 5-1: config 0 interface 0 has no altsetting 0
[  383.667930][ T5934] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  383.677050][ T5934] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  383.750454][ T9413] siw: device registration error -23
[  384.227333][ T5934] usb 5-1: config 0 interface 0 has no altsetting 0
[  384.261804][ T5934] usb 5-1: unable to read config index 5 descriptor/start: -71
[  384.274426][ T9415] siw: device registration error -23
[  384.308031][ T5934] usb 5-1: can't read configurations, error -71
[  384.773703][   T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  385.364176][ T9432] netlink: 4 bytes leftover after parsing attributes in process `syz.4.863'.
[  385.387035][ T5881] libceph: connect (1)[c::]:6789 error -101
[  385.395041][   T10] usb 6-1: device descriptor read/64, error -71
[  385.407355][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  385.437124][ T9435] netlink: 24 bytes leftover after parsing attributes in process `syz.3.867'.
[  385.471958][   T30] audit: type=1400 audit(1765119293.909:515): avc:  denied  { mounton } for  pid=9436 comm="syz.1.868" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  385.496937][ T9429] ceph: No mds server is up or the cluster is laggy
[  385.505240][ T9437] tmpfs: Bad value for 'mpol'
[  385.670938][ T9440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.869'.
[  385.775912][   T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  385.923779][   T10] usb 6-1: device descriptor read/64, error -71
[  386.039874][   T10] usb usb6-port1: attempt power cycle
[  386.490237][ T9450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.872'.
[  386.651315][   T10] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  386.784405][   T10] usb 6-1: device descriptor read/8, error -71
[  386.947734][ T5888] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  387.160328][ T9455] mkiss: ax0: crc mode is auto.
[  387.182622][   T10] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  387.217622][   T10] usb 6-1: device descriptor read/8, error -71
[  387.259776][ T5888] usb 3-1: Using ep0 maxpacket: 8
[  387.345214][ T5888] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  387.353863][   T10] usb usb6-port1: unable to enumerate USB device
[  387.398121][ T5888] usb 3-1: config 179 has no interface number 0
[  387.414019][ T5888] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  387.434292][ T5888] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  387.504806][ T9460] siw: device registration error -23
[  387.907110][ T5888] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  387.919211][ T5888] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  387.932311][ T5888] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  387.945789][ T5888] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  388.005782][ T9463] FAULT_INJECTION: forcing a failure.
[  388.005782][ T9463] name failslab, interval 1, probability 0, space 0, times 0
[  388.022714][ T9463] CPU: 0 UID: 0 PID: 9463 Comm: syz.5.875 Not tainted syzkaller #0 PREEMPT(full) 
[  388.022732][ T9463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  388.022739][ T9463] Call Trace:
[  388.022743][ T9463]  <TASK>
[  388.022749][ T9463]  dump_stack_lvl+0x16c/0x1f0
[  388.022771][ T9463]  should_fail_ex+0x512/0x640
[  388.022785][ T9463]  ? __kmalloc_cache_noprof+0x5f/0x800
[  388.022804][ T9463]  should_failslab+0xc2/0x120
[  388.022820][ T9463]  __kmalloc_cache_noprof+0x80/0x800
[  388.022838][ T9463]  ? kvm_uevent_notify_change.part.0+0x93/0x450
[  388.022858][ T9463]  ? kvm_uevent_notify_change.part.0+0x93/0x450
[  388.022874][ T9463]  kvm_uevent_notify_change.part.0+0x93/0x450
[  388.022892][ T9463]  ? __pfx_kvm_vm_release+0x10/0x10
