last executing test programs:

2m53.058133611s ago: executing program 2 (id=1131):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x6, 0x1c, 0x67, 0x0, 0x0, 0x2, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x22, 0x0, 0x0, @empty}}}}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
socket(0x1e, 0x2, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000280)='kfree\x00'}, 0x18)
sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000001c0)={0x2, 0x4e22, @rand_addr=0x64010102}, 0x10, 0x0, 0x0, &(0x7f0000000540)=[@ip_retopts={{0x14, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0x3e}]}}}], 0x18}}], 0x1, 0x4004000)
getdents(r3, &(0x7f0000001fc0)=""/184, 0x20002078)
socket$unix(0x1, 0x1, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

2m49.921400605s ago: executing program 2 (id=1139):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ffffffff850000002d000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xd4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10)
mkdir(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x1, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
open(&(0x7f0000000000)='./bus\x00', 0x14927c, 0x0)

2m49.274603031s ago: executing program 2 (id=1143):
r0 = socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
bind$inet(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r4, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRESDEC=r0, @ANYRES32=r2], 0x50)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000340)={'bridge_slave_0\x00', 0x4088})
write(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="310300000000000008001b0000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000229bd7000fbdbdf250c00000008000300", @ANYRES32, @ANYBLOB="0c0600000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x4000054}, 0x1)

2m46.502518887s ago: executing program 2 (id=1148):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={0x0}, 0x18)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000001340)={{0x0, 0x1, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@deltfilter={0x24, 0x2d, 0x300, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x10, 0x3}, {0xf, 0xffff}, {0x4, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c014}, 0x20044000)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'syztnl2\x00', &(0x7f0000000680)={'syztnl2\x00', 0x0, 0x20, 0x700, 0x100, 0x10000, {{0x1f, 0x4, 0x0, 0x6, 0x7c, 0x64, 0x0, 0x1, 0x2f, 0x0, @multicast2, @loopback, {[@timestamp={0x44, 0x8, 0x86, 0x0, 0x4, [0x93]}, @cipso={0x86, 0x28, 0xfffffffffffffffd, [{0x7, 0xe, "6e58c72c24328eea30cecdc1"}, {0x4, 0x2}, {0x1, 0x7, "cf53188697"}, {0x7, 0x7, "f4f5e7ddce"}, {0x7, 0x4, "a171"}]}, @timestamp={0x44, 0x2c, 0xf7, 0x0, 0x6, [0x3, 0x6, 0x6, 0x6, 0x101, 0x3ff, 0x40ed6c25, 0x6, 0x2, 0x6a]}, @cipso={0x86, 0xa, 0x1, [{0x1, 0x4, "8f62"}]}]}}}}})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000400), &(0x7f0000000440)=0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000080000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c00000000000000000000000000000000000000000000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendto$inet6(r3, &(0x7f0000000040)="6fa251480fbaa175310dfc8f0f9c0df526ec442f4f75883c9c116c31ed38b76fff9c4b114201fc85af1927d421febfe067622c46ba5b64c6ea024e82a74a85bbcf7d3b17fb6bed1390cef4a9190389547781f6fa64a5ac28084dd9e675e462c686fb7fbf1314cf9984779f7eba03d64ab361d1bfd4aca04a66189548e3c8149fb6", 0x81, 0x51, &(0x7f0000000000)={0xa, 0x3, 0x1, @dev={0xfe, 0x80, '\x00', 0x17}, 0x9}, 0x1c)

2m45.030593656s ago: executing program 2 (id=1153):
r0 = socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r4, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYRESDEC=r0, @ANYRES32=r2], 0x50)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0x4, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]})
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000340)={'bridge_slave_0\x00', 0x4088})
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r6, &(0x7f0000000e00), 0x12)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="310300000000000008001b0000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="000229bd7000fbdbdf250c00000008000300", @ANYRES32, @ANYBLOB="0c0600000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x4000054}, 0x1)

2m43.994253756s ago: executing program 2 (id=1155):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000200)=ANY=[@ANYBLOB="48574855c9f69eff1f7cdbba643a3b6b8f982a", @ANYRES16=0x0, @ANYBLOB="000827bd7000fcdbdf258900000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x4)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x110, 0xffffffffffffffff, 0x1000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r1, @ANYBLOB="02002dbd7000fddfdf2504f1492ab5255b1a4f0000000800020003000000080004000800000014000180060005004e220000060001000a00000005000500060000004c00068014000400fe80000000000000000000000000002708000300ac1414aaeaccb78d15b014000400ff020000000000000000000000000001080006001200000008000300e00000020800060001000000"], 0x8c}, 0x1, 0x0, 0x0, 0x40000}, 0x20004058)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
r2 = syz_open_dev$admmidi(&(0x7f0000000000), 0x9, 0x80)
syncfs(r2)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup(0x2e34, &(0x7f0000000180))
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc084}, 0x24000080)
creat(&(0x7f0000000240)='./file0\x00', 0x30)
pipe2$9p(&(0x7f0000001900)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x170)
r8 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$UHID_INPUT(r8, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71d00000c639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8605d72bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54dfe17e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b00", 0x1000}}, 0xffffff04)
umount2(&(0x7f0000000540)='.\x00', 0x2)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x2000000000000022, 0x0, 0x0)

2m28.94837199s ago: executing program 32 (id=1155):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000200)=ANY=[@ANYBLOB="48574855c9f69eff1f7cdbba643a3b6b8f982a", @ANYRES16=0x0, @ANYBLOB="000827bd7000fcdbdf258900000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x4)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x110, 0xffffffffffffffff, 0x1000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r1, @ANYBLOB="02002dbd7000fddfdf2504f1492ab5255b1a4f0000000800020003000000080004000800000014000180060005004e220000060001000a00000005000500060000004c00068014000400fe80000000000000000000000000002708000300ac1414aaeaccb78d15b014000400ff020000000000000000000000000001080006001200000008000300e00000020800060001000000"], 0x8c}, 0x1, 0x0, 0x0, 0x40000}, 0x20004058)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
r2 = syz_open_dev$admmidi(&(0x7f0000000000), 0x9, 0x80)
syncfs(r2)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
io_uring_setup(0x2e34, &(0x7f0000000180))
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc084}, 0x24000080)
creat(&(0x7f0000000240)='./file0\x00', 0x30)
pipe2$9p(&(0x7f0000001900)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x170)
r8 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$UHID_INPUT(r8, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71d00000c639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8605d72bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54dfe17e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b00", 0x1000}}, 0xffffff04)
umount2(&(0x7f0000000540)='.\x00', 0x2)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x2000000000000022, 0x0, 0x0)

2m25.972282628s ago: executing program 1 (id=1202):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={0x0}, 0x18)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000001340)={{0x0, 0x1, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@deltfilter={0x24, 0x2d, 0x300, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x10, 0x3}, {0xf, 0xffff}, {0x4, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c014}, 0x20044000)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'syztnl2\x00', &(0x7f0000000680)={'syztnl2\x00', 0x0, 0x20, 0x700, 0x100, 0x10000, {{0x1d, 0x4, 0x0, 0x6, 0x74, 0x64, 0x0, 0x1, 0x2f, 0x0, @multicast2, @loopback, {[@timestamp={0x44, 0x8, 0x86, 0x0, 0x4, [0x93]}, @cipso={0x86, 0x22, 0xfffffffffffffffd, [{0x7, 0xe, "6e58c72c24328eea30cecdc1"}, {0x4, 0x2}, {0x7, 0x8, "f4f5e7ddcedc"}, {0x7, 0x4, "a171"}]}, @timestamp={0x44, 0x2c, 0xf7, 0x0, 0x6, [0x3, 0x6, 0x6, 0x6, 0x101, 0x3ff, 0x40ed6c25, 0x6, 0x2, 0x6a]}, @cipso={0x86, 0xa, 0x1, [{0x1, 0x4, "8f62"}]}]}}}}})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000400), &(0x7f0000000440)=0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000080000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c00000000000000000000000000000000000000000000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendto$inet6(r3, &(0x7f0000000040)="6fa251480fbaa175310dfc8f0f9c0df526ec442f4f75883c9c116c31ed38b76fff9c4b114201fc85af1927d421febfe067622c46ba5b64c6ea024e82a74a85bbcf7d3b17fb6bed1390cef4a9190389547781f6fa64a5ac28084dd9e675e462c686fb7fbf1314cf9984779f7eba03d64ab361d1bfd4aca04a66189548e3c8149fb6", 0x81, 0x51, &(0x7f0000000000)={0xa, 0x3, 0x1, @dev={0xfe, 0x80, '\x00', 0x17}, 0x9}, 0x1c)

2m24.950848412s ago: executing program 1 (id=1205):
syz_open_dev$tty1(0xc, 0x4, 0x2)
socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = fcntl$getown(r1, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000406e05fb0000000000000109022d00010000600009040000020300020009210200020122070009058103"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x7, {[@global=@item_012={0x2, 0x1, 0x8, "1b56"}, @main=@item_012={0x2, 0x0, 0xa, "57e7"}, @main=@item_012={0x0, 0x0, 0x4}]}}, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
chdir(&(0x7f0000000480)='./cgroup\x00')
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r6, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}, 0x0)
sendmsg$rds(r6, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
getsockopt$TIPC_CONN_TIMEOUT(r7, 0x10f, 0x82, &(0x7f0000000640), &(0x7f0000000680)=0x4)
r8 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x73, 0x86, 0x40, 0x20, 0xc72, 0x14, 0x39ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0xa, [{{0x9, 0x4, 0x1d, 0xf3, 0x0, 0x71, 0x6c, 0x75}}]}}]}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a44000000060a0b0400000000000000000a00000018000480140001800b0001006e756d67656e0000040002800900010073797a30000000000900020073797a00000000000000000a0000000000000000000000000000000048230ace"], 0x6c}}, 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000380)={0x84, &(0x7f0000000000)={0x0, 0x8, 0x3, '\x00\x00\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
unlinkat(r5, &(0x7f00000000c0)='./control\x00', 0x200)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000240)={0x1, 'ip6tnl0\x00', 0x3}, 0x18)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04040a00e0ffffff0f77042482"], 0xd)

2m21.327467982s ago: executing program 1 (id=1213):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffa89)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
socket$pppl2tp(0x18, 0x1, 0x1)
getpid()
getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, 0x0, &(0x7f0000000400))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fcntl$notify(r3, 0x402, 0x80000000)
ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

2m15.946166498s ago: executing program 1 (id=1229):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x20000010)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x66, 0x903, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {0x1, 0xfff1}, {0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

2m15.69663459s ago: executing program 1 (id=1232):
setrlimit(0x8, &(0x7f0000000080))
mlockall(0x2)

2m14.630607156s ago: executing program 1 (id=1233):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ftruncate(r0, 0x9)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
lseek(r3, 0x1000000000931f, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"})
r4 = socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r4, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r6}, 0x80, &(0x7f00000004c0)}}], 0x1, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r8, r7, &(0x7f00000000c0)=0x58, 0x5)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r9, 0x29, 0x37, &(0x7f0000000280)=ANY=[], 0x8)
setsockopt$inet6_IPV6_DSTOPTS(r9, 0x29, 0x3b, 0x0, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000007f5a9bb6aeab210b000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r10}, 0x10)
getpid()

1m59.426591573s ago: executing program 33 (id=1233):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ftruncate(r0, 0x9)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
lseek(r3, 0x1000000000931f, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"})
r4 = socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r4, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r6}, 0x80, &(0x7f00000004c0)}}], 0x1, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r8, r7, &(0x7f00000000c0)=0x58, 0x5)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r9, 0x29, 0x37, &(0x7f0000000280)=ANY=[], 0x8)
setsockopt$inet6_IPV6_DSTOPTS(r9, 0x29, 0x3b, 0x0, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000007f5a9bb6aeab210b000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r10}, 0x10)
getpid()

8.805306129s ago: executing program 3 (id=1599):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0xc0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000ffffffff180800002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000400008500000004000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={0x0}}, 0x44885)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, 0x0, 0xc0042, 0x1fe)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r3 = socket(0x2, 0x2, 0x1)
bind$unix(r3, &(0x7f0000000000)=@abs, 0x6e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574"], 0x38}}, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r3, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r5, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4081}, 0x800)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
sendfile(r2, r2, &(0x7f0000000080)=0x1, 0x4)
r6 = gettid()
process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @multicast1, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)

8.753188366s ago: executing program 6 (id=1600):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x21, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
syz_open_dev$cec(0x0, 0x0, 0xd2ec0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fallocate(0xffffffffffffffff, 0xa, 0x44, 0x3e8a)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x2b, 0x80801, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000000020301040000000000000000000000100800010001"], 0x1c}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000020301040000000000000000000040200800010001"], 0x1c}}, 0x0)
close(0x4)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r3 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r4 = fanotify_init(0xf00, 0x1)
fanotify_mark(r4, 0x105, 0x40009975, r3, 0x0)

8.048460405s ago: executing program 3 (id=1601):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x6, 0x1c, 0x67, 0x0, 0x0, 0x2, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x22, 0x0, 0x0, @empty}}}}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000280)='kfree\x00', r5}, 0x18)
sendmmsg$inet(r4, &(0x7f00000010c0)=[{{&(0x7f00000001c0)={0x2, 0x4e22, @rand_addr=0x64010102}, 0x10, 0x0, 0x0, &(0x7f0000000540)=[@ip_retopts={{0x14, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0x3e}]}}}], 0x18}}], 0x1, 0x4004000)
getdents(r3, &(0x7f0000001fc0)=""/184, 0x20002078)

7.976455071s ago: executing program 6 (id=1603):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
removexattr(0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x4)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r2, 0x0, 0x1, &(0x7f0000000000)=""/50, &(0x7f0000000040)=0x32)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000380)={0x6, 0x8000, 0x1, 0xd, 0xfffffffe, 0xfdfffffa})
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/udp6\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xd5)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
writev(r3, &(0x7f0000000180)=[{&(0x7f0000000480)="37f63e5f5722595eb776aff6a95acbcc6a4619291ad0015153974d666e527940b2f92313bfde4f259fa911e4b41bf5f1bd550a274c1d560d8176570d8484bea671c97d28140fdf6a3e079699d92ea66ab3fddee05755067469a1df8140cb91c6348a2b01369fabe1ad6099e2a9218db01082948aef0c906a7dfe2119375edf18aa103a61450e85a4817618a91a9d1e88bbf3801dd1db5f1b3edc56de884d40a8b71dff71ef8913b56bc912e4556c6528e535c670f88c4ad62dcbcf08c4669189ee1df56c36956c321a1c70ba122eb05d2ff854d24333f846e59b1a618ebe1ea17bea339ae31491d837cad816e0bb", 0xee}, {&(0x7f0000000580)="4794a67ab6dd1c8a88c902c9f5ffd088dd8b16bff55e76cd9919be8555dd0f374b8991a5df0f850dabb4991918089c9cc93848c1a1bed573faf044b684159cd4bd2d92d89b0ae98991e07096066f9a51a167ef1e7d7520a688d841fa28d9c3963382caaa8b2070b399204af0203dfb569084a93ae4169a3dc67511026de9", 0x7e}, {&(0x7f0000000080)="d1c0f890a9addb2420e9080b4fb3518c60f19789a9e1f3", 0x17}, {&(0x7f0000000640)="cc3815f0348476fc0c79b44d1020a9f42f4ab3a7025ed63e392f20c06fcf22247b1d3c6487754f114e238182bcabdab28389878c362c48b40cf5205f66d45bd4561d2994ea8a5eea7ea5d4e86b318b59bf", 0x51}], 0x4)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0x11)

7.429828997s ago: executing program 6 (id=1604):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r2, &(0x7f0000000600)=[{{&(0x7f0000000140)=@nfc_llcp, 0x80, &(0x7f0000000780)=[{0x0}, {&(0x7f0000000280)=""/122, 0x7a}, {&(0x7f0000000400)=""/165, 0xa5}, {&(0x7f00000004c0)=""/142, 0x8e}, {&(0x7f0000000640)=""/70, 0x46}, {&(0x7f00000006c0)=""/179, 0xb3}], 0x6, &(0x7f0000000580)=""/70, 0x46}}], 0x1, 0x2, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
sendto$inet(r3, &(0x7f0000000800)="51dd51d305fc0d7bfd0536879523d264696d45ac8a413eb42c6b51484e7d492c8c842d1355ccd79c3432d3043c40b69efaa7d004ab0464876eda73c163be6f35ea15dc2ab7a22ecad9f392aed9a1e587657329c86621080c8404578ce847a90af600142e034b01a67a0b18236987f53ddb16ee307a42e5054fd10114ef329ebb30a76ce7a29df7e145a7555f6a6f257a0d113c5e656616a85a9af538c0483f23735c97fb2d2295a6de22ea8dda5a5ca3230bfa46110c5595fbf14445557add6e2d001eca901ddb802b409a49bcd4ddf0bfb810fc5ebcbb0f3ae1e600f3adce83eec30ad0237d0eea146904dc4b65aefd5612f71e1102bc9ecfb2ff0d50cd", 0xfe, 0x2000, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
sendfile(r1, r3, &(0x7f0000000080)=0xfffffffffffffffb, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xe}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)

7.089474196s ago: executing program 3 (id=1605):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket(0x1d, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="3c34000000000000040100c910fc02000000000000000000000000000107", @ANYRES32=r0], 0x1b0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, 0x0, 0x0)

6.537613272s ago: executing program 6 (id=1607):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000040)=0x1c)
setsockopt$inet6_int(r1, 0x29, 0x17, &(0x7f00000000c0)=0x639a, 0x4)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
socket(0x200000100000011, 0x3, 0x7fffffff)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000001080)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f00000001c0)={r6, 0x101, 0x10}, 0xc)
pipe(&(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$inet_udp(0x2, 0x2, 0x0)
close(r9)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04", 0x13}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
write$binfmt_misc(r8, &(0x7f0000000000), 0xfffffecc)
splice(r7, 0x0, r9, 0x0, 0x4ffe6, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="640000000206056fd30000000000000000000000140007800800114000000000050015000c0000000500010006000000050005000200000005000400000000000900020073797a300000000016000300686173683a6e65742c706f72742c6e6574"], 0x64}}, 0x0)

6.5346526s ago: executing program 3 (id=1608):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0)
mq_getsetattr(0xffffffffffffffff, 0x0, &(0x7f0000000380)) (async)
mq_getsetattr(0xffffffffffffffff, 0x0, &(0x7f0000000380))
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000240)={0x3, 0x2}) (async)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000240)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x12, &(0x7f0000000a00)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @jmp={0x5, 0x1, 0x3, 0x2, 0x0, 0x10, 0xffffffffffffffff}, @map_idx_val={0x18, 0xd, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0xfffffff9}, @map_fd={0x18, 0x3, 0x1, 0x0, r3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}}], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
syz_open_dev$video4linux(&(0x7f0000000000), 0x6, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={r2, <r5=>0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffc000/0x2000)=nil, 0x1, 0x3, 0xa5})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000640)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000580)={&(0x7f0000000180)=[r7], 0x1, r5, r6, 0x3, 0x0, 0xffffffff, 0x804, {0xac7c, 0x1, 0x7, 0x69, 0xf4b, 0x2, 0x2, 0x40, 0x412f, 0xe154, 0x1000, 0x7, 0xb2bf, 0x3, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})

6.431764583s ago: executing program 4 (id=1609):
pipe(&(0x7f00000001c0))
syz_open_procfs$userns(0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
gettid()
bind$inet(0xffffffffffffffff, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x44, 0x485, 0x0, 0x0)

6.341014501s ago: executing program 3 (id=1610):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "4070f43f"}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000080)={0x20, 0xb, 0xb8, {0xb8, 0x24, "595ae35e4ba3b08dfb2f2d505bf3e281701d547a5f19d996acb9bd84cc4ccf77511e935bbdb0cb6eb31cc22d62ce59a80e1f30cb8155e923bd8d05d854eb1a8a08c7befe9783db0ccca6d5d03e1adeba2b9d3d3ae4d40624444e3a88706e6e0b71c817aa61e6cb2bbbf083281e9fc81ab70399539107f4c6ee959c190e29c69efe63e070f4daffe865ccce4cd3857cf0d41011d3d5757b9c1f34fee5c48b1d8ef7f97bae64f68783aa07b0a0d98255e323fe9953ee34"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x445}}, &(0x7f0000000180)={0x0, 0x22, 0xc, {[@main=@item_012={0x1, 0x0, 0x9, 'H'}, @main=@item_4={0x3, 0x0, 0xb, "ed601ba4"}, @global=@item_4={0x3, 0x1, 0x0, "ce58153e"}]}}, &(0x7f00000001c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0xd5, 0x18, 0x1, {0x22, 0xc12}}}}, &(0x7f0000000580)={0x2c, &(0x7f0000000300)={0x20, 0x17, 0xf5, "6da6d166c9063f90e1e404936773db98b82f0025b1ff1cc8ce6d727c9dba8a907342036564b5aa2e8c9ebcb5397df9a391cfd011a8ffa88103d078a055a822af09f093ef5aa8ab4e7fbd9944ce7b82dca0ecd858ce59503e1754ba7dd5d4f2e61fc08bbf324bf27f8c29bb8c836b0b1bc31988750422b95961cbdc3002fb5678aeb148bc3aaf2125709e3ab19daa72cb9c9a5ac38aaa6469b1a683d0ca6ae1f76eeaf059fd9ac04c1480165577c731e2415f7837f3b01c2f5a82590d93dc56f15e575411b91a100b4e7048b16b9d42d65921d39c3fb0e99f3d06c274f43a769785c717931d017a3988a84a07a042b016eac9f42185"}, &(0x7f0000000280)={0x0, 0xa, 0x1}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000440)={0x20, 0x1, 0x5c, "3e1a0191c622c4c4e5d185a1de14d194fc05f7730786b3ad72e603a12cc58b8b65bd325d0ba761b6076c042edcfa645b2b65ff1228d93508119016402fb7ad4f95b0bbc3b335a097527bbac1b104ec4a3d07f6f12f4a9474fccbdecf"}, &(0x7f00000004c0)={0x20, 0x3, 0x1}})
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7})

5.877349415s ago: executing program 5 (id=1611):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0xc0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000ffffffff180800002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000400008500000004000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={0x0}}, 0x44885)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, 0x0, 0xc0042, 0x1fe)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r3 = socket(0x2, 0x2, 0x1)
bind$unix(r3, &(0x7f0000000000)=@abs, 0x6e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574"], 0x38}}, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r3, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r5, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4081}, 0x800)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
sendfile(r2, r2, &(0x7f0000000080)=0x1, 0x4)
r6 = gettid()
process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @multicast1, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)

5.771820539s ago: executing program 4 (id=1612):
socket(0x10, 0x803, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="3c34000000000000040100c910fc02000000000000000000000000000107"], 0x1b0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0)

5.354366814s ago: executing program 6 (id=1613):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$tun(0xffffffffffffff9c, 0x0, 0x4080, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='devices.list\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
creat(&(0x7f0000000080)='./file0\x00', 0xc7)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', <r3=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x8, r3}, 0x10)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

5.314016588s ago: executing program 4 (id=1614):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
removexattr(0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x4)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r2, 0x0, 0x1, &(0x7f0000000000)=""/50, &(0x7f0000000040)=0x32)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000380)={0x6, 0x8000, 0x1, 0xd, 0xfffffffe, 0xfdfffffa})
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/udp6\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xd5)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
writev(r3, &(0x7f0000000180)=[{&(0x7f0000000480)="37f63e5f5722595eb776aff6a95acbcc6a4619291ad0015153974d666e527940b2f92313bfde4f259fa911e4b41bf5f1bd550a274c1d560d8176570d8484bea671c97d28140fdf6a3e079699d92ea66ab3fddee05755067469a1df8140cb91c6348a2b01369fabe1ad6099e2a9218db01082948aef0c906a7dfe2119375edf18aa103a61450e85a4817618a91a9d1e88bbf3801dd1db5f1b3edc56de884d40a8b71dff71ef8913b56bc912e4556c6528e535c670f88c4ad62dcbcf08c4669189ee1df56c36956c321a1c70ba122eb05d2ff854d24333f846e59b1a618ebe1ea17bea339ae31491d837cad816e0bb", 0xee}, {&(0x7f0000000580)="4794a67ab6dd1c8a88c902c9f5ffd088dd8b16bff55e76cd9919be8555dd0f374b8991a5df0f850dabb4991918089c9cc93848c1a1bed573faf044b684159cd4bd2d92d89b0ae98991e07096066f9a51a167ef1e7d7520a688d841fa28d9c3963382caaa8b2070b399204af0203dfb569084a93ae4169a3dc67511026de9", 0x7e}, {&(0x7f0000000080)="d1c0f890a9addb2420e9080b4fb3518c60f19789a9e1f3", 0x17}, {&(0x7f0000000640)="cc3815f0348476fc0c79b44d1020a9f42f4ab3a7025ed63e392f20c06fcf22247b1d3c6487754f114e238182bcabdab28389878c362c48b40cf5205f66d45bd4561d2994ea8a5eea7ea5d4e86b318b59bf", 0x51}], 0x4)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0x11)

5.286779079s ago: executing program 5 (id=1615):
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota')
chdir(&(0x7f0000000100)='./file1\x00')
r0 = open(&(0x7f0000000080)='./bus\x00', 0x4001410c2, 0x766c618eb221465a)
quotactl_fd$Q_SETINFO(r0, 0xffffffff80000601, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffffc, 0x0, 0x5})
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x881, &(0x7f0000000280)={0x0, 0xe7aa, 0x100, 0x1, 0xffffffff}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000500)={0x0, 0xfffd}, 0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x7d, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newtaction={0x138, 0x30, 0x1, 0x0, 0x0, {}, [{0x124, 0x1, [@m_bpf={0xd8, 0x3, 0x0, 0x0, {{0x8}, {0x6c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x9, 0x9, 0x8, 0x7, 0x285a}}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x2}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x10001, 0x5, 0xffffffffffffffff, 0x6, 0x81}}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file1\x00'}, @TCA_ACT_BPF_OPS={0x24, 0x4, [{0x4, 0x10, 0x6, 0xce}, {0x1, 0x6, 0xf7, 0x80}, {0x3ff, 0x1, 0x3, 0x3000000}, {0x3, 0x8, 0x1, 0x8}]}]}, {0x48, 0x6, "c62cd4c8fce72e3a288d0e0f210968ae7a4d5cd9b8deaa0dd1bdede48a9f0b4575a0716bdcf085954bea8e7af06e5c9e116b1fe7b4987dcfa41e62aae5fce6a88f2acccf"}, {0xc}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4000, 0x0, 0x0, 0x7fffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)

4.429310431s ago: executing program 4 (id=1616):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200000300000000000086dd63269fe000283a1721010000000000000000000000000001fe8000"/52], 0x0) (fail_nth: 4)

3.587451348s ago: executing program 6 (id=1618):
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b100c00000000000109022d0001000060000904008002030000000921060400012205000905810320000908070905020340"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
read$FUSE(0xffffffffffffffff, &(0x7f000000c1c0)={0x2020}, 0x2020)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000080000000804"], 0x0, 0x0, 0x0, 0x0}, 0x0)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f00000003c0)={0x0, 0xfff})
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
fchown(r1, 0x0, 0xee01)
syz_usb_ep_write(r0, 0x81, 0xe, &(0x7f0000000080)="3ed1b368b9d7fd42ac5cf9181c6d")
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0300"/20, @ANYRES64=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000f00850000000c000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r3}, 0x20)
r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mlockall(0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r5, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x9, [@typedef, @typedef={0x8, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x61, 0x30, 0x61, 0x0, 0x30, 0x2e, 0x61]}}, &(0x7f00000006c0)=""/161, 0x39, 0xa1, 0x1, 0x3, 0x10000, @value=r5}, 0x28)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r4}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

3.507717571s ago: executing program 4 (id=1619):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000407d1e9c31000000000001090224000100000000090400002103000000092100000001220700090581030000"], 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x220000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0100000004000000080000000c"], 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f"], 0x0}, 0x94)
add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc", 0x1, 0xfffffffffffffffe)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$inet(0x2, 0x2, 0x1)
shutdown(r4, 0x0)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x3, 0xffffffffffffffff, &(0x7f0000000300))
recvmmsg(r4, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0xff, 0x0, 0x40, 0x200002000001, 0x0, 0x2004c8, 0x5c, 0x0, 0x68ff, 0x5, 0x7fff, 0xffffffffffffffff, 0x400000000, 0x1], 0x1000, 0x400})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.371975703s ago: executing program 5 (id=1620):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket(0x1d, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="3c34000000000000040100c910fc02000000000000000000000000000107", @ANYRES32=r0], 0x1b0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, 0x0, 0x0)

2.830263469s ago: executing program 5 (id=1621):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603)
ioctl$I2C_RDWR(r1, 0x107, 0x0)

2.641058915s ago: executing program 0 (id=1622):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0xfffa, @empty}, 0x10)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
socket(0x29, 0x6, 0xfffffff8)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
bind$tipc(r2, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r4, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x1004)

2.182761924s ago: executing program 3 (id=1623):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000100), 0x10000, 0x0)
ioctl$TCSETS(r1, 0x89f2, &(0x7f0000000140)={0x400000, 0x0, 0x0, 0x7ff, 0x0, "5dee0000005940000000000f00"})
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r3, 0x80284504, &(0x7f0000000040)=""/185)

1.632236009s ago: executing program 0 (id=1624):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101001, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'comedi_bond\x00', [0x3, 0x80008000, 0x9, 0x2, 0x0, 0x0, 0x1, 0xf, 0xffe, 0x1, 0x7, 0x1, 0x1006, 0x4, 0xffff, 0xffff, 0xffffffa8, 0x40000009, 0xa00000, 0x3, 0x3ff, 0x10000, 0x8, 0xe2df, 0x2, 0x8, 0x5, 0x3, 0x7, 0x4, 0x8045]})

1.464943464s ago: executing program 0 (id=1625):
socket(0x10, 0x803, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000300)=ANY=[], 0x1b0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0)

1.401348476s ago: executing program 0 (id=1626):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
removexattr(0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x4)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r2, 0x0, 0x1, &(0x7f0000000000)=""/50, &(0x7f0000000040)=0x32)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000380)={0x6, 0x8000, 0x1, 0xd, 0xfffffffe, 0xfdfffffa})
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/udp6\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xd5)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
writev(r3, &(0x7f0000000180)=[{&(0x7f0000000480)="37f63e5f5722595eb776aff6a95acbcc6a4619291ad0015153974d666e527940b2f92313bfde4f259fa911e4b41bf5f1bd550a274c1d560d8176570d8484bea671c97d28140fdf6a3e079699d92ea66ab3fddee05755067469a1df8140cb91c6348a2b01369fabe1ad6099e2a9218db01082948aef0c906a7dfe2119375edf18aa103a61450e85a4817618a91a9d1e88bbf3801dd1db5f1b3edc56de884d40a8b71dff71ef8913b56bc912e4556c6528e535c670f88c4ad62dcbcf08c4669189ee1df56c36956c321a1c70ba122eb05d2ff854d24333f846e59b1a618ebe1ea17bea339ae31491d837cad816e0bb", 0xee}, {&(0x7f0000000580)="4794a67ab6dd1c8a88c902c9f5ffd088dd8b16bff55e76cd9919be8555dd0f374b8991a5df0f850dabb4991918089c9cc93848c1a1bed573faf044b684159cd4bd2d92d89b0ae98991e07096066f9a51a167ef1e7d7520a688d841fa28d9c3963382caaa8b2070b399204af0203dfb569084a93ae4169a3dc67511026de9", 0x7e}, {&(0x7f0000000080)="d1c0f890a9addb2420e9080b4fb3518c60f19789a9e1f3", 0x17}, {&(0x7f0000000640)="cc3815f0348476fc0c79b44d1020a9f42f4ab3a7025ed63e392f20c06fcf22247b1d3c6487754f114e238182bcabdab28389878c362c48b40cf5205f66d45bd4561d2994ea8a5eea7ea5d4e86b318b59bf", 0x51}], 0x4)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0x11)

919.791905ms ago: executing program 5 (id=1627):
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prlimit64(0xffffffffffffffff, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x28db800, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x2a0000, 0x100)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0)
openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x408040, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./bus\x00', 0x103a42, 0x80)
set_mempolicy(0x3, &(0x7f0000001200)=0x7, 0x3)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0x1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000002c0)=0x7)
socket(0x1, 0x2, 0x3ff)

298.762136ms ago: executing program 0 (id=1628):
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x62)
listen(r0, 0x3)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
socket(0x23, 0x5, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x300, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

169.538419ms ago: executing program 4 (id=1629):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
r0 = socket(0x1f, 0x3, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @broadcast}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000004c0)=@bpf_ext={0x1c, 0x1, &(0x7f00000005c0)=ANY=[@ANYRES8=r0], 0x0, 0x81, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x10168, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x94)
socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r1 = socket(0x25, 0x5, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
setresuid(0x0, 0x0, 0xffffffffffffffff)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x100)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
pselect6(0x40, &(0x7f0000000000)={0x4, 0xfffffffffffffffd, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x1, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x2, 0x7}, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000080)={0x5}, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/igmp\x00')
pread64(r3, &(0x7f0000000180)=""/15, 0xfffffe9c, 0xb6)

115.927784ms ago: executing program 0 (id=1630):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10)
listen(r0, 0x1ff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000340)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
fcntl$setstatus(r2, 0x4, 0x4800)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r7, 0x2000009)
sendfile(r6, r7, 0x0, 0x7ffff004)