[  388.022906][ T9463]  kvm_put_kvm+0xe3/0xb00
[  388.022919][ T9463]  ? lockdep_hardirqs_on+0x7c/0x110
[  388.022936][ T9463]  ? _raw_spin_unlock_irq+0x2e/0x50
[  388.022953][ T9463]  ? __pfx_kvm_vm_release+0x10/0x10
[  388.022967][ T9463]  kvm_vm_release+0x3c/0x50
[  388.022981][ T9463]  __fput+0x402/0xb70
[  388.023002][ T9463]  fput_close_sync+0x118/0x260
[  388.023014][ T9463]  ? __pfx_fput_close_sync+0x10/0x10
[  388.023026][ T9463]  ? dnotify_flush+0x79/0x4c0
[  388.023043][ T9463]  __x64_sys_close+0x8b/0x120
[  388.023054][ T9463]  do_syscall_64+0xcd/0xf80
[  388.023072][ T9463]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.023087][ T9463] RIP: 0033:0x7f9195d8f749
[  388.023097][ T9463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.023108][ T9463] RSP: 002b:00007f9196cb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  388.023120][ T9463] RAX: ffffffffffffffda RBX: 00007f9195fe5fa0 RCX: 00007f9195d8f749
[  388.023128][ T9463] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  388.023134][ T9463] RBP: 00007f9196cb6090 R08: 0000000000000000 R09: 0000000000000000
[  388.023141][ T9463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.023148][ T9463] R13: 00007f9195fe6038 R14: 00007f9195fe5fa0 R15: 00007ffc0c814608
[  388.023163][ T9463]  </TASK>
[  388.278308][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.317043][ T9449] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  388.384798][   T30] audit: type=1400 audit(1765119809.818:516): avc:  denied  { write } for  pid=9465 comm="syz.3.877" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  389.174141][ T5941] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input8
[  389.242307][ T9449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  389.274161][ T9449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  389.790281][ T9478] netlink: 12 bytes leftover after parsing attributes in process `syz.1.879'.
[  390.174794][ T5934] usb 3-1: USB disconnect, device number 14
[  390.174790][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  390.189333][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  390.198305][    C0] ==================================================================
[  390.206366][    C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0
[  390.214193][    C0] Read of size 4 at addr ffff8880285ba05c by task syz.5.880/9480
[  390.221910][    C0] 
[  390.224223][    C0] CPU: 0 UID: 0 PID: 9480 Comm: syz.5.880 Not tainted syzkaller #0 PREEMPT(full) 
[  390.224254][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  390.224269][    C0] Call Trace:
[  390.224276][    C0]  <IRQ>
[  390.224285][    C0]  dump_stack_lvl+0x116/0x1f0
[  390.224327][    C0]  print_report+0xcd/0x630
[  390.224359][    C0]  ? __virt_addr_valid+0x81/0x610
[  390.224383][    C0]  ? __phys_addr+0xe8/0x180
[  390.224407][    C0]  ? do_raw_spin_lock+0x26f/0x2b0
[  390.224441][    C0]  kasan_report+0xe0/0x110
[  390.224473][    C0]  ? do_raw_spin_lock+0x26f/0x2b0
[  390.224511][    C0]  do_raw_spin_lock+0x26f/0x2b0
[  390.224546][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  390.224582][    C0]  ? kcov_remote_stop+0x1b0/0x590
[  390.224612][    C0]  _raw_spin_lock_irqsave+0x42/0x60
[  390.224647][    C0]  ? __wake_up+0x1c/0x60
[  390.224670][    C0]  __wake_up+0x1c/0x60
[  390.224695][    C0]  usb_anchor_resume_wakeups+0xc2/0xe0
[  390.224734][    C0]  __usb_hcd_giveback_urb+0x3d5/0x610
[  390.224769][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[  390.224804][    C0]  dummy_timer+0x1809/0x3ad0
[  390.224846][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  390.224883][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[  390.224924][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  390.224959][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[  390.224998][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[  390.225038][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  390.225079][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  390.225116][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  390.225157][    C0]  __hrtimer_run_queues+0x202/0xc40
[  390.225202][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  390.225242][    C0]  ? read_tsc+0x9/0x20
[  390.225283][    C0]  hrtimer_run_softirq+0x17d/0x350
[  390.225323][    C0]  handle_softirqs+0x219/0x950
[  390.225364][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  390.225405][    C0]  __irq_exit_rcu+0x109/0x170
[  390.225442][    C0]  irq_exit_rcu+0x9/0x30
[  390.225479][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  390.225516][    C0]  </IRQ>
[  390.225524][    C0]  <TASK>
[  390.225532][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  390.225561][    C0] RIP: 0010:__orc_find+0x3d/0xf0
[  390.225595][    C0] Code: 53 48 83 ec 08 85 d2 0f 84 99 00 00 00 49 89 fe 48 89 f0 49 39 fc 72 7b 48 b9 00 00 00 00 00 fc ff df 49 89 ff 48 89 fd eb 0c <48> 8d 6b 04 49 89 df 49 39 ec 72 4e 4c 89 e2 48 29 ea 48 89 d6 48
[  390.225620][    C0] RSP: 0018:ffffc90010c5f950 EFLAGS: 00000202
[  390.225640][    C0] RAX: ffffffff912ef4d2 RBX: ffffffff90a6afb4 RCX: dffffc0000000000
[  390.225658][    C0] RDX: ffffffff8228b037 RSI: 0000000000000000 RDI: ffffffff90a6afb0
[  390.225675][    C0] RBP: ffffffff90a6afb0 R08: ffffffff912ef532 R09: 00000000ffffffff
[  390.225692][    C0] R10: 0000000000000002 R11: 00000000000128b0 R12: ffffffff90a6afb8
[  390.225708][    C0] R13: ffffffff8228b04a R14: ffffffff90a6afb0 R15: ffffffff90a6afb0
[  390.225727][    C0]  ? kasan_save_free_info+0x3a/0x60
[  390.225769][    C0]  ? kasan_save_free_info+0x27/0x60
[  390.225814][    C0]  ? kasan_save_free_info+0x3a/0x60
[  390.225853][    C0]  unwind_next_frame+0x2ec/0x20a0
[  390.225887][    C0]  ? kasan_save_free_info+0x3b/0x60
[  390.225927][    C0]  ? arch_stack_walk+0xa6/0x100
[  390.225959][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  390.225990][    C0]  arch_stack_walk+0x94/0x100
[  390.226025][    C0]  ? kasan_save_free_info+0x3b/0x60
[  390.226066][    C0]  stack_trace_save+0x8e/0xc0
[  390.226096][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  390.226125][    C0]  ? __lock_acquire+0x436/0x2890
[  390.226160][    C0]  kasan_save_stack+0x33/0x60
[  390.226187][    C0]  ? kasan_save_stack+0x33/0x60
[  390.226215][    C0]  ? kasan_save_track+0x14/0x30
[  390.226241][    C0]  ? kasan_save_free_info+0x3b/0x60
[  390.226303][    C0]  kasan_save_track+0x14/0x30
[  390.226330][    C0]  kasan_save_free_info+0x3b/0x60
[  390.226369][    C0]  __kasan_slab_free+0x5f/0x80
[  390.226399][    C0]  kmem_cache_free+0x2d8/0x770
[  390.226427][    C0]  ? switch_task_namespaces+0x248/0x2b0
[  390.226472][    C0]  ? switch_task_namespaces+0x248/0x2b0
[  390.226512][    C0]  switch_task_namespaces+0x248/0x2b0
[  390.226553][    C0]  __do_sys_setns+0x637/0x1f90
[  390.226592][    C0]  ? __sys_socket+0xac/0x260
[  390.226615][    C0]  ? __x64_sys_openat+0x174/0x210
[  390.226639][    C0]  ? __pfx___do_sys_setns+0x10/0x10
[  390.226684][    C0]  do_syscall_64+0xcd/0xf80
[  390.226723][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.226748][    C0] RIP: 0033:0x7f9195d90f77
[  390.226766][    C0] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 34 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.226791][    C0] RSP: 002b:00007f9196cb5fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000134
[  390.226814][    C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9195d90f77