0s ago: executing program 5 (id=1631):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
socket(0x1d, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="3c34000000000000040100c910fc02000000000000000000000000000107", @ANYRES32=r0], 0x1b0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ooth: hci5: Frame reassembly failed (-84)
[  469.970419][T10656] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  469.971946][   T10] usb 4-1: USB disconnect, device number 38
[  469.990604][ T1056] Bluetooth: hci5: Frame reassembly failed (-84)
[  470.004988][T10656] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  470.028166][T10656] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  470.039726][T10656] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  470.724492][ T5839] Bluetooth: hci6: command tx timeout
[  470.741114][T10708] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  471.220441][   T10] usb 2-1: USB disconnect, device number 39
[  471.328352][T10656] 8021q: adding VLAN 0 to HW filter on device bond0
[  471.482470][T10656] 8021q: adding VLAN 0 to HW filter on device team0
[  471.506367][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  471.513493][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  471.588787][T10724] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1214'.
[  471.980343][ T5839] Bluetooth: hci0: command 0x0406 tx timeout
[  472.033410][ T5839] Bluetooth: hci5: command 0x1003 tx timeout
[  472.033458][ T5831] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  472.388896][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  472.396030][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  472.440487][T10656] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  472.454164][T10656] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  472.646691][T10656] 8021q: adding VLAN 0 to HW filter on device batadv0
[  472.741253][ T5831] Bluetooth: hci6: command tx timeout
[  473.040702][T10656] veth0_vlan: entered promiscuous mode
[  473.074288][T10656] veth1_vlan: entered promiscuous mode
[  473.206172][T10656] veth0_macvtap: entered promiscuous mode
[  473.219052][T10656] veth1_macvtap: entered promiscuous mode
[  473.370175][T10656] batman_adv: batadv0: Interface activated: batadv_slave_0
[  473.398721][T10656] batman_adv: batadv0: Interface activated: batadv_slave_1
[  473.435968][ T6800] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  473.454221][ T6800] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  473.472067][ T6800] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  473.487713][ T6800] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  473.803550][T10750] comedi comedi0: Minor -2147450880 is invalid!
[  474.101497][T10720] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  474.111392][ T5831] Bluetooth: hci0: command 0x0406 tx timeout
[  474.260422][T10720] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  474.266911][T10720] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  474.274878][T10720] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  474.281732][T10720] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  474.287763][T10720] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  474.296681][T10720] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  474.513053][ T1056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  474.552205][ T1056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  474.573002][T10758] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  474.611455][ T5863] usb 1-1: new full-speed USB device number 51 using dummy_hcd
[  474.635399][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  474.646314][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  474.650501][T10760] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1221'.
[  474.679634][   T30] audit: type=1400 audit(2000000220.620:463): avc:  denied  { mounton } for  pid=10656 comm="syz-executor" path="/root/syzkaller.OmoWH6/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  474.718976][   T30] audit: type=1400 audit(2000000220.660:464): avc:  denied  { mount } for  pid=10656 comm="syz-executor" name="/" dev="gadgetfs" ino=7671 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  474.813083][ T5863] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  474.833193][ T5863] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  474.843400][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.857658][ T5863] usb 1-1: config 0 descriptor??
[  474.885096][   T30] audit: type=1400 audit(2000000220.830:465): avc:  denied  { connect } for  pid=10764 comm="syz.5.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  474.928520][   T30] audit: type=1400 audit(2000000220.840:466): avc:  denied  { ioctl } for  pid=10764 comm="syz.5.1198" path="socket:[36383]" dev="sockfs" ino=36383 ioctlcmd=0x89f6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  475.019941][T10772] netlink: 1508 bytes leftover after parsing attributes in process `syz.4.1222'.
[  475.378941][   T30] audit: type=1400 audit(2000000221.320:467): avc:  denied  { write } for  pid=10743 comm="syz.0.1216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  475.548669][   T10] usb 1-1: USB disconnect, device number 51
[  476.574235][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[  476.580280][ T5839] Bluetooth: hci6: command 0x0c1a tx timeout
[  476.590780][ T5839] Bluetooth: hci3: command 0x0405 tx timeout
[  476.597462][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  476.758020][   T30] audit: type=1326 audit(2000000222.700:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10796 comm="syz.4.1231" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8c6f8eb69 code=0x0
[  476.977779][T10803] netlink: 'syz.0.1230': attribute type 10 has an invalid length.
[  478.157884][T10812] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  478.238476][   T10] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  478.962382][   T51] Bluetooth: hci5: command 0x1003 tx timeout
[  478.968668][ T5831] Bluetooth: hci6: command 0x0c1a tx timeout
[  478.976014][ T5839] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  478.987068][T10822] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  479.004751][   T10] usb 1-1: Using ep0 maxpacket: 32
[  479.019111][   T10] usb 1-1: too many configurations: 29, using maximum allowed: 8
[  479.084565][   T10] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  479.184802][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.202193][   T10] usb 1-1: Product: syz
[  479.206459][   T10] usb 1-1: Manufacturer: syz
[  479.211069][   T10] usb 1-1: SerialNumber: syz
[  479.220050][   T10] usb 1-1: config 0 descriptor??
[  479.233069][   T10] hub 1-1:0.0: Invalid hub with more than one config or interface
[  479.240965][   T10] hub 1-1:0.0: probe with driver hub failed with error -22
[  479.275206][   T10] gspca_main: 0ac8:c301 too many config
[  479.351332][ T5863] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  479.961235][ T5863] usb 4-1: Using ep0 maxpacket: 32
[  479.986094][T10827] ./cgroup: Can't lookup blockdev
[  479.999828][ T5863] usb 4-1: too many configurations: 29, using maximum allowed: 8
[  480.241369][ T5938] usb 1-1: USB disconnect, device number 52
[  480.265008][ T5863] usb 4-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  480.274655][ T5863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.283946][ T5863] usb 4-1: Product: syz
[  480.288253][ T5863] usb 4-1: Manufacturer: syz
[  480.293474][ T5863] usb 4-1: SerialNumber: syz
[  480.299394][ T5863] usb 4-1: config 0 descriptor??
[  480.305584][ T5863] hub 4-1:0.0: Invalid hub with more than one config or interface
[  480.313626][   T10] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  480.321359][ T5863] hub 4-1:0.0: probe with driver hub failed with error -22
[  480.330042][ T5863] gspca_main: 0ac8:c301 too many config
[  480.476040][   T10] usb 5-1: Using ep0 maxpacket: 8
[  480.499173][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  480.583016][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  480.593188][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  480.608736][   T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  480.721290][   T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  480.730518][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.981378][ T5839] Bluetooth: hci6: command 0x0c1a tx timeout
[  480.997237][   T10] usb 5-1: GET_CAPABILITIES returned 0
[  481.003309][   T10] usbtmc 5-1:16.0: can't read capabilities
[  481.694409][ T5907] usb 4-1: USB disconnect, device number 39
[  482.342779][T10830] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  482.349370][ T5839] Bluetooth: hci0: command 0x0406 tx timeout
[  482.900582][   T10] usb 5-1: USB disconnect, device number 34
[  483.061657][ T5839] Bluetooth: hci6: command 0x0c1a tx timeout
[  483.260758][T10830] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  483.266956][T10830] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  483.273147][T10830] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  483.279908][T10830] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  483.388012][   T30] audit: type=1400 audit(2000000229.330:469): avc:  denied  { write } for  pid=10860 comm="syz.3.1248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  483.541745][  T117] usb 1-1: new low-speed USB device number 53 using dummy_hcd
[  483.541745][   T10] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  483.681361][ T5863] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  483.691270][ T5938] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  483.705507][   T10] usb 5-1: config 0 has an invalid interface number: 186 but max is 1
[  483.713940][   T10] usb 5-1: config 0 has no interface number 1
[  483.722421][   T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=e5.83
[  483.731744][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.739779][   T10] usb 5-1: Product: syz
[  483.745091][   T10] usb 5-1: Manufacturer: syz
[  483.749723][   T10] usb 5-1: SerialNumber: syz
[  483.756595][   T10] usb 5-1: config 0 descriptor??
[  483.832924][ T5863] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  483.843821][ T5863] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.854794][ T5863] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  483.864698][ T5938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.864703][ T5863] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  483.864744][ T5863] usb 6-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  483.880443][ T5938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  483.888666][ T5863] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.890934][ T5863] usb 6-1: config 0 descriptor??
[  483.903545][ T5938] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  483.937841][ T5938] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  483.947549][ T5938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.957710][ T5938] usb 4-1: config 0 descriptor??
[  483.967546][T10854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  483.969211][T10853] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR
[  483.982591][T10854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.016668][ T5907] usb 5-1: USB disconnect, device number 35
[  484.347521][T10876] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  484.359051][T10876] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  484.421414][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  484.755541][  T117] usb 1-1: unable to get BOS descriptor or descriptor too short
[  484.810182][ T5938] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  484.825422][  T117] usb 1-1: unable to read config index 0 descriptor/start: -71
[  484.845832][  T117] usb 1-1: can't read configurations, error -71
[  485.181046][ T5863] usbhid 6-1:0.0: can't add hid device: -71
[  485.187159][ T5863] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  485.198014][ T5863] usb 6-1: USB disconnect, device number 2
[  485.211396][  T117] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  485.301644][ T5831] Bluetooth: hci2: command 0x0406 tx timeout
[  485.308749][ T5839] Bluetooth: hci3: command 0x0405 tx timeout
[  485.314836][   T51] Bluetooth: hci6: command 0x0c1a tx timeout
[  485.371271][  T117] usb 1-1: Using ep0 maxpacket: 32
[  485.377053][  T117] usb 1-1: too many configurations: 29, using maximum allowed: 8
[  485.396825][  T117] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  485.406063][  T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.414392][  T117] usb 1-1: Product: syz
[  485.418588][  T117] usb 1-1: Manufacturer: syz
[  485.423252][  T117] usb 1-1: SerialNumber: syz
[  485.429294][  T117] usb 1-1: config 0 descriptor??
[  485.436069][  T117] hub 1-1:0.0: Invalid hub with more than one config or interface
[  485.444058][  T117] hub 1-1:0.0: probe with driver hub failed with error -22
[  485.445742][ T5863] usb 4-1: USB disconnect, device number 40
[  485.452573][  T117] gspca_main: 0ac8:c301 too many config
[  485.945463][   T10] usb 1-1: USB disconnect, device number 54
[  486.346606][T10889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  486.544936][   T30] audit: type=1400 audit(2000000232.490:470): avc:  denied  { setopt } for  pid=10887 comm="syz.3.1255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  487.246535][T10895] overlayfs: missing 'lowerdir'
[  488.341296][  T117] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  488.503146][  T117] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  488.515452][  T117] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  488.527748][  T117] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  488.536923][  T117] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.546853][T10903] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  488.557573][  T117] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  489.060004][T10912] vlan0: entered promiscuous mode
[  489.076016][T10912] team0: Port device vlan0 added
[  489.215023][T10906] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  489.221123][T10906] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  489.228786][T10906] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  489.235038][T10906] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  489.241602][T10906] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  489.379965][T10919] hpfs: Bad magic ... probably not HPFS
[  489.584244][   T10] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  489.595066][ T5863] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  489.624796][T10918] tmpfs: Bad value for 'mpol'
[  489.854176][ T5863] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  489.865619][ T5863] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  489.875517][ T5863] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  490.125608][T10924] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  490.468666][ T5863] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  490.477996][ T5863] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  490.487238][   T10] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  490.496784][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  490.501428][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  490.505649][ T5863] usb 6-1: config 0 descriptor??
[  490.516173][   T10] usb 5-1: Product: syz
[  490.520451][   T10] usb 5-1: Manufacturer: syz
[  490.526857][   T10] usb 5-1: SerialNumber: syz
[  490.535395][   T10] usb 5-1: config 0 descriptor??
[  490.542413][   T10] ch341 5-1:0.0: ch341-uart converter detected
[  490.670033][ T5938] usb 1-1: USB disconnect, device number 55
[  490.691073][T10927] FAULT_INJECTION: forcing a failure.
[  490.691073][T10927] name failslab, interval 1, probability 0, space 0, times 0
[  490.708478][T10927] CPU: 0 UID: 0 PID: 10927 Comm: syz.3.1268 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  490.708506][T10927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  490.708519][T10927] Call Trace:
[  490.708525][T10927]  <TASK>
[  490.708532][T10927]  dump_stack_lvl+0x16c/0x1f0
[  490.708564][T10927]  should_fail_ex+0x512/0x640
[  490.708592][T10927]  should_failslab+0xc2/0x120
[  490.708613][T10927]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  490.708633][T10927]  ? __alloc_skb+0x2b2/0x380
[  490.708661][T10927]  __alloc_skb+0x2b2/0x380
[  490.708686][T10927]  ? __pfx___alloc_skb+0x10/0x10
[  490.708720][T10927]  tcp_stream_alloc_skb+0x34/0x570
[  490.708744][T10927]  tcp_write_xmit+0x879/0x84e0
[  490.708786][T10927]  ? irqentry_exit+0x3b/0x90
[  490.708813][T10927]  ? __pfx__copy_from_iter+0x10/0x10
[  490.708842][T10927]  __tcp_push_pending_frames+0xaf/0x390
[  490.708869][T10927]  tcp_push+0x225/0x700
[  490.708893][T10927]  tcp_sendmsg_locked+0x1867/0x4290
[  490.708931][T10927]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  490.708955][T10927]  ? do_raw_spin_lock+0x12c/0x2b0
[  490.708974][T10927]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  490.708998][T10927]  ? __local_bh_enable_ip+0xa4/0x120
[  490.709025][T10927]  tcp_sendmsg+0x2e/0x50
[  490.709044][T10927]  ? __pfx_tcp_sendmsg+0x10/0x10
[  490.709064][T10927]  inet_sendmsg+0xb9/0x140
[  490.709087][T10927]  __sys_sendto+0x43c/0x520
[  490.709114][T10927]  ? __pfx___sys_sendto+0x10/0x10
[  490.709159][T10927]  ? ksys_write+0x1ac/0x250
[  490.709175][T10927]  ? __pfx_ksys_write+0x10/0x10
[  490.709193][T10927]  __x64_sys_sendto+0xe0/0x1c0
[  490.709216][T10927]  ? do_syscall_64+0x91/0x4c0
[  490.709232][T10927]  ? lockdep_hardirqs_on+0x7c/0x110
[  490.709257][T10927]  do_syscall_64+0xcd/0x4c0
[  490.709274][T10927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.709292][T10927] RIP: 0033:0x7fd93698eb69
[  490.709309][T10927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  490.709327][T10927] RSP: 002b:00007fd9378b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  490.709345][T10927] RAX: ffffffffffffffda RBX: 00007fd936bb5fa0 RCX: 00007fd93698eb69
[  490.709357][T10927] RDX: 000000000000059a RSI: 0000200000000180 RDI: 0000000000000003
[  490.709368][T10927] RBP: 00007fd9378b6090 R08: 0000000000000000 R09: ffffffffffffffa1
[  490.709379][T10927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  490.709390][T10927] R13: 0000000000000000 R14: 00007fd936bb5fa0 R15: 00007ffd49d17148
[  490.709414][T10927]  </TASK>
[  491.123839][ T5863] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  491.249840][   T30] audit: type=1400 audit(2000000237.110:471): avc:  denied  { read } for  pid=10928 comm="syz.0.1269" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  491.275692][   T30] audit: type=1400 audit(2000000237.110:472): avc:  denied  { open } for  pid=10928 comm="syz.0.1269" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  491.767210][   T51] Bluetooth: hci6: command 0x0c1a tx timeout
[  491.773455][T10935] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  491.795128][   T51] Bluetooth: hci3: command 0x0405 tx timeout
[  491.800469][ T5839] Bluetooth: hci2: command 0x0406 tx timeout
[  491.807346][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[  491.816301][   T10] usb 5-1: failed to send control message: -71
[  491.822962][   T10] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  491.922653][   T10] usb 5-1: USB disconnect, device number 36
[  491.929587][   T10] ch341 5-1:0.0: device disconnected
[  492.527144][T10940] can0: slcan on ptm0.
[  492.601432][T10938] can0 (unregistered): slcan off ptm0.
[  492.714053][   T10] usb 6-1: USB disconnect, device number 3
[  492.851291][  T117] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  492.871274][ T5907] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  493.011460][  T117] usb 5-1: Using ep0 maxpacket: 16
[  493.020311][  T117] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  493.030562][  T117] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  493.041428][ T5907] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  493.052078][ T5907] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  493.074087][ T5907] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  493.084719][  T117] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  493.095493][  T117] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  493.111612][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.120001][  T117] usb 5-1: Product: syz