[  390.226830][    C0] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000003
[  390.226846][    C0] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
[  390.226861][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9196cb6668
[  390.226878][    C0] R13: 000000000000000e R14: 00007f9195fe5fa0 R15: 00007ffc0c814608
[  390.226902][    C0]  </TASK>
[  390.226910][    C0] 
[  390.727002][    C0] Allocated by task 5888:
[  390.731318][    C0]  kasan_save_stack+0x33/0x60
[  390.735993][    C0]  kasan_save_track+0x14/0x30
[  390.740665][    C0]  __kasan_kmalloc+0xaa/0xb0
[  390.745245][    C0]  xpad_probe+0x286/0x1ff0
[  390.749649][    C0]  usb_probe_interface+0x303/0xa80
[  390.754771][    C0]  really_probe+0x241/0xb20
[  390.759293][    C0]  __driver_probe_device+0x1de/0x470
[  390.764580][    C0]  driver_probe_device+0x4c/0x1b0
[  390.769609][    C0]  __device_attach_driver+0x1df/0x350
[  390.774985][    C0]  bus_for_each_drv+0x159/0x1e0
[  390.779859][    C0]  __device_attach+0x1e4/0x4e0
[  390.784621][    C0]  device_initial_probe+0xaa/0xc0
[  390.789646][    C0]  bus_probe_device+0x64/0x150
[  390.794402][    C0]  device_add+0x116e/0x1980
[  390.798910][    C0]  usb_set_configuration+0x1187/0x1e50
[  390.804360][    C0]  usb_generic_driver_probe+0xb1/0x110
[  390.809823][    C0]  usb_probe_device+0xef/0x400
[  390.814584][    C0]  really_probe+0x241/0xb20
[  390.819078][    C0]  __driver_probe_device+0x1de/0x470
[  390.824359][    C0]  driver_probe_device+0x4c/0x1b0
[  390.829373][    C0]  __device_attach_driver+0x1df/0x350
[  390.834744][    C0]  bus_for_each_drv+0x159/0x1e0
[  390.839601][    C0]  __device_attach+0x1e4/0x4e0
[  390.844357][    C0]  device_initial_probe+0xaa/0xc0
[  390.849376][    C0]  bus_probe_device+0x64/0x150
[  390.854154][    C0]  device_add+0x116e/0x1980
[  390.858650][    C0]  usb_new_device+0xd07/0x1a90
[  390.863416][    C0]  hub_event+0x313a/0x52f0
[  390.867822][    C0]  process_one_work+0x9ba/0x1b20
[  390.872757][    C0]  worker_thread+0x6c8/0xf10
[  390.877340][    C0]  kthread+0x3c5/0x780
[  390.881404][    C0]  ret_from_fork+0x983/0xb10
[  390.885984][    C0]  ret_from_fork_asm+0x1a/0x30
[  390.890750][    C0] 
[  390.893053][    C0] Freed by task 5934:
[  390.897012][    C0]  kasan_save_stack+0x33/0x60
[  390.901683][    C0]  kasan_save_track+0x14/0x30
[  390.906351][    C0]  kasan_save_free_info+0x3b/0x60
[  390.911377][    C0]  __kasan_slab_free+0x5f/0x80
[  390.916316][    C0]  kfree+0x2f8/0x6e0
[  390.920210][    C0]  xpad_disconnect+0x1cf/0x580
[  390.924963][    C0]  usb_unbind_interface+0x1dd/0x9e0
[  390.930156][    C0]  device_remove+0x125/0x170
[  390.934737][    C0]  device_release_driver_internal+0x44b/0x620
[  390.940802][    C0]  bus_remove_device+0x22f/0x450
[  390.945726][    C0]  device_del+0x396/0x9f0
[  390.950045][    C0]  usb_disable_device+0x355/0x820
[  390.955058][    C0]  usb_disconnect+0x2e1/0x9e0
[  390.959725][    C0]  hub_event+0x1d84/0x52f0
[  390.964134][    C0]  process_one_work+0x9ba/0x1b20
[  390.969069][    C0]  worker_thread+0x6c8/0xf10
[  390.973658][    C0]  kthread+0x3c5/0x780
[  390.977722][    C0]  ret_from_fork+0x983/0xb10
[  390.982305][    C0]  ret_from_fork_asm+0x1a/0x30
[  390.987070][    C0] 
[  390.989379][    C0] Last potentially related work creation:
[  390.995072][    C0]  kasan_save_stack+0x33/0x60
[  390.999747][    C0]  kasan_record_aux_stack+0xa7/0xc0
[  391.004960][    C0]  insert_work+0x36/0x230
[  391.009297][    C0]  __queue_work+0x94f/0x10e0
[  391.013882][    C0]  queue_work_on+0x15f/0x1f0
[  391.018467][    C0]  xpad_irq_in+0x1328/0x2b00
[  391.023046][    C0]  __usb_hcd_giveback_urb+0x38b/0x610
[  391.028418][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[  391.033612][    C0]  dummy_timer+0x1809/0x3ad0