[  493.142265][  T117] usb 5-1: Manufacturer: syz
[  493.146905][  T117] usb 5-1: SerialNumber: syz
[  493.152422][ T5907] usb 4-1: config 0 descriptor??
[  493.164327][ T5907] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  493.371402][   T10] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  493.441393][  T117] usb 5-1: 0:2 : does not exist
[  493.452356][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  493.465431][  T117] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  493.465971][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  493.485464][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  493.494993][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  493.495270][  T117] usb 5-1: USB disconnect, device number 37
[  493.510778][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  493.539789][T10958] lo speed is unknown, defaulting to 1000
[  493.548328][   T10] usb 1-1: Using ep0 maxpacket: 8
[  493.553565][T10958] lo speed is unknown, defaulting to 1000
[  493.555012][   T10] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  493.569486][   T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  493.579847][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  493.590338][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  493.600799][   T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  493.614490][   T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  493.624346][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.707422][T10958] chnl_net:caif_netlink_parms(): no params data found
[  493.793455][T10958] bridge0: port 1(bridge_slave_0) entered blocking state
[  493.800736][T10958] bridge0: port 1(bridge_slave_0) entered disabled state
[  493.810757][T10958] bridge_slave_0: entered allmulticast mode
[  493.818161][T10958] bridge_slave_0: entered promiscuous mode
[  493.827662][T10958] bridge0: port 2(bridge_slave_1) entered blocking state
[  493.835504][T10958] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.842841][T10958] bridge_slave_1: entered allmulticast mode
[  493.850971][T10958] bridge_slave_1: entered promiscuous mode
[  493.852971][   T10] usb 1-1: usb_control_msg returned -32
[  493.871279][   T10] usbtmc 1-1:16.0: can't read capabilities
[  493.875529][ T5839] Bluetooth: hci6: command 0x0c1a tx timeout
[  493.898424][T10958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  493.911623][T10958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  493.958164][T10958] team0: Port device team_slave_0 added
[  493.967350][T10958] team0: Port device team_slave_1 added
[  494.002766][T10958] batman_adv: batadv0: Adding interface: batadv_slave_0
[  494.010373][T10958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.037750][T10958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  494.170471][T10958] batman_adv: batadv0: Adding interface: batadv_slave_1
[  494.177533][T10958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.232164][T10958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  494.751989][T10958] hsr_slave_0: entered promiscuous mode
[  494.766365][T10958] hsr_slave_1: entered promiscuous mode
[  494.772734][T10958] debugfs: 'hsr0' already exists in 'hsr'
[  494.778734][T10958] Cannot create hsr debugfs directory
[  495.542235][ T5839] Bluetooth: hci5: command tx timeout
[  495.558836][T10958] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  495.571699][T10958] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  495.583053][T10958] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  495.595208][T10958] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  495.713485][ T5863] usb 4-1: USB disconnect, device number 41
[  495.744380][T10958] 8021q: adding VLAN 0 to HW filter on device bond0
[  495.792628][T10958] 8021q: adding VLAN 0 to HW filter on device team0
[  495.864453][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.871654][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  496.023265][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.030433][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  497.017463][ T5839] Bluetooth: hci0: command 0x0406 tx timeout
[  497.387066][T10968] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  497.393613][T10995] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  497.434236][T10996] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  497.572392][T10968] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  497.625343][T10968] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  497.637614][ T5839] Bluetooth: hci5: command 0x041b tx timeout
[  497.772487][T10968] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  497.779803][T10968] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  497.797219][T10968] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  498.206899][T10968] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  498.251863][T10968] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  498.598364][ T5833] usb 1-1: USB disconnect, device number 56
[  498.732771][ T5934] usb 5-1: new low-speed USB device number 38 using dummy_hcd
[  499.073068][T11020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1289'.
[  499.437177][T10958] 8021q: adding VLAN 0 to HW filter on device batadv0
[  499.621537][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[  499.701933][ T5839] Bluetooth: hci2: command 0x0406 tx timeout
[  499.791656][ T5839] Bluetooth: hci6: command 0x0c1a tx timeout
[  499.797726][   T51] Bluetooth: hci3: command 0x0405 tx timeout
[  499.861810][   T51] Bluetooth: hci5: command 0x041b tx timeout
[  499.996503][T11037] lo: entered promiscuous mode
[  500.001441][T11037] lo: entered allmulticast mode
[  500.007302][T11037] tunl0: entered promiscuous mode
[  500.022031][T11037] tunl0: entered allmulticast mode
[  500.028309][T11037] gre0: entered promiscuous mode
[  500.735142][ T5934] usb 5-1: unable to get BOS descriptor or descriptor too short
[  500.753011][ T5934] usb 5-1: unable to read config index 0 descriptor/start: -71
[  500.760624][ T5934] usb 5-1: can't read configurations, error -71
[  500.810326][T11037] gre0: entered allmulticast mode
[  500.983411][T11037] gretap0: entered promiscuous mode
[  500.988670][T11037] gretap0: entered allmulticast mode
[  501.425265][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  501.457339][T11037] erspan0: entered promiscuous mode
[  501.464668][T11037] erspan0: entered allmulticast mode
[  501.474154][T11037] ip_vti0: entered promiscuous mode
[  501.487138][T11037] ip_vti0: entered allmulticast mode
[  501.504464][T11037] ip6_vti0: entered promiscuous mode
[  501.510354][T11049] binder: 11048:11049 ioctl 8140aecc 200000000980 returned -22
[  501.518132][T11037] ip6_vti0: entered allmulticast mode
[  501.526325][T11037] sit0: entered promiscuous mode
[  501.531604][T11037] sit0: entered allmulticast mode
[  501.538807][T11037] ip6tnl0: entered promiscuous mode
[  501.544122][T11037] ip6tnl0: entered allmulticast mode
[  501.550653][T11037] ip6gre0: entered promiscuous mode
[  501.555971][T11037] ip6gre0: entered allmulticast mode
[  501.562696][T11037] syz_tun: entered promiscuous mode
[  501.567913][T11037] syz_tun: entered allmulticast mode
[  501.574114][T11037] ip6gretap0: entered promiscuous mode
[  501.579594][T11037] ip6gretap0: entered allmulticast mode
[  501.586266][T11037] bridge0: entered promiscuous mode
[  501.880523][T11037] bridge0: entered allmulticast mode
[  501.892104][T11037] vcan0: entered promiscuous mode
[  501.898330][T11037] vcan0: entered allmulticast mode
[  501.905318][T11037] bond0: entered promiscuous mode
[  501.910370][T11037] bond_slave_0: entered promiscuous mode
[  501.917096][T11037] bond_slave_1: entered promiscuous mode
[  501.923683][T11037] bond0: entered allmulticast mode
[  501.935889][T11037] bond_slave_0: entered allmulticast mode
[  501.942765][T11037] bond_slave_1: entered allmulticast mode
[  501.949520][T11037] team0: entered promiscuous mode
[  501.951454][ T5839] Bluetooth: hci5: command 0x041b tx timeout
[  501.960790][T11037] team_slave_0: entered promiscuous mode
[  501.972458][T11037] team_slave_1: entered promiscuous mode
[  501.978446][T11037] team0: entered allmulticast mode
[  501.984527][T11037] team_slave_0: entered allmulticast mode
[  501.990325][T11037] team_slave_1: entered allmulticast mode
[  501.991454][ T5863] usb 1-1: new full-speed USB device number 57 using dummy_hcd
[  502.006125][T11037] vlan0: entered allmulticast mode
[  502.011742][T11037] veth0_vlan: entered allmulticast mode
[  502.017993][T11037] dummy0: entered promiscuous mode
[  502.024509][T11037] dummy0: entered allmulticast mode
[  502.030338][T11037] nlmon0: entered promiscuous mode
[  502.036763][T11037] nlmon0: entered allmulticast mode
[  502.043039][T11037] caif0: entered promiscuous mode
[  502.048074][T11037] caif0: entered allmulticast mode
[  502.055517][T11037] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  502.084027][T10958] veth0_vlan: entered promiscuous mode
[  502.146159][T10958] veth1_vlan: entered promiscuous mode
[  502.227068][ T5863] usb 1-1: config 8 has an invalid interface number: 177 but max is 0
[  502.288437][ T5863] usb 1-1: config 8 has no interface number 0
[  502.290380][T10958] veth0_macvtap: entered promiscuous mode
[  502.300597][ T5863] usb 1-1: config 8 interface 177 altsetting 9 has an endpoint descriptor with address 0xE8, changing to 0x88
[  502.324521][ T5863] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x88 has invalid maxpacket 1023, setting to 64
[  502.326639][T10958] veth1_macvtap: entered promiscuous mode
[  502.477733][ T5863] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[  502.546857][ T5863] usb 1-1: config 8 interface 177 has no altsetting 0
[  502.564355][T10958] batman_adv: batadv0: Interface activated: batadv_slave_0
[  502.578447][ T5863] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  502.600118][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.619674][T11049] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  502.634087][T10958] batman_adv: batadv0: Interface activated: batadv_slave_1
[  502.655201][ T4342] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  502.666065][ T4342] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  502.679881][   T30] audit: type=1400 audit(2000000248.610:473): avc:  denied  { bind } for  pid=11054 comm="syz.4.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  502.704942][   T30] audit: type=1400 audit(2000000248.610:474): avc:  denied  { accept } for  pid=11054 comm="syz.4.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  502.738040][ T4342] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  502.750753][ T4342] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  502.907156][ T5863] usb 1-1: string descriptor 0 read error: -71
[  502.946877][ T5863] ir_toy 1-1:8.177: required endpoints not found
[  502.994803][ T5863] usb 1-1: USB disconnect, device number 57
[  503.097091][ T4342] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.105324][ T4342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  503.294931][ T5934] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  503.307241][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.322651][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  504.280557][T11076] hpfs: Bad magic ... probably not HPFS
[  504.321866][   T51] Bluetooth: hci5: command 0x041b tx timeout
[  504.331401][T11074] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  504.572319][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  504.620330][T11076] tmpfs: Bad value for 'mpol'
[  504.667480][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  504.708947][ T5934] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  504.785119][ T5934] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  504.813620][ T5934] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.954600][T11082] netlink: 'syz.0.1301': attribute type 10 has an invalid length.
[  505.693661][ T5934] usb 4-1: config 0 descriptor??
[  505.892772][T11084] overlayfs: missing 'lowerdir'
[  506.565025][   T51] Bluetooth: hci5: command 0x041b tx timeout
[  506.724679][ T5934] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  507.588584][T11107] can0: slcan on ptm0.
[  507.697583][ T5934] usb 4-1: USB disconnect, device number 42
[  508.064275][T11098] can0 (unregistered): slcan off ptm0.
[  508.371977][T11115] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1310'.
[  508.387106][T11115] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  508.752278][   T51] Bluetooth: hci5: command 0x041b tx timeout
[  509.043841][T11122] netlink: 1508 bytes leftover after parsing attributes in process `syz.5.1309'.
[  510.822318][   T51] Bluetooth: hci5: command 0x041b tx timeout
[  510.979384][T11141] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1315'.
[  510.992590][T11124] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  512.901448][   T51] Bluetooth: hci5: command 0x041b tx timeout
[  513.841763][T11158] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  514.283405][T11162] kvm: user requested TSC rate below hardware speed
[  514.371515][T11165] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1322'.
[  514.441493][ T5833] usb 6-1: new low-speed USB device number 4 using dummy_hcd
[  514.633557][ T5833] usb 6-1: unable to get BOS descriptor or descriptor too short
[  514.709806][   T10] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  514.743941][ T5833] usb 6-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  514.808727][ T5833] usb 6-1: config 1 interface 0 has no altsetting 0
[  514.846563][ T5833] usb 6-1: string descriptor 0 read error: -22
[  514.853183][ T5833] usb 6-1: New USB device found, idVendor=046d, idProduct=c53f, bcdDevice= 0.40
[  514.858623][T11172] comedi comedi0: Minor -2147450880 is invalid!
[  514.864199][ T5833] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  514.885064][   T30] audit: type=1400 audit(2000000260.800:475): avc:  denied  { getopt } for  pid=11171 comm="syz.3.1324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  514.905667][   T10] usb 1-1: Using ep0 maxpacket: 8
[  514.928771][   T30] audit: type=1400 audit(2000000260.830:476): avc:  denied  { map } for  pid=11173 comm="syz.4.1325" path="/dev/video3" dev="devtmpfs" ino=934 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  514.957369][   T10] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  514.980288][   T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  515.000481][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  515.016247][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  515.029774][   T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  515.046333][   T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  515.055651][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.193727][ T5938] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  515.361305][ T5938] usb 5-1: Using ep0 maxpacket: 16
[  515.418661][ T5938] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  515.644672][   T10] usb 1-1: usb_control_msg returned -32
[  515.650382][   T10] usbtmc 1-1:16.0: can't read capabilities
[  515.827840][ T5938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  515.841280][ T5938] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  515.850458][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.936560][ T5938] usb 5-1: Product: syz
[  515.944816][ T5938] usb 5-1: Manufacturer: syz
[  516.005185][T11183] lo: entered promiscuous mode
[  516.010112][T11183] lo: entered allmulticast mode
[  516.018515][T11183] tunl0: entered promiscuous mode
[  516.023732][T11183] tunl0: entered allmulticast mode
[  516.032712][T11183] gre0: entered promiscuous mode
[  516.037759][T11183] gre0: entered allmulticast mode
[  516.046755][T11183] gretap0: entered promiscuous mode
[  516.052116][T11183] gretap0: entered allmulticast mode
[  516.060632][T11183] erspan0: entered promiscuous mode
[  516.065945][T11183] erspan0: entered allmulticast mode
[  516.074876][T11183] ip_vti0: entered promiscuous mode
[  516.080191][T11183] ip_vti0: entered allmulticast mode
[  516.090031][T11183] ip6_vti0: entered promiscuous mode
[  516.095464][T11183] ip6_vti0: entered allmulticast mode
[  516.104533][T11183] sit0: entered promiscuous mode
[  516.109576][T11183] sit0: entered allmulticast mode
[  516.117688][T11183] ip6tnl0: entered promiscuous mode
[  516.154260][T11183] ip6tnl0: entered allmulticast mode
[  516.162658][T11183] ip6gre0: entered promiscuous mode
[  516.167939][T11183] ip6gre0: entered allmulticast mode
[  516.176244][T11183] syz_tun: entered promiscuous mode
[  516.181911][T11183] syz_tun: entered allmulticast mode
[  516.190871][T11183] ip6gretap0: entered promiscuous mode
[  516.196486][T11183] ip6gretap0: entered allmulticast mode
[  516.207663][T11183] bridge0: entered promiscuous mode
[  516.212999][T11183] bridge0: entered allmulticast mode
[  516.219263][T11183] vcan0: entered promiscuous mode
[  516.224430][T11183] vcan0: entered allmulticast mode
[  516.229987][T11183] bond0: entered promiscuous mode
[  516.235143][T11183] bond_slave_0: entered promiscuous mode
[  516.240910][T11183] bond_slave_1: entered promiscuous mode
[  516.246694][T11183] bond0: entered allmulticast mode
[  516.251910][T11183] bond_slave_0: entered allmulticast mode
[  516.257632][T11183] bond_slave_1: entered allmulticast mode
[  516.264232][T11183] team0: entered promiscuous mode
[  516.269262][T11183] team_slave_0: entered promiscuous mode
[  516.275027][T11183] team_slave_1: entered promiscuous mode
[  516.280769][T11183] team0: entered allmulticast mode
[  516.285882][T11183] team_slave_0: entered allmulticast mode
[  516.291654][T11183] team_slave_1: entered allmulticast mode
[  516.298337][T11183] dummy0: entered promiscuous mode
[  516.303479][T11183] dummy0: entered allmulticast mode
[  516.309332][T11183] nlmon0: entered promiscuous mode
[  516.314465][T11183] nlmon0: entered allmulticast mode
[  516.404563][T11183] caif0: entered promiscuous mode
[  516.409603][T11183] caif0: entered allmulticast mode
[  516.414764][T11183] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  516.474255][ T5938] usb 5-1: SerialNumber: syz
[  516.479641][ T5833] usbhid 6-1:1.0: can't add hid device: -71
[  516.488835][ T5938] usb 5-1: config 0 descriptor??
[  516.496486][ T5833] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  516.526431][ T5833] usb 6-1: USB disconnect, device number 4
[  516.749191][T11174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.758256][T11174] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.784084][ T5938] appledisplay 5-1:0.0: Error while getting initial brightness: -71
[  516.833372][ T5938] appledisplay 5-1:0.0: probe with driver appledisplay failed with error -71
[  517.256091][T11190] kvm: user requested TSC rate below hardware speed
[  517.285654][ T5938] usb 5-1: USB disconnect, device number 40
[  517.354083][T11182] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  517.364146][T11182] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  517.407364][T11182] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  517.427849][T11182] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  517.555264][T11182] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  517.814912][T11182] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  518.521274][ T5907] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  519.330555][ T5833] usb 1-1: USB disconnect, device number 58
[  519.421402][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  519.424501][T11214] FAULT_INJECTION: forcing a failure.
[  519.424501][T11214] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  519.427595][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[  519.440819][T11214] CPU: 0 UID: 0 PID: 11214 Comm: syz.0.1334 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  519.440840][T11214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  519.440849][T11214] Call Trace:
[  519.440855][T11214]  <TASK>
[  519.440860][T11214]  dump_stack_lvl+0x16c/0x1f0
[  519.440889][T11214]  should_fail_ex+0x512/0x640
[  519.440914][T11214]  _copy_to_user+0x32/0xd0
[  519.440944][T11214]  simple_read_from_buffer+0xcb/0x170
[  519.440971][T11214]  proc_fail_nth_read+0x197/0x240
[  519.440988][T11214]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  519.441006][T11214]  ? rw_verify_area+0xcf/0x680
[  519.441028][T11214]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  519.441043][T11214]  vfs_read+0x1e4/0xc60
[  519.441069][T11214]  ? __pfx___mutex_lock+0x10/0x10
[  519.441084][T11214]  ? __pfx_vfs_read+0x10/0x10
[  519.441113][T11214]  ? __fget_files+0x20e/0x3c0
[  519.441139][T11214]  ksys_read+0x12a/0x250
[  519.441152][T11214]  ? __pfx_ksys_read+0x10/0x10
[  519.441168][T11214]  ? rcu_is_watching+0x12/0xc0
[  519.441189][T11214]  do_syscall_64+0xcd/0x4c0
[  519.441206][T11214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.441221][T11214] RIP: 0033:0x7fcfa0b8d57c
[  519.441233][T11214] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  519.441248][T11214] RSP: 002b:00007fcfa1a45030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  519.441263][T11214] RAX: ffffffffffffffda RBX: 00007fcfa0db6080 RCX: 00007fcfa0b8d57c
[  519.441273][T11214] RDX: 000000000000000f RSI: 00007fcfa1a450a0 RDI: 0000000000000007
[  519.441282][T11214] RBP: 00007fcfa1a45090 R08: 0000000000000000 R09: 0000000000000000
[  519.441291][T11214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  519.441300][T11214] R13: 0000000000000000 R14: 00007fcfa0db6080 R15: 00007ffe5a766d38
[  519.441321][T11214]  </TASK>
[  519.656864][   T51] Bluetooth: hci3: command 0x0405 tx timeout
[  519.664810][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  519.676227][ T5831] Bluetooth: hci6: command 0x0c1a tx timeout
[  519.836917][ T5907] usb 5-1: unable to get BOS descriptor or descriptor too short
[  519.861261][ T5831] Bluetooth: hci5: command 0x041b tx timeout
[  519.900206][ T5907] usb 5-1: not running at top speed; connect to a high speed hub
[  519.910690][ T5907] usb 5-1: config 7 has an invalid interface number: 164 but max is 0
[  519.920581][ T5907] usb 5-1: config 7 has no interface number 0
[  519.926699][ T5907] usb 5-1: config 7 interface 164 altsetting 1 endpoint 0x2 has invalid maxpacket 1032, setting to 64
[  519.940441][ T5907] usb 5-1: config 7 interface 164 has no altsetting 0
[  519.959807][ T5907] usb 5-1: New USB device found, idVendor=05da, idProduct=80a3, bcdDevice=4c.7a
[  519.981248][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.989263][ T5907] usb 5-1: Product: syz
[  520.025355][ T5907] usb 5-1: Manufacturer: syz
[  520.045026][ T5907] usb 5-1: SerialNumber: syz
[  521.004840][ T5907] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 6 is not bulk.
[  521.031200][ T5907] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 2 is not bulk.
[  521.068382][T11227] FAULT_INJECTION: forcing a failure.
[  521.068382][T11227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  521.069208][ T5907] microtek usb (rev 0.4.3): couldn't find two input bulk endpoints. Bailing out.
[  521.097904][T11227] CPU: 0 UID: 0 PID: 11227 Comm: syz.4.1339 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  521.097931][T11227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  521.097941][T11227] Call Trace:
[  521.097947][T11227]  <TASK>
[  521.097955][T11227]  dump_stack_lvl+0x16c/0x1f0
[  521.097987][T11227]  should_fail_ex+0x512/0x640
[  521.098016][T11227]  _copy_from_iter+0x29f/0x16f0
[  521.098047][T11227]  ? __alloc_skb+0x200/0x380
[  521.098073][T11227]  ? __pfx__copy_from_iter+0x10/0x10
[  521.098100][T11227]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  521.098137][T11227]  netlink_sendmsg+0x829/0xdd0
[  521.098164][T11227]  ? __pfx_netlink_sendmsg+0x10/0x10
[  521.098192][T11227]  ____sys_sendmsg+0xa98/0xc70
[  521.098217][T11227]  ? copy_msghdr_from_user+0x10a/0x160
[  521.098243][T11227]  ? __pfx_____sys_sendmsg+0x10/0x10
[  521.098275][T11227]  ___sys_sendmsg+0x134/0x1d0
[  521.098302][T11227]  ? __pfx____sys_sendmsg+0x10/0x10
[  521.098325][T11227]  ? __lock_acquire+0x622/0x1c90
[  521.098374][T11227]  ? __mutex_unlock_slowpath+0xa0/0x800
[  521.098398][T11227]  __sys_sendmsg+0x16d/0x220
[  521.098425][T11227]  ? __pfx___sys_sendmsg+0x10/0x10
[  521.098467][T11227]  do_syscall_64+0xcd/0x4c0
[  521.098486][T11227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.098503][T11227] RIP: 0033:0x7fa8c6f8eb69
[  521.098517][T11227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  521.098535][T11227] RSP: 002b:00007fa8c7e19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  521.098552][T11227] RAX: ffffffffffffffda RBX: 00007fa8c71b5fa0 RCX: 00007fa8c6f8eb69
[  521.098565][T11227] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005
[  521.098576][T11227] RBP: 00007fa8c7e19090 R08: 0000000000000000 R09: 0000000000000000
[  521.098586][T11227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  521.098596][T11227] R13: 0000000000000000 R14: 00007fa8c71b5fa0 R15: 00007ffc332ba798
[  521.098619][T11227]  </TASK>
[  521.747836][ T5907] usb 5-1: USB disconnect, device number 41
[  522.675334][T11216] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  522.681829][ T5831] Bluetooth: hci0: command 0x0406 tx timeout
[  522.799236][T11244] hpfs: Bad magic ... probably not HPFS
[  522.913682][T11245] tmpfs: Bad value for 'mpol'
[  523.027461][T11216] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  523.033740][T11216] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  523.061588][T11216] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  523.077995][T11216] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  523.128435][T11216] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  523.402871][T11249] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  524.151425][   T10] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  524.180992][T11251] ALSA: mixer_oss: invalid index 40000
[  524.316038][T11257] tipc: Started in network mode
[  524.321069][T11257] tipc: Node identity ac1414aa, cluster identity 4711
[  524.333075][T11257] tipc: Enabled bearer <udp:syz2>, priority 10
[  524.375513][   T10] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  524.433362][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  524.482769][ T5934] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  524.558087][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  524.594577][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  524.607933][   T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  524.617430][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.631313][   T10] usb 5-1: config 0 descriptor??
[  524.781330][ T5831] Bluetooth: hci1: command 0x0406 tx timeout
[  524.841618][ T5934] usb 6-1: Using ep0 maxpacket: 8
[  524.855675][ T5934] usb 6-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  524.866718][ T5934] usb 6-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  525.061332][ T5831] Bluetooth: hci2: command 0x0406 tx timeout
[  525.141839][ T5831] Bluetooth: hci5: command 0x041b tx timeout
[  525.148017][ T5831] Bluetooth: hci6: command 0x0c1a tx timeout
[  525.155510][ T5831] Bluetooth: hci3: command 0x0405 tx timeout
[  525.281187][ T5934] usb 6-1: config 0 interface 0 has no altsetting 0
[  525.293721][ T5934] usb 6-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  525.304396][ T5934] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  525.371320][T11263] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  525.380129][T11263] batadv_slave_0: entered promiscuous mode
[  525.398892][ T5934] usb 6-1: config 0 descriptor??
[  525.484314][ T5886] tipc: Node number set to 2886997162
[  525.581630][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  525.587729][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  525.665293][T11271] netlink: 'syz.0.1352': attribute type 10 has an invalid length.
[  525.882120][ T5886] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  525.925673][   T10] usb 5-1: USB disconnect, device number 42
[  526.110414][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  526.197583][ T5934] steelseries 0003:1038:1410.0013: missing HID_OUTPUT_REPORT 0
[  526.234096][ T5886] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  526.307072][ T5886] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  526.429364][ T5886] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  526.471324][   T10] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  526.647273][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.655852][   T30] audit: type=1400 audit(2000000272.600:477): avc:  denied  { ioctl } for  pid=11252 comm="syz.5.1345" path="socket:[39894]" dev="sockfs" ino=39894 ioctlcmd=0x89e5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  526.656803][ T5833] usb 6-1: USB disconnect, device number 5
[  526.685085][ T5886] usb 7-1: config 0 descriptor??
[  527.443157][   T10] usb 5-1: Using ep0 maxpacket: 32
[  527.455633][   T10] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  527.479728][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  527.486489][   T10] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  527.495735][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.625685][   T10] usb 5-1: config 0 descriptor??
[  527.905610][ T5886] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  528.091574][  T117] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  528.142763][T11289] overlayfs: overlapping lowerdir path
[  528.259901][T11290] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  528.674634][   T10] corsair-cpro 0003:1B1C:0C10.0015: unknown main item tag 0x0
[  528.683878][   T10] corsair-cpro 0003:1B1C:0C10.0015: unknown main item tag 0x0
[  528.691539][   T10] corsair-cpro 0003:1B1C:0C10.0015: unknown main item tag 0x0
[  528.701526][   T10] corsair-cpro 0003:1B1C:0C10.0015: hidraw1: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.4-1/input0
[  528.845680][  T117] usb 1-1: Using ep0 maxpacket: 32
[  529.111820][ T5886] usb 7-1: USB disconnect, device number 2
[  529.119936][  T117] usb 1-1: too many configurations: 29, using maximum allowed: 8
[  529.129579][   T10] corsair-cpro 0003:1B1C:0C10.0015: probe with driver corsair-cpro failed with error -110
[  529.175786][  T117] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  529.189579][  T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.203325][  T117] usb 1-1: Product: syz
[  529.207515][  T117] usb 1-1: Manufacturer: syz
[  529.215527][  T117] usb 1-1: SerialNumber: syz
[  529.223939][  T117] usb 1-1: config 0 descriptor??
[  529.230652][  T117] hub 1-1:0.0: Invalid hub with more than one config or interface
[  529.242098][  T117] hub 1-1:0.0: probe with driver hub failed with error -22
[  529.252882][  T117] gspca_main: 0ac8:c301 too many config
[  529.322134][  T117] usb 5-1: USB disconnect, device number 43
[  530.010118][ T5886] usb 1-1: USB disconnect, device number 59
[  530.414627][   T30] audit: type=1400 audit(2000000276.360:478): avc:  denied  { write } for  pid=11308 comm="syz.4.1362" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  530.600656][T11317] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1362'.
[  530.822015][ T5886] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  530.891294][ T5934] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  531.051502][ T5934] usb 1-1: Using ep0 maxpacket: 32
[  531.068142][ T5934] usb 1-1: unable to get BOS descriptor or descriptor too short
[  531.082179][ T5886] usb 7-1: Using ep0 maxpacket: 32
[  531.094832][ T5934] usb 1-1: config 128 has an invalid interface number: 127 but max is 3
[  531.397753][ T5886] usb 7-1: too many configurations: 29, using maximum allowed: 8
[  531.418932][ T5934] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  531.442238][ T5934] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4
[  531.458374][ T5886] usb 7-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  531.470063][ T5934] usb 1-1: config 128 has no interface number 0
[  531.480639][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  531.490575][ T5934] usb 1-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  531.510790][ T5886] usb 7-1: Product: syz
[  531.515777][ T5886] usb 7-1: Manufacturer: syz
[  531.520966][ T5886] usb 7-1: SerialNumber: syz
[  531.526351][ T5934] usb 1-1: config 128 interface 127 has no altsetting 0
[  531.536473][ T5886] usb 7-1: config 0 descriptor??
[  531.544654][ T5886] hub 7-1:0.0: Invalid hub with more than one config or interface
[  531.553906][ T5886] hub 7-1:0.0: probe with driver hub failed with error -22
[  531.563692][ T5934] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  531.576461][ T5934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  531.585029][ T5886] gspca_main: 0ac8:c301 too many config
[  531.599030][ T5934] usb 1-1: Product: syz
[  531.605801][ T5934] usb 1-1: Manufacturer: syz
[  531.610513][ T5934] usb 1-1: SerialNumber: syz
[  531.735588][T11333] netlink: 1508 bytes leftover after parsing attributes in process `syz.3.1369'.
[  532.140619][ T5934] usb 1-1: USB disconnect, device number 60
[  532.215059][ T5907] usb 7-1: USB disconnect, device number 3
[  532.389466][T11345] netlink: 'syz.4.1373': attribute type 10 has an invalid length.
[  533.996910][T11361] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  534.501849][  T976] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  535.151390][  T976] usb 7-1: Using ep0 maxpacket: 8
[  535.157867][  T976] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  535.174874][  T976] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  535.233423][  T976] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  535.271259][  T976] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  536.154625][  T976] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  536.554773][  T976] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  536.565037][  T976] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.851423][  T976] usb 7-1: usb_control_msg returned -71
[  536.857066][  T976] usbtmc 7-1:16.0: can't read capabilities
[  536.943903][T11386] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  537.100308][ T5833] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  537.372575][ T5886] usb 1-1: new low-speed USB device number 61 using dummy_hcd
[  537.451344][  T976] usb 7-1: USB disconnect, device number 4
[  537.559960][ T5833] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  537.572279][ T5833] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  537.584115][ T5833] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  537.600153][ T5833] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  537.618689][ T5833] usb 6-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  537.628972][ T5833] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.730835][ T5833] usb 6-1: config 0 descriptor??
[  537.732324][ T5886] usb 1-1: No LPM exit latency info found, disabling LPM.
[  537.748647][ T5886] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  537.761834][ T5886] usb 1-1: config 1 interface 0 has no altsetting 0
[  537.772395][ T5886] usb 1-1: string descriptor 0 read error: -22
[  537.781544][ T5886] usb 1-1: New USB device found, idVendor=046d, idProduct=c53f, bcdDevice= 0.40
[  537.790612][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.806706][T11393] openvswitch: netlink: VXLAN extension message has 16 unknown bytes.
[  537.836021][   T30] audit: type=1400 audit(2000000283.760:479): avc:  denied  { ioctl } for  pid=11392 comm="syz.3.1387" path="socket:[41374]" dev="sockfs" ino=41374 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  537.914773][T11401] FAULT_INJECTION: forcing a failure.
[  537.914773][T11401] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  537.928420][T11401] CPU: 0 UID: 0 PID: 11401 Comm: syz.3.1389 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  537.928448][T11401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  537.928459][T11401] Call Trace:
[  537.928466][T11401]  <TASK>
[  537.928472][T11401]  dump_stack_lvl+0x16c/0x1f0
[  537.928511][T11401]  should_fail_ex+0x512/0x640
[  537.928542][T11401]  _copy_from_user+0x2e/0xd0
[  537.928571][T11401]  do_devconfig_ioctl+0x11c/0x710
[  537.928592][T11401]  ? __mutex_lock+0x1c2/0x1070
[  537.928612][T11401]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  537.928646][T11401]  ? find_held_lock+0x2b/0x80
[  537.928671][T11401]  comedi_unlocked_ioctl+0x165d/0x2f00
[  537.928697][T11401]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  537.928720][T11401]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  537.928739][T11401]  ? do_vfs_ioctl+0x128/0x14f0
[  537.928762][T11401]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  537.928783][T11401]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  537.928808][T11401]  ? hook_file_ioctl_common+0x145/0x410
[  537.928833][T11401]  ? selinux_file_ioctl+0x180/0x270
[  537.928848][T11401]  ? selinux_file_ioctl+0xb4/0x270
[  537.928864][T11401]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  537.928884][T11401]  __x64_sys_ioctl+0x18e/0x210
[  537.928906][T11401]  do_syscall_64+0xcd/0x4c0
[  537.928924][T11401]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  537.928943][T11401] RIP: 0033:0x7fd93698eb69
[  537.928956][T11401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  537.928969][T11401] RSP: 002b:00007fd9378b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  537.928985][T11401] RAX: ffffffffffffffda RBX: 00007fd936bb5fa0 RCX: 00007fd93698eb69
[  537.928995][T11401] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[  537.929004][T11401] RBP: 00007fd9378b6090 R08: 0000000000000000 R09: 0000000000000000
[  537.929013][T11401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  537.929026][T11401] R13: 0000000000000000 R14: 00007fd936bb5fa0 R15: 00007ffd49d17148
[  537.929048][T11401]  </TASK>
[  538.992689][   T30] audit: type=1400 audit(2000000284.670:480): avc:  denied  { setopt } for  pid=11404 comm="syz.4.1391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  539.012207][    C1] vkms_vblank_simulate: vblank timer overrun
[  539.526718][ T5833] usbhid 6-1:0.0: can't add hid device: -71
[  539.532858][ T5833] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  539.549998][ T5833] usb 6-1: USB disconnect, device number 6
[  539.691788][ T5886] usbhid 1-1:1.0: can't add hid device: -71
[  539.698727][ T5886] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  539.715100][ T5886] usb 1-1: USB disconnect, device number 61
[  540.501240][ T5839] Bluetooth: hci0: command 0x0406 tx timeout
[  540.501262][T11403] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  540.733169][T11429] can: request_module (can-proto-0) failed.
[  541.283276][T11403] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  541.347036][T11403] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  541.357436][T11403] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  541.366125][T11403] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  541.456642][T11403] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  542.371333][ T5886] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  542.626383][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[  542.641313][ T5886] usb 5-1: Using ep0 maxpacket: 32
[  542.671480][ T5886] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  542.682668][ T5886] usb 5-1: config 0 interface 0 has no altsetting 0
[  542.689263][ T5886] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  542.698477][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.712915][ T5886] usb 5-1: config 0 descriptor??
[  542.950648][T11454] can0: slcan on ptm0.
[  543.058066][T11456] netlink: 1508 bytes leftover after parsing attributes in process `syz.6.1400'.
[  543.114959][T11450] kvm: user requested TSC rate below hardware speed
[  543.373254][T11451] can0 (unregistered): slcan off ptm0.
[  543.381431][ T5839] Bluetooth: hci6: command 0x0c1a tx timeout
[  543.389680][ T5831] Bluetooth: hci3: command 0x0405 tx timeout
[  543.389711][ T5823] Bluetooth: hci2: command 0x0406 tx timeout
[  543.461266][ T5823] Bluetooth: hci5: command 0x041b tx timeout
[  543.517798][ T5886] corsair-cpro 0003:1B1C:0C10.0016: unknown main item tag 0x0
[  543.525411][  T976] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  543.551855][ T5886] corsair-cpro 0003:1B1C:0C10.0016: unknown main item tag 0x0
[  543.574162][ T5886] corsair-cpro 0003:1B1C:0C10.0016: unknown main item tag 0x0
[  543.587952][ T5886] corsair-cpro 0003:1B1C:0C10.0016: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.4-1/input0
[  543.701513][  T976] usb 1-1: Using ep0 maxpacket: 8