[  391.038209][    C0]  __hrtimer_run_queues+0x202/0xc40
[  391.043412][    C0]  hrtimer_run_softirq+0x17d/0x350
[  391.048533][    C0]  handle_softirqs+0x219/0x950
[  391.053299][    C0]  __irq_exit_rcu+0x109/0x170
[  391.057975][    C0]  irq_exit_rcu+0x9/0x30
[  391.062217][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  391.067850][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  391.073821][    C0] 
[  391.076133][    C0] Second to last potentially related work creation:
[  391.082693][    C0]  kasan_save_stack+0x33/0x60
[  391.087363][    C0]  kasan_record_aux_stack+0xa7/0xc0
[  391.092563][    C0]  insert_work+0x36/0x230
[  391.096897][    C0]  __queue_work+0x94f/0x10e0
[  391.101485][    C0]  queue_work_on+0x15f/0x1f0
[  391.106078][    C0]  xpad_irq_in+0x1328/0x2b00
[  391.110662][    C0]  __usb_hcd_giveback_urb+0x38b/0x610
[  391.116031][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[  391.121223][    C0]  dummy_timer+0x1809/0x3ad0
[  391.125818][    C0]  __hrtimer_run_queues+0x202/0xc40
[  391.131021][    C0]  hrtimer_run_softirq+0x17d/0x350
[  391.136140][    C0]  handle_softirqs+0x219/0x950
[  391.140913][    C0]  __irq_exit_rcu+0x109/0x170
[  391.145592][    C0]  irq_exit_rcu+0x9/0x30
[  391.149842][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  391.155476][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  391.161452][    C0] 
[  391.163760][    C0] The buggy address belongs to the object at ffff8880285ba000
[  391.163760][    C0]  which belongs to the cache kmalloc-1k of size 1024
[  391.177799][    C0] The buggy address is located 92 bytes inside of
[  391.177799][    C0]  freed 1024-byte region [ffff8880285ba000, ffff8880285ba400)
[  391.191583][    C0] 
[  391.193891][    C0] The buggy address belongs to the physical page:
[  391.200288][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x285b8
[  391.209031][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  391.217519][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  391.225057][    C0] page_type: f5(slab)
[  391.229026][    C0] raw: 00fff00000000040 ffff88813ff26dc0 ffffea0001e9e000 dead000000000002
[  391.237598][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  391.246188][    C0] head: 00fff00000000040 ffff88813ff26dc0 ffffea0001e9e000 dead000000000002
[  391.254848][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  391.263510][    C0] head: 00fff00000000003 ffffea0000a16e01 00000000ffffffff 00000000ffffffff
[  391.272192][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  391.280843][    C0] page dumped because: kasan: bad access detected
[  391.287245][    C0] page_owner tracks the page as allocated
[  391.292938][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6010, tgid 6010 (kworker/u8:19), ts 91270429784, free_ts 90754273781
[  391.312295][    C0]  post_alloc_hook+0x1af/0x220
[  391.317070][    C0]  get_page_from_freelist+0xd0b/0x31a0
[  391.322520][    C0]  __alloc_frozen_pages_noprof+0x25f/0x2430
[  391.328400][    C0]  alloc_pages_mpol+0x1fb/0x550
[  391.333249][    C0]  new_slab+0x2c3/0x430
[  391.337405][    C0]  ___slab_alloc+0xe18/0x1c90
[  391.342084][    C0]  __slab_alloc.constprop.0+0x63/0x110
[  391.347556][    C0]  __kmalloc_noprof+0x4fc/0x910
[  391.352408][    C0]  ieee802_11_parse_elems_full+0x1db/0x3780
[  391.358300][    C0]  ieee80211_inform_bss+0x15a/0x1150
[  391.363580][    C0]  cfg80211_inform_single_bss_data+0x8e9/0x1d30
[  391.369824][    C0]  cfg80211_inform_bss_data+0x22b/0x3be0
[  391.375456][    C0]  cfg80211_inform_bss_frame_data+0x26f/0x720
[  391.381526][    C0]  ieee80211_bss_info_update+0x310/0xab0
[  391.387149][    C0]  ieee80211_ibss_rx_queued_mgmt+0x1927/0x2fc0