[  543.715185][  T976] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  543.729498][  T976] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  543.739423][  T976] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  543.758166][  T976] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  543.768453][  T976] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  543.785267][  T976] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  543.794440][  T976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.851231][   T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  543.861430][  T117] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  544.005294][   T24] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  544.012503][ T5886] corsair-cpro 0003:1B1C:0C10.0016: probe with driver corsair-cpro failed with error -110
[  544.016213][  T117] usb 4-1: Using ep0 maxpacket: 8
[  544.027306][  T976] usb 1-1: usb_control_msg returned -32
[  544.031095][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  544.036906][  T976] usbtmc 1-1:16.0: can't read capabilities
[  544.054120][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  544.057468][ T5886] usb 5-1: USB disconnect, device number 44
[  544.076616][  T117] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  544.085242][  T117] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  544.096176][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  544.111693][  T117] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  544.131280][   T24] usb 7-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  544.140583][  T117] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  544.152008][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.160671][  T117] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  544.175076][  T117] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  544.184728][   T24] usb 7-1: config 0 descriptor??
[  544.192433][  T117] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.211267][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  544.351376][   T10] usb 6-1: device descriptor read/64, error -71
[  544.387773][T11470] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  544.396038][T11470] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  544.416078][T11470] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  544.428107][  T117] usb 4-1: usb_control_msg returned -32
[  544.434788][T11470] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  544.436074][  T117] usbtmc 4-1:16.0: can't read capabilities
[  544.446790][T11470] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  544.544299][T11470] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  544.621274][   T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  544.761760][   T10] usb 6-1: device descriptor read/64, error -71
[  545.091568][   T10] usb usb6-port1: attempt power cycle
[  545.581458][   T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  545.602289][   T10] usb 6-1: device descriptor read/8, error -71
[  545.836396][   T24] usbhid 7-1:0.0: can't add hid device: -71
[  545.845648][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  545.861702][   T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  545.875314][   T24] usb 7-1: USB disconnect, device number 5
[  545.909125][   T10] usb 6-1: device descriptor read/8, error -71
[  546.025796][   T10] usb usb6-port1: unable to enumerate USB device
[  546.501250][ T5823] Bluetooth: hci0: command 0x0406 tx timeout
[  546.501391][ T5831] Bluetooth: hci2: command 0x0406 tx timeout
[  546.507495][ T5823] Bluetooth: hci1: command 0x0406 tx timeout
[  546.514524][   T51] Bluetooth: hci6: command 0x0c1a tx timeout
[  546.519304][ T5823] Bluetooth: hci3: command 0x0405 tx timeout
[  546.583539][T11492] Bluetooth: hci5: command 0x041b tx timeout
[  546.592891][   T10] usb 1-1: USB disconnect, device number 62
[  547.273660][T11498] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  547.644861][   T10] usb 4-1: USB disconnect, device number 43
[  548.760376][T11492] Bluetooth: hci5: command 0x041b tx timeout
[  548.767847][T11515] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  548.807362][T11513] kvm: user requested TSC rate below hardware speed
[  548.922585][   T10] libceph: connect (1)[c::]:6789 error -101
[  548.929026][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  548.946217][T11522] ceph: No mds server is up or the cluster is laggy
[  549.149085][T11521] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1419'.
[  549.506908][T11538] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  550.061437][ T5938] usb 4-1: new low-speed USB device number 44 using dummy_hcd
[  550.421399][ T5938] usb 4-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  550.434209][T11547] bond0: (slave batadv0): Releasing backup interface
[  550.452945][ T5938] usb 4-1: config 1 interface 0 has no altsetting 0
[  550.454861][   T59] Bluetooth: hci7: Frame reassembly failed (-84)
[  550.461897][T11547] batadv0: left promiscuous mode
[  550.489589][T11547] batadv0: left allmulticast mode
[  551.142668][ T5838] Bluetooth: hci5: command 0x041b tx timeout
[  551.182707][T11547] bridge_slave_0: left allmulticast mode
[  551.263880][T11558] netlink: 'syz.4.1427': attribute type 1 has an invalid length.
[  551.304357][T11547] bridge_slave_0: left promiscuous mode
[  551.326160][T11547] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.370744][T11547] bridge_slave_1: left allmulticast mode
[  551.378835][T11547] bridge_slave_1: left promiscuous mode
[  551.398994][T11547] bridge0: port 2(bridge_slave_1) entered disabled state
[  551.418370][T11563] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  551.440370][T11547] bond0: (slave bond_slave_0): Releasing backup interface
[  551.465369][T11547] bond_slave_0: left promiscuous mode
[  551.535713][T11547] bond_slave_0: left allmulticast mode
[  551.671056][T11547] bond0: (slave bond_slave_1): Releasing backup interface
[  551.672491][   T30] audit: type=1400 audit(2000000297.530:481): avc:  denied  { associate } for  pid=11562 comm="syz.0.1430" name="cpu.stat" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  551.754744][T11547] bond_slave_1: left promiscuous mode
[  551.803896][T11547] bond_slave_1: left allmulticast mode
[  551.905693][T11547] team_slave_0: left promiscuous mode
[  551.930046][T11547] team_slave_0: left allmulticast mode
[  551.995338][T11547] team0: Port device team_slave_0 removed
[  552.028685][T11547] team_slave_1: left promiscuous mode
[  552.064005][T11547] team_slave_1: left allmulticast mode
[  552.122554][T11547] team0: Port device team_slave_1 removed
[  552.160285][T11547] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  552.189609][T11547] batman_adv: batadv0: Removing interface: batadv_slave_0
[  552.242518][T11547] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  552.291859][ T5938] usb 4-1: New USB device found, idVendor=046d, idProduct=c53f, bcdDevice= 0.40
[  552.336151][T11547] batman_adv: batadv0: Removing interface: batadv_slave_1
[  552.464288][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.493270][ T5938] usb 4-1: can't set config #1, error -71
[  552.503104][ T5838] Bluetooth: hci7: command 0x1003 tx timeout
[  552.511365][ T5839] Bluetooth: hci7: Opcode 0x1003 failed: -110
[  552.605130][T11556] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  552.712762][T11569] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  553.135360][T11564] bond0: (slave batadv0): Releasing backup interface
[  553.164026][T11564] batadv0: left promiscuous mode
[  553.267568][T11564] batadv0: left allmulticast mode
[  553.284783][T11564] bridge_slave_0: left allmulticast mode
[  553.293948][T11564] bridge_slave_0: left promiscuous mode
[  553.296372][ T5938] usb 4-1: USB disconnect, device number 44
[  553.306828][T11564] bridge0: port 1(bridge_slave_0) entered disabled state
[  553.327974][T11564] bridge_slave_1: left allmulticast mode
[  553.337143][T11564] bridge_slave_1: left promiscuous mode
[  553.387950][T11564] bridge0: port 2(bridge_slave_1) entered disabled state
[  553.444147][T11564] bond0: (slave bond_slave_0): Releasing backup interface
[  553.453578][T11564] bond_slave_0: left promiscuous mode
[  553.460055][T11564] bond_slave_0: left allmulticast mode
[  553.477280][T11564] bond0: (slave bond_slave_1): Releasing backup interface
[  553.517965][T11564] bond_slave_1: left promiscuous mode
[  553.524787][T11564] bond_slave_1: left allmulticast mode
[  553.534229][T11564] team_slave_0: left promiscuous mode
[  553.539760][T11564] team_slave_0: left allmulticast mode
[  553.616483][T11564] team0: Port device team_slave_0 removed
[  553.796072][T11564] team_slave_1: left promiscuous mode
[  553.805162][T11580] ceph: No mds server is up or the cluster is laggy
[  553.813084][ T5938] libceph: connect (1)[c::]:6789 error -101
[  553.819240][ T5938] libceph: mon0 (1)[c::]:6789 connect error
[  553.821457][T11564] team_slave_1: left allmulticast mode
[  553.920844][T11564] team0: Port device team_slave_1 removed
[  554.039866][T11564] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  554.134480][T11588] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1435'.
[  554.519022][T11564] batman_adv: batadv0: Removing interface: batadv_slave_0
[  554.542934][T11564] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  554.613316][T11564] batman_adv: batadv0: Removing interface: batadv_slave_1
[  554.659568][T11574] macvtap1: entered promiscuous mode
[  554.685040][T11574] macvtap1: entered allmulticast mode
[  554.765156][T11575] macvtap1: entered promiscuous mode
[  554.770793][T11575] macvtap1: entered allmulticast mode
[  555.380195][T11578] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  555.796352][T11599] comedi comedi0: Minor -2147450880 is invalid!
[  556.446226][T11608] FAULT_INJECTION: forcing a failure.
[  556.446226][T11608] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  556.631219][T11608] CPU: 1 UID: 0 PID: 11608 Comm: syz.6.1441 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  556.631248][T11608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  556.631258][T11608] Call Trace:
[  556.631264][T11608]  <TASK>
[  556.631271][T11608]  dump_stack_lvl+0x16c/0x1f0
[  556.631303][T11608]  should_fail_ex+0x512/0x640
[  556.631328][T11608]  _copy_from_user+0x2e/0xd0
[  556.631355][T11608]  do_fb_ioctl+0x290/0x7e0
[  556.631382][T11608]  ? __pfx_do_fb_ioctl+0x10/0x10
[  556.631418][T11608]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  556.631466][T11608]  ? selinux_file_ioctl+0x180/0x270
[  556.631488][T11608]  fb_ioctl+0xe5/0x150
[  556.631510][T11608]  ? __pfx_fb_ioctl+0x10/0x10
[  556.631535][T11608]  __x64_sys_ioctl+0x18e/0x210
[  556.631561][T11608]  do_syscall_64+0xcd/0x4c0
[  556.631580][T11608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.631598][T11608] RIP: 0033:0x7f304258eb69
[  556.631612][T11608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  556.631629][T11608] RSP: 002b:00007f304347f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  556.631646][T11608] RAX: ffffffffffffffda RBX: 00007f30427b5fa0 RCX: 00007f304258eb69
[  556.631657][T11608] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003
[  556.631668][T11608] RBP: 00007f304347f090 R08: 0000000000000000 R09: 0000000000000000
[  556.631678][T11608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  556.631688][T11608] R13: 0000000000000000 R14: 00007f30427b5fa0 R15: 00007ffd241a1588
[  556.631712][T11608]  </TASK>
[  556.802000][  T976] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  557.450555][T11615] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  557.583004][  T976] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  557.606453][  T976] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  557.618445][  T976] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  557.637925][  T976] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  557.656817][T11622] comedi comedi0: Minor -2147450880 is invalid!
[  557.664000][  T976] usb 6-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  557.683477][  T976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.707802][  T976] usb 6-1: config 0 descriptor??
[  557.761579][ T5906] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  558.010978][ T5906] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  558.030630][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  558.092544][T11634] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  558.529669][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  558.681336][ T5886] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  558.689095][ T5906] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  558.702580][ T5906] usb 7-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  558.827960][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.839946][ T5906] usb 7-1: config 0 descriptor??
[  558.861313][ T5886] usb 4-1: Using ep0 maxpacket: 8
[  558.868896][ T5886] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  558.881451][ T5886] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  558.892201][ T5886] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  558.903141][ T5886] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  559.008147][ T5886] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  559.077069][ T5886] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  559.087154][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.446360][ T5886] usb 4-1: usb_control_msg returned -32
[  559.465884][ T5886] usbtmc 4-1:16.0: can't read capabilities
[  559.656886][ T5906] usbhid 7-1:0.0: can't add hid device: -71
[  559.716623][ T5906] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  559.795466][ T5906] usb 7-1: USB disconnect, device number 6
[  559.846588][ T5886] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  559.902026][T11637] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  559.909322][T11637] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  559.947116][T11637] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  559.957608][T11637] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  559.966516][  T976] usbhid 6-1:0.0: can't add hid device: -71
[  559.972546][  T976] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  559.983702][T11637] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  559.991666][  T976] usb 6-1: USB disconnect, device number 11
[  559.992741][T11637] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  560.041827][ T5886] usb 1-1: Using ep0 maxpacket: 8
[  560.050100][ T5886] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  560.059177][ T5886] usb 1-1: config 0 has no interface number 0
[  560.068784][ T5886] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  560.078710][ T5886] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.086979][ T5886] usb 1-1: Product: syz
[  560.091272][ T5886] usb 1-1: Manufacturer: syz
[  560.095898][ T5886] usb 1-1: SerialNumber: syz
[  560.102615][ T5886] usb 1-1: config 0 descriptor??
[  560.953674][ T5886] usb 1-1: Found UVC 0.04 device syz (046d:08c3)
[  560.975733][ T5886] usb 1-1: No streaming interface found for terminal 6.
[  560.994754][ T5886] usb 1-1: Failed to initialize entity for entity 5
[  561.008526][ T5886] usb 1-1: Failed to register entities (-22).
[  561.509996][   T24] usb 4-1: USB disconnect, device number 45
[  561.568929][ T5934] usb 1-1: USB disconnect, device number 63
[  561.941855][ T5838] Bluetooth: hci1: command 0x0406 tx timeout
[  562.378896][ T5938] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  562.386560][ T5838] Bluetooth: hci0: command 0x0406 tx timeout
[  562.395142][T11492] Bluetooth: hci5: command 0x041b tx timeout
[  562.401379][T11492] Bluetooth: hci6: command 0x0c1a tx timeout
[  562.401408][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  562.413583][ T5823] Bluetooth: hci3: command 0x0405 tx timeout
[  562.925612][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  562.940842][T11663] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  563.092993][ T5938] usb 7-1: too many configurations: 249, using maximum allowed: 8
[  563.120283][ T5938] usb 7-1: unable to read config index 0 descriptor/start: -61
[  563.190828][ T5938] usb 7-1: can't read configurations, error -61
[  563.419857][ T5938] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  564.411459][ T5934] usb 1-1: new full-speed USB device number 64 using dummy_hcd
[  564.433726][ T5823] Bluetooth: hci5: command 0x041b tx timeout
[  564.479283][T11680] comedi comedi0: Minor -2147450880 is invalid!
[  564.527018][ T5938] usb 7-1: too many configurations: 249, using maximum allowed: 8
[  564.559310][ T5938] usb 7-1: unable to read config index 0 descriptor/start: -71
[  564.572844][ T5934] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  564.668407][ T5938] usb 7-1: can't read configurations, error -71
[  564.675477][ T5938] usb usb7-port1: attempt power cycle
[  564.695405][ T5934] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  564.714943][ T5934] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  564.971233][T11689] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  565.211743][T11693] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  565.341677][ T5934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.588460][ T5934] usb 1-1: config 0 descriptor??
[  566.660128][T11696] can: request_module (can-proto-0) failed.
[  567.477730][T11710] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  567.521428][ T5938] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  567.705684][ T5886] usb 1-1: USB disconnect, device number 64
[  567.731918][ T5938] usb 7-1: Using ep0 maxpacket: 32
[  567.743075][ T5938] usb 7-1: unable to get BOS descriptor or descriptor too short
[  567.772025][ T5938] usb 7-1: config 128 has an invalid interface number: 127 but max is 3
[  567.780407][ T5938] usb 7-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  567.911938][ T5938] usb 7-1: config 128 has 1 interface, different from the descriptor's value: 4
[  567.921009][ T5938] usb 7-1: config 128 has no interface number 0
[  567.941280][ T5938] usb 7-1: config 128 interface 127 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[  567.949554][T11717] tracefs: Bad value for 'mode'
[  567.966936][   T30] audit: type=1400 audit(2000000313.890:482): avc:  denied  { mount } for  pid=11716 comm="syz.5.1473" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  567.989212][    C0] vkms_vblank_simulate: vblank timer overrun
[  568.091216][   T30] audit: type=1400 audit(2000000313.890:483): avc:  denied  { remount } for  pid=11716 comm="syz.5.1473" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  568.125360][T11726] netlink: 1508 bytes leftover after parsing attributes in process `syz.0.1472'.
[  568.509496][ T5938] usb 7-1: config 128 interface 127 has no altsetting 0
[  568.811851][ T5938] usb 7-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  568.820891][ T5938] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.841287][ T5938] usb 7-1: Product: syz
[  568.845635][ T5938] usb 7-1: Manufacturer: syz
[  568.850232][ T5938] usb 7-1: SerialNumber: syz
[  568.911202][   T30] audit: type=1400 audit(2000000314.840:484): avc:  denied  { unmount } for  pid=10656 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  569.170729][ T5938] usb 7-1: USB disconnect, device number 10
[  569.417895][T11739] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1476'.
[  570.148616][T11743] can: request_module (can-proto-0) failed.
[  570.336330][ T5886] libceph: connect (1)[c::]:6789 error -101
[  570.350265][T11751] ceph: No mds server is up or the cluster is laggy
[  570.361942][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[  570.954864][ T5833] usb 4-1: new full-speed USB device number 46 using dummy_hcd
[  571.379868][T11766] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  571.596078][ T5833] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.693268][ T5833] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  571.715673][ T5833] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  571.829758][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.962211][T11776] netlink: 'syz.0.1486': attribute type 10 has an invalid length.
[  571.978533][T11776] 8021q: adding VLAN 0 to HW filter on device batadv0
[  572.000067][T11776] batadv0: entered promiscuous mode
[  572.006534][T11776] batadv0: entered allmulticast mode
[  572.015804][T11776] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  572.667771][ T5833] usb 4-1: config 0 descriptor??
[  573.745660][ T5886] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  573.817095][T11781] can: request_module (can-proto-0) failed.
[  573.951614][ T5886] usb 7-1: Using ep0 maxpacket: 32
[  574.058842][ T5886] usb 7-1: too many configurations: 29, using maximum allowed: 8
[  574.083310][ T5886] usb 7-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  574.092932][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.101095][ T5886] usb 7-1: Product: syz
[  574.105630][ T5886] usb 7-1: Manufacturer: syz
[  574.110315][ T5886] usb 7-1: SerialNumber: syz
[  574.188229][T11796] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  574.385526][ T5938] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  574.531460][ T5938] usb 6-1: device descriptor read/64, error -71
[  574.564876][ T5886] usb 7-1: config 0 descriptor??
[  575.028485][ T5934] usb 4-1: USB disconnect, device number 46
[  575.084419][ T5886] usb 7-1: can't set config #0, error -71
[  575.106070][ T5886] usb 7-1: USB disconnect, device number 11
[  575.206132][ T5938] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  575.582666][T11810] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  576.016498][ T5938] usb 6-1: device descriptor read/64, error -71
[  576.154524][ T5938] usb usb6-port1: attempt power cycle
[  576.161352][T11811] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  576.184679][ T5833] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  576.355668][ T5833] usb 1-1: Using ep0 maxpacket: 32
[  576.375416][ T5833] usb 1-1: unable to get BOS descriptor or descriptor too short
[  576.384005][ T5833] usb 1-1: unable to read config index 0 descriptor/start: -71
[  576.401254][ T5833] usb 1-1: can't read configurations, error -71
[  576.512821][T11819] kvm: user requested TSC rate below hardware speed
[  576.541406][ T5938] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  576.576405][ T5938] usb 6-1: device descriptor read/8, error -71
[  576.855141][ T5938] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  576.895954][T11821] can: request_module (can-proto-0) failed.
[  577.142840][ T5938] usb 6-1: device not accepting address 15, error -71
[  577.150206][ T5938] usb usb6-port1: unable to enumerate USB device
[  577.216620][T11835] fuse: Bad value for 'fd'
[  577.231063][   T30] audit: type=1400 audit(2000000323.170:485): avc:  denied  { mount } for  pid=11830 comm="syz.4.1506" name="/" dev="ramfs" ino=44191 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  577.570168][T11835] syzkaller0: tun_chr_ioctl cmd 1074025672
[  577.576200][T11835] syzkaller0: ignored: set checksum disabled
[  577.959854][T11842] kvm: user requested TSC rate below hardware speed
[  578.453795][T11847] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  578.571259][ T5934] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  578.608942][   T30] audit: type=1400 audit(2000000324.550:486): avc:  denied  { read append } for  pid=11851 comm="syz.4.1513" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  578.637031][T11852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1513'.
[  578.650636][   T30] audit: type=1400 audit(2000000324.580:487): avc:  denied  { module_load } for  pid=11851 comm="syz.4.1513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  578.755162][ T5934] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.781075][ T5934] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  578.790993][ T5934] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  578.794890][T11854] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.811676][ T5934] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  578.829892][T11854] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  578.844148][ T5934] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.866344][ T5934] usb 6-1: config 0 descriptor??
[  578.899017][T11859] can: request_module (can-proto-0) failed.
[  579.599783][T11876] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1519'.
[  580.059425][ T5934] usbhid 6-1:0.0: can't add hid device: -71
[  580.065623][ T5934] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  580.075717][ T5934] usb 6-1: USB disconnect, device number 16
[  580.140883][   T30] audit: type=1400 audit(2000000326.080:488): avc:  denied  { connect } for  pid=11882 comm="syz.4.1523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  581.336016][T11891] netlink: 'syz.0.1525': attribute type 10 has an invalid length.
[  584.335632][T11899] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  584.385939][T11897] can: request_module (can-proto-0) failed.
[  584.398060][T11903] FAULT_INJECTION: forcing a failure.
[  584.398060][T11903] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  584.426186][T11903] CPU: 1 UID: 0 PID: 11903 Comm: syz.0.1528 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  584.426213][T11903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  584.426223][T11903] Call Trace:
[  584.426229][T11903]  <TASK>
[  584.426236][T11903]  dump_stack_lvl+0x16c/0x1f0
[  584.426268][T11903]  should_fail_ex+0x512/0x640
[  584.426296][T11903]  _copy_from_iter+0x29f/0x16f0
[  584.426325][T11903]  ? __alloc_skb+0x200/0x380
[  584.426351][T11903]  ? __pfx__copy_from_iter+0x10/0x10
[  584.426378][T11903]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  584.426413][T11903]  netlink_sendmsg+0x829/0xdd0
[  584.426433][T11903]  ? __pfx_netlink_sendmsg+0x10/0x10
[  584.426459][T11903]  ____sys_sendmsg+0xa98/0xc70
[  584.426480][T11903]  ? copy_msghdr_from_user+0x10a/0x160
[  584.426503][T11903]  ? __pfx_____sys_sendmsg+0x10/0x10
[  584.426537][T11903]  ___sys_sendmsg+0x134/0x1d0
[  584.426567][T11903]  ? __pfx____sys_sendmsg+0x10/0x10
[  584.426589][T11903]  ? __lock_acquire+0x622/0x1c90
[  584.426630][T11903]  ? __mutex_unlock_slowpath+0xa0/0x800
[  584.426652][T11903]  __sys_sendmsg+0x16d/0x220
[  584.426676][T11903]  ? __pfx___sys_sendmsg+0x10/0x10
[  584.426715][T11903]  do_syscall_64+0xcd/0x4c0
[  584.426734][T11903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.426751][T11903] RIP: 0033:0x7fcfa0b8eb69
[  584.426766][T11903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.426782][T11903] RSP: 002b:00007fcfa1a66038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  584.426799][T11903] RAX: ffffffffffffffda RBX: 00007fcfa0db5fa0 RCX: 00007fcfa0b8eb69
[  584.426810][T11903] RDX: 0000000000004000 RSI: 00002000000010c0 RDI: 0000000000000004
[  584.426820][T11903] RBP: 00007fcfa1a66090 R08: 0000000000000000 R09: 0000000000000000
[  584.426830][T11903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  584.426840][T11903] R13: 0000000000000000 R14: 00007fcfa0db5fa0 R15: 00007ffe5a766d38
[  584.426862][T11903]  </TASK>
[  584.629643][    C1] vkms_vblank_simulate: vblank timer overrun
[  584.989003][   T30] audit: type=1400 audit(2000000330.920:489): avc:  denied  { name_bind } for  pid=11914 comm="syz.5.1533" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1
[  585.093132][T11905] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  585.122364][   T30] audit: type=1400 audit(2000000330.920:490): avc:  denied  { shutdown } for  pid=11914 comm="syz.5.1533" laddr=224.0.0.1 lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  585.144296][    C1] vkms_vblank_simulate: vblank timer overrun
[  585.164538][T11918] ceph: No mds server is up or the cluster is laggy
[  585.172993][ T5906] libceph: connect (1)[c::]:6789 error -101
[  585.180374][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  585.310675][T11925] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  585.653742][   T30] audit: type=1400 audit(2000000331.590:491): avc:  denied  { execute } for  pid=11923 comm="syz.5.1535" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  585.971225][ T5938] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  586.137972][T11936] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  586.407535][ T5938] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  586.456561][ T5938] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 576, setting to 64
[  586.471427][ T5886] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  586.481414][ T5938] usb 6-1: New USB device found, idVendor=28bd, idProduct=0074, bcdDevice= 0.00
[  586.496952][ T5938] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.624808][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.642342][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  586.657334][ T5938] usb 6-1: config 0 descriptor??
[  586.657377][ T5886] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  586.663341][T11924] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  586.686912][ T5886] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  587.160332][T11942] FAULT_INJECTION: forcing a failure.
[  587.160332][T11942] name failslab, interval 1, probability 0, space 0, times 0
[  587.174207][T11942] CPU: 1 UID: 0 PID: 11942 Comm: syz.6.1539 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  587.174237][T11942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  587.174248][T11942] Call Trace:
[  587.174255][T11942]  <TASK>
[  587.174262][T11942]  dump_stack_lvl+0x16c/0x1f0
[  587.174311][T11942]  should_fail_ex+0x512/0x640
[  587.174336][T11942]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  587.174360][T11942]  should_failslab+0xc2/0x120
[  587.174381][T11942]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  587.174402][T11942]  ? alloc_inode+0xc3/0x240
[  587.174430][T11942]  alloc_inode+0xc3/0x240
[  587.174453][T11942]  iget_locked+0x2e4/0x830
[  587.174480][T11942]  ? __pfx_iget_locked+0x10/0x10
[  587.174506][T11942]  ? find_held_lock+0x2b/0x80
[  587.174528][T11942]  ? kernfs_root+0xee/0x2a0
[  587.174554][T11942]  kernfs_get_inode+0x48/0x460
[  587.174576][T11942]  kernfs_iop_lookup+0x1a7/0x2d0
[  587.174602][T11942]  lookup_one_qstr_excl+0x1ce/0x250
[  587.174626][T11942]  ? mnt_want_write+0x161/0x450
[  587.174654][T11942]  filename_create+0x1e7/0x4a0
[  587.174682][T11942]  ? __pfx_filename_create+0x10/0x10
[  587.174713][T11942]  ? __might_fault+0xe3/0x190
[  587.174732][T11942]  ? __might_fault+0xe3/0x190
[  587.174748][T11942]  ? __might_fault+0x13b/0x190
[  587.174769][T11942]  do_mkdirat+0xaa/0x3e0
[  587.174790][T11942]  ? __pfx_do_mkdirat+0x10/0x10
[  587.174812][T11942]  ? getname_flags.part.0+0x1c5/0x550
[  587.174839][T11942]  __x64_sys_mkdir+0xef/0x140
[  587.174859][T11942]  do_syscall_64+0xcd/0x4c0
[  587.174880][T11942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.174898][T11942] RIP: 0033:0x7f304258eb69
[  587.174915][T11942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  587.174932][T11942] RSP: 002b:00007f304345e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  587.174951][T11942] RAX: ffffffffffffffda RBX: 00007f30427b6080 RCX: 00007f304258eb69
[  587.174963][T11942] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[  587.174974][T11942] RBP: 00007f304345e090 R08: 0000000000000000 R09: 0000000000000000
[  587.174985][T11942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  587.174995][T11942] R13: 0000000000000000 R14: 00007f30427b6080 R15: 00007ffd241a1588
[  587.175020][T11942]  </TASK>
[  587.180153][T11942] overlayfs: failed to resolve './file0': -2
[  587.301298][ T5938] usbhid 6-1:0.0: can't add hid device: -71
[  587.304936][ T5934] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  587.327769][ T5938] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  587.328879][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.348539][ T5938] usb 6-1: USB disconnect, device number 17
[  587.386741][ T5886] usb 4-1: config 0 descriptor??
[  587.591267][ T5934] usb 1-1: Using ep0 maxpacket: 32
[  587.598700][ T5934] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  587.611388][ T5934] usb 1-1: config 0 interface 0 has no altsetting 0
[  587.618051][ T5934] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  588.156362][ T5934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.173047][ T5934] usb 1-1: config 0 descriptor??
[  588.342241][   T30] audit: type=1400 audit(2000000334.290:492): avc:  denied  { ioctl } for  pid=11953 comm="syz.6.1544" path="socket:[44694]" dev="sockfs" ino=44694 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  589.095990][ T5886] usbhid 4-1:0.0: can't add hid device: -71
[  589.103180][ T5886] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  589.113831][ T5886] usb 4-1: USB disconnect, device number 47
[  589.139983][   T30] audit: type=1400 audit(2000000335.080:493): avc:  denied  { listen } for  pid=11959 comm="syz.5.1546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  589.209384][ T5934] corsair-cpro 0003:1B1C:0C10.0017: unknown main item tag 0x0
[  589.333582][ T5934] corsair-cpro 0003:1B1C:0C10.0017: unknown main item tag 0x0
[  589.341113][ T5934] corsair-cpro 0003:1B1C:0C10.0017: unknown main item tag 0x0
[  589.484854][ T5934] corsair-cpro 0003:1B1C:0C10.0017: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.0-1/input0
[  589.847051][T11972] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  589.856315][    C0] usb 1-1: input irq status -75 received
[  590.508793][ T5934] corsair-cpro 0003:1B1C:0C10.0017: probe with driver corsair-cpro failed with error -110
[  590.537395][T11979] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  591.651245][ T5833] usb 1-1: USB disconnect, device number 67
[  592.004899][T11998] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  592.341263][ T5906] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  592.509055][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  592.526173][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  592.547150][ T5906] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  592.570529][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.598151][ T5906] usb 7-1: config 0 descriptor??
[  593.858586][   T30] audit: type=1400 audit(2000000339.800:494): avc:  denied  { listen } for  pid=12033 comm="syz.5.1568" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  594.317332][ T5906] usbhid 7-1:0.0: can't add hid device: -71
[  594.335592][ T5906] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  594.430248][ T5906] usb 7-1: USB disconnect, device number 12
[  595.195790][T12054] netlink: 'syz.3.1573': attribute type 10 has an invalid length.
[  596.719989][T12069] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  597.114374][T12066] netlink: 'syz.0.1577': attribute type 10 has an invalid length.
[  597.587289][   T30] audit: type=1400 audit(2000000343.520:495): avc:  denied  { watch } for  pid=12086 comm="syz.0.1583" path="/329/file1" dev="tmpfs" ino=1832 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  597.610328][    C0] vkms_vblank_simulate: vblank timer overrun
[  597.651856][   T24] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  597.875132][   T30] audit: type=1400 audit(2000000343.520:496): avc:  denied  { watch_sb watch_reads } for  pid=12086 comm="syz.0.1583" path="/329/file1" dev="tmpfs" ino=1832 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  598.126449][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  598.139065][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  598.154041][   T24] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  598.165055][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.195730][   T24] usb 5-1: config 0 descriptor??
[  599.022359][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  599.350085][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  599.375255][   T24] usb 5-1: USB disconnect, device number 45
[  599.471521][ T5906] usb 6-1: new low-speed USB device number 18 using dummy_hcd
[  599.887089][T12113] can0: slcan on ptm0.
[  599.977002][ T5906] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  600.010753][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  600.079839][ T5906] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  600.131357][ T5934] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  601.133333][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  601.144776][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  601.157471][ T5906] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  601.161320][T12108] can0 (unregistered): slcan off ptm0.
[  601.165910][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  601.251322][ T5906] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  601.265039][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  601.280097][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  601.363950][ T5906] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  601.392150][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  601.404526][ T5906] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  601.416575][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  601.434404][ T5934] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  601.443611][ T5934] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.451749][ T5934] usb 7-1: Product: syz
[  601.455932][ T5934] usb 7-1: Manufacturer: syz
[  601.466495][ T5906] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  601.481237][ T5934] usb 7-1: SerialNumber: syz
[  601.520217][ T5906] usb 6-1: string descriptor 0 read error: -22
[  601.527105][ T5934] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  601.542108][ T5906] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  601.568533][ T5906] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.581398][  T976] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  601.604905][ T5906] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  601.713676][T12125] batadv_slave_0: entered promiscuous mode
[  602.112705][ T5907] usb 6-1: USB disconnect, device number 18
[  602.227365][T12127] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  602.684471][  T976] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  602.692758][  T976] ath9k_htc: Failed to initialize the device
[  602.744364][  T976] usb 7-1: ath9k_htc: USB layer deinitialized
[  603.137576][ T5833] usb 7-1: USB disconnect, device number 13
[  603.202249][  T117] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  603.212096][ T5907] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  603.415090][  T117] usb 5-1: Using ep0 maxpacket: 8
[  603.444837][  T117] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  603.465503][  T117] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  603.475767][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  603.486707][ T5907] usb 6-1: too many configurations: 29, using maximum allowed: 8
[  603.499357][  T117] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  603.628519][  T117] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  603.678155][ T5907] usb 6-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  603.755307][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.765312][  T117] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  603.788921][ T5907] usb 6-1: Product: syz
[  603.795616][  T117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.963215][ T5907] usb 6-1: Manufacturer: syz
[  603.967949][ T5907] usb 6-1: SerialNumber: syz
[  604.451938][ T5907] usb 6-1: config 0 descriptor??
[  604.475050][ T5907] hub 6-1:0.0: Invalid hub with more than one config or interface
[  604.500332][ T5907] hub 6-1:0.0: probe with driver hub failed with error -22
[  604.537891][ T5907] gspca_main: 0ac8:c301 too many config
[  604.602593][T12149] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  604.613802][T12149] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  604.714054][  T117] usb 5-1: GET_CAPABILITIES returned 0
[  604.722055][  T117] usbtmc 5-1:16.0: can't read capabilities
[  604.724341][T12152] can0: slcan on ptm0.
[  604.975563][  T117] usb 5-1: USB disconnect, device number 46
[  605.091518][T12150] can0 (unregistered): slcan off ptm0.
[  605.321385][ T5938] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  605.668872][T12165] netlink: 'syz.4.1606': attribute type 11 has an invalid length.
[  605.688238][T12165] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1606'.
[  605.709197][T12165] netlink: 'syz.4.1606': attribute type 21 has an invalid length.