[  391.393296][    C0]  ieee80211_iface_work+0xe28/0x1350
[  391.398576][    C0] page last free pid 55 tgid 55 stack trace:
[  391.404536][    C0]  __free_frozen_pages+0x7df/0x1170
[  391.409737][    C0]  __put_partials+0x130/0x170
[  391.414424][    C0]  qlist_free_all+0x4c/0xf0
[  391.418915][    C0]  kasan_quarantine_reduce+0x195/0x1e0
[  391.424367][    C0]  __kasan_slab_alloc+0x69/0x90
[  391.429211][    C0]  __kmalloc_cache_noprof+0x282/0x800
[  391.434585][    C0]  usb_control_msg+0xbc/0x4a0
[  391.439266][    C0]  hub_ext_port_status+0x14e/0x670
[  391.444377][    C0]  hub_port_debounce+0x1a2/0x3f0
[  391.449303][    C0]  hub_event+0x37f7/0x52f0
[  391.453711][    C0]  process_one_work+0x9ba/0x1b20
[  391.458655][    C0]  worker_thread+0x6c8/0xf10
[  391.463245][    C0]  kthread+0x3c5/0x780
[  391.467304][    C0]  ret_from_fork+0x983/0xb10
[  391.471886][    C0]  ret_from_fork_asm+0x1a/0x30
[  391.476653][    C0] 
[  391.478956][    C0] Memory state around the buggy address:
[  391.484565][    C0]  ffff8880285b9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  391.492613][    C0]  ffff8880285b9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  391.500660][    C0] >ffff8880285ba000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  391.508702][    C0]                                                     ^
[  391.515619][    C0]  ffff8880285ba080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  391.523750][    C0]  ffff8880285ba100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  391.531794][    C0] ==================================================================
[  391.539837][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  391.547022][    C0] CPU: 0 UID: 0 PID: 9480 Comm: syz.5.880 Not tainted syzkaller #0 PREEMPT(full) 
[  391.556216][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  391.566260][    C0] Call Trace:
[  391.569521][    C0]  <IRQ>
[  391.572350][    C0]  dump_stack_lvl+0x3d/0x1f0
[  391.576952][    C0]  vpanic+0x640/0x6f0
[  391.580932][    C0]  panic+0xca/0xd0
[  391.584645][    C0]  ? __pfx_panic+0x10/0x10
[  391.589056][    C0]  ? end_report+0x4c/0x160
[  391.593482][    C0]  ? rcu_is_watching+0x12/0xc0
[  391.598235][    C0]  ? lock_release+0x201/0x2d0
[  391.602907][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  391.608017][    C0]  check_panic_on_warn+0xab/0xb0
[  391.612954][    C0]  end_report+0x107/0x160
[  391.617291][    C0]  kasan_report+0xee/0x110
[  391.621718][    C0]  ? do_raw_spin_lock+0x26f/0x2b0
[  391.626762][    C0]  do_raw_spin_lock+0x26f/0x2b0
[  391.631634][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  391.637027][    C0]  ? kcov_remote_stop+0x1b0/0x590
[  391.642057][    C0]  _raw_spin_lock_irqsave+0x42/0x60
[  391.647260][    C0]  ? __wake_up+0x1c/0x60
[  391.651493][    C0]  __wake_up+0x1c/0x60
[  391.655556][    C0]  usb_anchor_resume_wakeups+0xc2/0xe0
[  391.661026][    C0]  __usb_hcd_giveback_urb+0x3d5/0x610
[  391.666452][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[  391.671654][    C0]  dummy_timer+0x1809/0x3ad0
[  391.676254][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  391.681283][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[  391.686934][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  391.692742][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[  391.698378][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[  391.704362][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  391.709308][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  391.715130][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  391.720091][    C0]  __hrtimer_run_queues+0x202/0xc40
[  391.725309][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  391.731044][    C0]  ? read_tsc+0x9/0x20
[  391.735130][    C0]  hrtimer_run_softirq+0x17d/0x350
[  391.740256][    C0]  handle_softirqs+0x219/0x950
[  391.745035][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  391.750329][    C0]  __irq_exit_rcu+0x109/0x170
[  391.755014][    C0]  irq_exit_rcu+0x9/0x30
[  391.759270][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  391.764914][    C0]  </IRQ>
[  391.767837][    C0]  <TASK>
[  391.770772][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  391.776770][    C0] RIP: 0010:__orc_find+0x3d/0xf0
[  391.781735][    C0] Code: 53 48 83 ec 08 85 d2 0f 84 99 00 00 00 49 89 fe 48 89 f0 49 39 fc 72 7b 48 b9 00 00 00 00 00 fc ff df 49 89 ff 48 89 fd eb 0c <48> 8d 6b 04 49 89 df 49 39 ec 72 4e 4c 89 e2 48 29 ea 48 89 d6 48
[  391.801355][    C0] RSP: 0018:ffffc90010c5f950 EFLAGS: 00000202
[  391.807421][    C0] RAX: ffffffff912ef4d2 RBX: ffffffff90a6afb4 RCX: dffffc0000000000
[  391.815388][    C0] RDX: ffffffff8228b037 RSI: 0000000000000000 RDI: ffffffff90a6afb0
[  391.823363][    C0] RBP: ffffffff90a6afb0 R08: ffffffff912ef532 R09: 00000000ffffffff
[  391.831338][    C0] R10: 0000000000000002 R11: 00000000000128b0 R12: ffffffff90a6afb8
[  391.839303][    C0] R13: ffffffff8228b04a R14: ffffffff90a6afb0 R15: ffffffff90a6afb0
[  391.847324][    C0]  ? kasan_save_free_info+0x3a/0x60
[  391.852540][    C0]  ? kasan_save_free_info+0x27/0x60
[  391.857753][    C0]  ? kasan_save_free_info+0x3a/0x60
[  391.862963][    C0]  unwind_next_frame+0x2ec/0x20a0
[  391.867992][    C0]  ? kasan_save_free_info+0x3b/0x60
[  391.873210][    C0]  ? arch_stack_walk+0xa6/0x100
[  391.878093][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  391.884263][    C0]  arch_stack_walk+0x94/0x100
[  391.888959][    C0]  ? kasan_save_free_info+0x3b/0x60
[  391.894176][    C0]  stack_trace_save+0x8e/0xc0
[  391.898854][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  391.904228][    C0]  ? __lock_acquire+0x436/0x2890
[  391.909165][    C0]  kasan_save_stack+0x33/0x60
[  391.913840][    C0]  ? kasan_save_stack+0x33/0x60
[  391.918699][    C0]  ? kasan_save_track+0x14/0x30
[  391.923548][    C0]  ? kasan_save_free_info+0x3b/0x60
[  391.928778][    C0]  kasan_save_track+0x14/0x30
[  391.933452][    C0]  kasan_save_free_info+0x3b/0x60
[  391.938484][    C0]  __kasan_slab_free+0x5f/0x80
[  391.943244][    C0]  kmem_cache_free+0x2d8/0x770
[  391.948004][    C0]  ? switch_task_namespaces+0x248/0x2b0
[  391.953569][    C0]  ? switch_task_namespaces+0x248/0x2b0
[  391.959127][    C0]  switch_task_namespaces+0x248/0x2b0
[  391.964507][    C0]  __do_sys_setns+0x637/0x1f90
[  391.969280][    C0]  ? __sys_socket+0xac/0x260
[  391.973859][    C0]  ? __x64_sys_openat+0x174/0x210
[  391.978876][    C0]  ? __pfx___do_sys_setns+0x10/0x10
[  391.984088][    C0]  do_syscall_64+0xcd/0xf80
[  391.988596][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.994480][    C0] RIP: 0033:0x7f9195d90f77
[  391.998883][    C0] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 34 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.018485][    C0] RSP: 002b:00007f9196cb5fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000134
[  392.026898][    C0] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9195d90f77
[  392.034857][    C0] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000003
[  392.042813][    C0] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
[  392.050771][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9196cb6668
[  392.058730][    C0] R13: 000000000000000e R14: 00007f9195fe5fa0 R15: 00007ffc0c814608
[  392.066697][    C0]  </TASK>
[  392.070029][    C0] Kernel Offset: disabled
[  392.074337][    C0] Rebooting in 86400 seconds..