[  605.755729][ T5938] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  605.776813][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  605.798379][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  605.841387][   T30] audit: type=1400 audit(2000000351.650:497): avc:  denied  { write } for  pid=12163 comm="syz.4.1606" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  605.942771][ T5938] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  605.995376][T12161] can: request_module (can-proto-0) failed.
[  606.029633][ T5938] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  606.057261][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.099165][ T5938] usb 1-1: config 0 descriptor??
[  606.322325][T12178] netlink: 'syz.6.1607': attribute type 1 has an invalid length.
[  606.330670][T12178] netlink: 'syz.6.1607': attribute type 4 has an invalid length.
[  606.338565][T12178] netlink: 9462 bytes leftover after parsing attributes in process `syz.6.1607'.
[  606.475373][ T5934] IPVS: starting estimator thread 0...
[  606.651481][T12180] IPVS: using max 71 ests per chain, 170400 per kthread
[  606.663602][  T117] usb 6-1: USB disconnect, device number 19
[  606.721283][ T5934] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  607.385312][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  607.491656][T12193] can0: slcan on ptm0.
[  607.735236][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  607.779988][ T5934] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  607.890799][ T5934] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  608.001427][T12190] can0 (unregistered): slcan off ptm0.
[  608.018808][ T5934] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.071578][ T5938] usbhid 1-1:0.0: can't add hid device: -71
[  608.077648][ T5938] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  608.089736][ T5938] usb 1-1: USB disconnect, device number 68
[  608.103378][ T5934] usb 4-1: config 0 descriptor??
[  608.177880][T12199] FAULT_INJECTION: forcing a failure.
[  608.177880][T12199] name failslab, interval 1, probability 0, space 0, times 0
[  608.190959][T12199] CPU: 1 UID: 0 PID: 12199 Comm: syz.4.1616 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  608.190984][T12199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  608.190994][T12199] Call Trace:
[  608.191002][T12199]  <TASK>
[  608.191009][T12199]  dump_stack_lvl+0x16c/0x1f0
[  608.191032][T12199]  should_fail_ex+0x512/0x640
[  608.191051][T12199]  should_failslab+0xc2/0x120
[  608.191066][T12199]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  608.191082][T12199]  ? lock_acquire+0x179/0x350
[  608.191112][T12199]  ? dst_alloc+0x99/0x1a0
[  608.191137][T12199]  ? __pfx_ip6_dst_gc+0x10/0x10
[  608.191154][T12199]  dst_alloc+0x99/0x1a0
[  608.191178][T12199]  ip6_pol_route+0x96b/0x1230
[  608.191205][T12199]  ? __pfx_ip6_pol_route+0x10/0x10
[  608.191230][T12199]  ? __pfx_rt6_multipath_hash+0x10/0x10
[  608.191255][T12199]  ? is_bpf_text_address+0x94/0x1a0
[  608.191286][T12199]  ? __pfx_ip6_pol_route_input+0x10/0x10
[  608.191316][T12199]  fib6_rule_lookup+0x5b8/0x720
[  608.191344][T12199]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  608.191369][T12199]  ? __pfx_stack_trace_save+0x10/0x10
[  608.191392][T12199]  ? stack_depot_save_flags+0x28/0xa40
[  608.191422][T12199]  ? __lock_acquire+0x622/0x1c90
[  608.191453][T12199]  ip6_route_input+0x662/0xc00
[  608.191483][T12199]  ? __pfx_ip6_route_input+0x10/0x10
[  608.191507][T12199]  ? lock_acquire+0x179/0x350
[  608.191549][T12199]  ? sock_wfree+0x11c/0x880
[  608.191576][T12199]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  608.191607][T12199]  ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0
[  608.191637][T12199]  ipv6_rcv+0x1e8/0x650
[  608.191664][T12199]  ? __pfx_ipv6_rcv+0x10/0x10
[  608.191688][T12199]  __netif_receive_skb_one_core+0x12d/0x1e0
[  608.191714][T12199]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  608.191740][T12199]  ? lock_acquire+0x179/0x350
[  608.191767][T12199]  ? __phys_addr+0xe8/0x180
[  608.191792][T12199]  __netif_receive_skb+0x1d/0x160
[  608.191815][T12199]  netif_receive_skb+0x137/0x7b0
[  608.191837][T12199]  ? __pfx_netif_receive_skb+0x10/0x10
[  608.191859][T12199]  tun_rx_batched.isra.0+0x3ee/0x740
[  608.191877][T12199]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  608.191896][T12199]  ? tun_get_user+0x1d8a/0x3ce0
[  608.191913][T12199]  ? rcu_is_watching+0x12/0xc0
[  608.191938][T12199]  tun_get_user+0x28e4/0x3ce0
[  608.191972][T12199]  ? __pfx_tun_get_user+0x10/0x10
[  608.191993][T12199]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  608.192014][T12199]  ? find_held_lock+0x2b/0x80
[  608.192027][T12199]  ? tun_get+0x191/0x370
[  608.192047][T12199]  tun_chr_write_iter+0xdc/0x210
[  608.192072][T12199]  vfs_write+0x6c7/0x1150
[  608.192090][T12199]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  608.192116][T12199]  ? __pfx_vfs_write+0x10/0x10
[  608.192129][T12199]  ? find_held_lock+0x2b/0x80
[  608.192151][T12199]  ksys_write+0x12a/0x250
[  608.192161][T12199]  ? __pfx_ksys_write+0x10/0x10
[  608.192176][T12199]  do_syscall_64+0xcd/0x4c0
[  608.192188][T12199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.192204][T12199] RIP: 0033:0x7fa8c6f8d61f
[  608.192219][T12199] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  608.192235][T12199] RSP: 002b:00007fa8c7e19000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  608.192252][T12199] RAX: ffffffffffffffda RBX: 00007fa8c71b5fa0 RCX: 00007fa8c6f8d61f
[  608.192264][T12199] RDX: 000000000000005e RSI: 0000200000000000 RDI: 00000000000000c8
[  608.192274][T12199] RBP: 00007fa8c7e19090 R08: 0000000000000000 R09: 0000000000000000
[  608.192282][T12199] R10: 000000000000005e R11: 0000000000000293 R12: 0000000000000001
[  608.192288][T12199] R13: 0000000000000000 R14: 00007fa8c71b5fa0 R15: 00007ffc332ba798
[  608.192306][T12199]  </TASK>
[  608.971536][ T5934] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  609.251629][T12208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1617'.
[  609.680585][T12212] can: request_module (can-proto-0) failed.
[  609.703076][ T5906] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  609.705954][ T5938] usb 4-1: USB disconnect, device number 48
[  609.710749][ T5934] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  609.912781][ T5934] usb 7-1: Using ep0 maxpacket: 32
[  609.920499][ T5906] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  609.931875][ T5934] usb 7-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  609.943266][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  609.954557][ T5934] usb 7-1: config 0 interface 0 has no altsetting 0
[  609.963835][ T5934] usb 7-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  609.972933][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  609.982737][ T5934] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.996559][ T5886] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  610.007867][ T5906] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  610.054018][ T5906] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  610.081262][ T5934] usb 7-1: config 0 descriptor??
[  610.158177][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.303479][ T5886] usb 6-1: Using ep0 maxpacket: 8
[  610.311427][ T5906] usb 5-1: config 0 descriptor??
[  610.347953][ T5886] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  610.365015][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.385665][ T5886] pvrusb2: Hardware description: Terratec Grabster AV400
[  610.397078][ T5886] pvrusb2: **********
[  610.402886][ T5886] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  610.413167][ T5886] pvrusb2: Important functionality might not be entirely working.
[  610.420985][ T5886] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  610.433109][ T5886] pvrusb2: **********
[  610.612052][ T2337] pvrusb2: Invalid write control endpoint
[  610.632131][ T5938] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  610.721095][ T2337] pvrusb2: Invalid write control endpoint
[  610.751318][ T2337] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  610.760881][ T2337] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  610.768945][ T2337] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  610.779242][ T2337] pvrusb2: Device being rendered inoperable
[  610.787250][ T2337] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  610.795970][ T2337] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  610.805552][ T5938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  610.824463][ T5907] usb 6-1: USB disconnect, device number 20
[  610.833558][ T5938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  610.844579][ T5938] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  610.913183][ T2337] pvrusb2: Attached sub-driver cx25840
[  610.924277][ T2337] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  610.931296][ T5938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.942637][ T2337] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  610.969093][ T5934] corsair-cpro 0003:1B1C:0C10.0019: unknown main item tag 0x0
[  610.991421][ T5938] usb 4-1: config 0 descriptor??
[  611.005610][ T5934] corsair-cpro 0003:1B1C:0C10.0019: unknown main item tag 0x0
[  611.024869][ T5934] corsair-cpro 0003:1B1C:0C10.0019: unknown main item tag 0x0
[  611.028701][T12226] comedi comedi0: Minor -2147450880 is invalid!
[  611.041007][ T5934] corsair-cpro 0003:1B1C:0C10.0019: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.6-1/input0
[  611.166228][    C0] usb 7-1: input irq status -75 received
[  611.501284][T12231] can0: slcan on ptm0.
[  611.542789][ T5934] corsair-cpro 0003:1B1C:0C10.0019: probe with driver corsair-cpro failed with error -110
[  612.001943][T12229] can0 (unregistered): slcan off ptm0.
[  612.288771][ T5938] usbhid 4-1:0.0: can't add hid device: -71
[  612.300915][ T5938] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  612.325362][ T5938] usb 4-1: USB disconnect, device number 49
[  612.389555][ T5906] usbhid 5-1:0.0: can't add hid device: -71
[  612.406622][ T5906] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  612.597302][   T31] INFO: task kworker/u8:6:1320 blocked for more than 143 seconds.
[  612.780219][   T31]       Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0
[  612.977364][ T5906] usb 5-1: USB disconnect, device number 47
[  612.985502][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  613.004929][   T31] task:kworker/u8:6    state:D stack:25048 pid:1320  tgid:1320  ppid:2      task_flags:0x4208060 flags:0x00004000
[  613.037509][ T5934] usb 7-1: USB disconnect, device number 14
[  613.044389][   T31] Workqueue: events_unbound netfs_write_collection_worker
[  613.055237][   T31] Call Trace:
[  613.058642][   T31]  <TASK>
[  613.069173][   T31]  __schedule+0x1190/0x5df0
[  613.074532][   T31]  ? __lock_acquire+0x1053/0x1c90
[  613.080669][   T31]  ? __lock_acquire+0x622/0x1c90
[  613.085773][   T31]  ? __pfx___schedule+0x10/0x10
[  613.091829][   T31]  ? find_held_lock+0x2b/0x80
[  613.096939][   T31]  ? schedule+0x2d7/0x3a0
[  613.100907][T12246] can: request_module (can-proto-0) failed.
[  613.101549][   T31]  schedule+0xe7/0x3a0
[  613.111726][   T31]  netfs_wait_for_in_progress_stream+0x17a/0x440
[  613.118137][   T31]  ? __pfx_netfs_wait_for_in_progress_stream+0x10/0x10
[  613.131148][   T31]  ? rcu_is_watching+0x12/0xc0
[  613.136808][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[  613.143020][   T31]  ? unwind_next_frame+0x3fe/0x20a0
[  613.148305][   T31]  ? ret_from_fork_asm+0x1a/0x30
[  613.153522][   T31]  netfs_retry_writes+0x1385/0x19b0
[  613.158763][   T31]  ? arch_stack_walk+0x94/0x100
[  613.164280][   T31]  ? ret_from_fork_asm+0x1a/0x30
[  613.169299][   T31]  ? __pfx_netfs_retry_writes+0x10/0x10
[  613.174959][   T31]  ? __pfx_stack_trace_save+0x10/0x10
[  613.180352][   T31]  ? check_path.constprop.0+0x24/0x50
[  613.186422][   T31]  netfs_write_collection+0x20ae/0x3760
[  613.192818][   T31]  netfs_write_collection_worker+0xea/0x1d0
[  613.198722][   T31]  process_one_work+0x9cf/0x1b70
[  613.206078][   T31]  ? __pfx_process_one_work+0x10/0x10
[  613.212349][   T31]  ? assign_work+0x1a0/0x250
[  613.216968][   T31]  worker_thread+0x6c8/0xf10
[  613.224262][   T31]  ? __pfx_worker_thread+0x10/0x10
[  613.229385][   T31]  kthread+0x3c5/0x780
[  613.233593][   T31]  ? __pfx_kthread+0x10/0x10
[  613.238306][   T31]  ? rcu_is_watching+0x12/0xc0
[  613.243424][   T31]  ? __pfx_kthread+0x10/0x10
[  613.248040][   T31]  ret_from_fork+0x5d4/0x6f0
[  613.252714][   T31]  ? __pfx_kthread+0x10/0x10
[  613.257325][   T31]  ret_from_fork_asm+0x1a/0x30
[  613.262702][   T31]  </TASK>
[  613.289325][   T31] 
[  613.289325][   T31] Showing all locks held in the system:
[  613.297314][   T31] 1 lock held by khungtaskd/31:
[  613.306803][   T31]  #0: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  613.319796][   T31] 2 locks held by kworker/u8:6/1320:
[  613.327690][   T31]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  613.339702][   T31]  #1: ffffc900044ffd10 ((work_completion)(&rreq->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  613.351174][   T31] 1 lock held by klogd/5185:
[  613.355760][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  613.365797][   T31] 2 locks held by getty/5587:
[  613.370491][   T31]  #0: ffff8880322c70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  613.380666][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  613.390961][   T31] 1 lock held by syz.2.1155/10488:
[  613.396431][   T31]  #0: ffff8880511a8500 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_writepages+0xba/0x920
[  613.406086][   T31] 1 lock held by syz.1.1233/10818:
[  613.411739][   T31]  #0: ffff8880325a8428 (sb_writers#3){.+.+}-{0:0}, at: splice_direct_to_actor+0x345/0xa30
[  613.422456][   T31] 
[  613.424807][   T31] =============================================
[  613.424807][   T31] 
[  613.436714][   T31] NMI backtrace for cpu 1
[  613.436735][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  613.436757][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  613.436768][   T31] Call Trace:
[  613.436775][   T31]  <TASK>
[  613.436784][   T31]  dump_stack_lvl+0x116/0x1f0
[  613.436820][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  613.436840][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  613.436867][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  613.436896][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  613.436920][   T31]  watchdog+0xf0e/0x1260
[  613.436945][   T31]  ? __pfx_watchdog+0x10/0x10
[  613.436963][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  613.436990][   T31]  ? __kthread_parkme+0x19e/0x250
[  613.437022][   T31]  ? __pfx_watchdog+0x10/0x10
[  613.437041][   T31]  kthread+0x3c5/0x780
[  613.437058][   T31]  ? __pfx_kthread+0x10/0x10
[  613.437077][   T31]  ? rcu_is_watching+0x12/0xc0
[  613.437099][   T31]  ? __pfx_kthread+0x10/0x10
[  613.437116][   T31]  ret_from_fork+0x5d4/0x6f0
[  613.437131][   T31]  ? __pfx_kthread+0x10/0x10
[  613.437148][   T31]  ret_from_fork_asm+0x1a/0x30
[  613.437181][   T31]  </TASK>
[  613.437187][   T31] Sending NMI from CPU 1 to CPUs 0:
[  613.561285][    C0] NMI backtrace for cpu 0
[  613.561304][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  613.561322][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  613.561330][    C0] RIP: 0010:check_preemption_disabled+0x0/0xe0
[  613.561355][    C0] Code: c0 75 0f 65 8b 05 bc 1a 44 08 85 c0 74 04 90 0f 0b 90 e9 53 fc ff ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <41> 54 55 53 48 83 ec 08 65 8b 1d 35 dc 43 08 65 8b 05 2a dc 43 08
[  613.561368][    C0] RSP: 0018:ffffc90000007cc0 EFLAGS: 00000046
[  613.561381][    C0] RAX: ffffffff8e297780 RBX: ffff8880b8425b18 RCX: 0000000000000001
[  613.561391][    C0] RDX: 0000000000000000 RSI: ffffffff8df07edd RDI: ffffffff8c15fc80
[  613.561400][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  613.561409][    C0] R10: 0000000000000000 R11: 0000000000005cbe R12: 0000000000000001
[  613.561417][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  613.561426][    C0] FS:  0000000000000000(0000) GS:ffff888124719000(0000) knlGS:0000000000000000
[  613.561441][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  613.561451][    C0] CR2: 00007ffd49d15c28 CR3: 0000000074141000 CR4: 00000000003526f0
[  613.561460][    C0] Call Trace:
[  613.561465][    C0]  <IRQ>
[  613.561471][    C0]  lock_acquire+0x140/0x350
[  613.561496][    C0]  ? __run_timers+0x559/0x960
[  613.561517][    C0]  _raw_spin_lock+0x2e/0x40
[  613.561536][    C0]  ? __run_timers+0x571/0x960
[  613.561552][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  613.561568][    C0]  __run_timers+0x571/0x960
[  613.561589][    C0]  ? __pfx___run_timers+0x10/0x10
[  613.561613][    C0]  run_timer_base+0x114/0x190
[  613.561631][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  613.561649][    C0]  ? rcu_is_watching+0x12/0xc0
[  613.561666][    C0]  run_timer_softirq+0x1a/0x40
[  613.561683][    C0]  handle_softirqs+0x216/0x8e0
[  613.561702][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  613.561720][    C0]  __irq_exit_rcu+0x109/0x170
[  613.561735][    C0]  irq_exit_rcu+0x9/0x30
[  613.561750][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  613.561769][    C0]  </IRQ>
[  613.561774][    C0]  <TASK>
[  613.561780][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  613.561795][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  613.561815][    C0] Code: bc 65 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 73 82 1d 00 fb f4 <e9> 4c 0b 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  613.561827][    C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c6
[  613.561839][    C0] RAX: 000000000323d7af RBX: 0000000000000000 RCX: ffffffff8b8c8c69
[  613.561848][    C0] RDX: 0000000000000000 RSI: ffffffff8de155b0 RDI: ffffffff8c15fc80
[  613.561857][    C0] RBP: fffffbfff1c52ef0 R08: 0000000000000001 R09: ffffed1017086655
[  613.561866][    C0] R10: ffff8880b84332ab R11: 0000000000000001 R12: 0000000000000000
[  613.561875][    C0] R13: ffffffff8e297780 R14: ffffffff90a7c490 R15: 0000000000000000
[  613.561887][    C0]  ? ct_kernel_exit+0x139/0x190
[  613.561902][    C0]  default_idle+0x13/0x20
[  613.561915][    C0]  default_idle_call+0x6d/0xb0
[  613.561929][    C0]  do_idle+0x391/0x510
[  613.561945][    C0]  ? __pfx_do_idle+0x10/0x10
[  613.561961][    C0]  ? trace_sched_exit_tp+0x2f/0x120
[  613.561980][    C0]  cpu_startup_entry+0x4f/0x60
[  613.561996][    C0]  rest_init+0x16b/0x2b0
[  613.562010][    C0]  ? acpi_subsystem_init+0x133/0x180
[  613.562031][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  613.562052][    C0]  start_kernel+0x3ee/0x4d0
[  613.562072][    C0]  x86_64_start_reservations+0x18/0x30
[  613.562091][    C0]  x86_64_start_kernel+0x130/0x190
[  613.562110][    C0]  common_startup_64+0x13e/0x148
[  613.562130][    C0]  </TASK>
[  613.562504][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  613.925836][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  613.937273][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  613.947324][   T31] Call Trace:
[  613.950585][   T31]  <TASK>
[  613.953500][   T31]  dump_stack_lvl+0x3d/0x1f0
[  613.958087][   T31]  vpanic+0x6a3/0x780
[  613.962062][   T31]  ? __pfx_vpanic+0x10/0x10
[  613.966555][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  613.972526][   T31]  panic+0xca/0xd0
[  613.976235][   T31]  ? __pfx_panic+0x10/0x10
[  613.980638][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  613.986016][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  613.992168][   T31]  ? watchdog+0xd78/0x1260
[  613.996565][   T31]  ? watchdog+0xd6b/0x1260
[  614.000982][   T31]  watchdog+0xd89/0x1260
[  614.005217][   T31]  ? __pfx_watchdog+0x10/0x10
[  614.009874][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  614.015064][   T31]  ? __kthread_parkme+0x19e/0x250
[  614.020076][   T31]  ? __pfx_watchdog+0x10/0x10
[  614.024734][   T31]  kthread+0x3c5/0x780
[  614.028784][   T31]  ? __pfx_kthread+0x10/0x10
[  614.033355][   T31]  ? rcu_is_watching+0x12/0xc0
[  614.038101][   T31]  ? __pfx_kthread+0x10/0x10
[  614.042672][   T31]  ret_from_fork+0x5d4/0x6f0
[  614.047243][   T31]  ? __pfx_kthread+0x10/0x10
[  614.051816][   T31]  ret_from_fork_asm+0x1a/0x30
[  614.056572][   T31]  </TASK>
[  614.059788][   T31] Kernel Offset: disabled
[  614.064111][   T31] Rebooting in 86400 seconds..