last executing test programs:

18.426971642s ago: executing program 2 (id=1141):
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000040)=""/37)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000000c0), &(0x7f00000005c0)={'syz', 0x3}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000180fffffffd0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a1720eef87d2ac62bdef31000000069c3552a2d9c7356fadec9fe4693cb9156ed22d815b2c765f1a6406b48c61bfe6f4cc5c8455a54295347d1d0e38ca197be866fd36fe1cfcf8b5e6c31d18fd07e0bb66d3d2920670a2e23cbcc954b957a9dfd0349243c2b2da51e2031b0b2b0f179dc8c0209cf16a4092245255616b2360f8a7b61ca063f80915703adf6ef339c92a4f1a99a9398b86e643310c2fd149691f44a985cb6c3cf13e6d9c1b0ec8ece32266c22c8bf10df44fcb85590e7f088ffd4b9644f0f56fba823d7383ddb8b60840863b98aa332182537f9080b778e64ccbdf7dc0939b3014488efad4102b87b594edda1"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a090000000000007f44ee08b1b7113a6f0ecbb1d4000000020000000900010073797a30000000000900030073797a32000000001400000f000000"], 0x54}}, 0x0)
r7 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x1}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f659a", 0x13a, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r5, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x142)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x60000}, 0x20)
creat(0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x3)
syz_open_procfs(0x0, &(0x7f0000000940)='attr\x00')
epoll_create1(0x0)

17.372388391s ago: executing program 2 (id=1143):
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010003000000ff1c1b1f1c4000010203010901026809210800060122cb0f09058103ff0310ff52"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r2, &(0x7f0000000100)='./file0\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180))
ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0x800000000000001)
kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x3b8, 0xffffffff, 0x0, 0x0, 0xe4, 0xfeffffff, 0xffffffff, 0x390, 0x390, 0x390, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x4}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418)
r6 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x7, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})

15.662895326s ago: executing program 1 (id=1147):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, &(0x7f0000000680)=""/4096, 0x0, 0x1000, 0x0, 0x10, 0x0, @void, @value}, 0x28)
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000480)={0x0, 0x3, 0xb, @string={0xb, 0x3, "ca1ccae1e119c5580c"}}, 0x0, 0x0, 0x0}, 0x0)
pipe2$watch_queue(&(0x7f0000000500)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f00000001c0)="bf", 0x1, 0xfffffffffffffffd)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x63)
r4 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000240)=0x1, 0x25)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "000001fffbffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "faffffffffffffff"}, 0x28)
sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r1, 0xffffffff)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r2, 0x800442d3, &(0x7f0000002800)={0x0, 0x6, 0x3, @local, 'sit0\x00'})
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0003020000000203c8b93b08db8d51b3d184a246380ba3fadbc2b3f233aab3c7194db0c0f5be029cceb737e4d9769af7bce3c6cb8900b19ddc5d36924a57975b062f27a5d1b5b04398d0518383a7c75ba88f13df46332681775e9031412934e10e45b32582fbfed9d6b9667ac8467fd19db528cdb7c371e4524468d8f1b573dae7ae34f3cd9601506d70eb8b60183223adf20dd36bded9cc6fef2dc096e84c43274de454539789045dde548802019e024a34707fda463314ca25e7af2d0e034fe9c48a8773eda3d4a0e9dce5d72dc1429f9cb5313e7f439561a3fb5cec6c57ba6c3197600a990c96cc2e6441349d3171a0e1aff86796a11760a9ac21e1394f8c0bea7e5a6622ea6ec3812fc9007471228d768390ba7587fda2f016618e74217bb776a5af7e177a2a239566b907ea75e89ea921c311ec4218084e2346be29036f66f291d799adbe254156fbad40a777d23fea0f2462ae85597fb2e029c0690e85cd01d0a6d95c57"]}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="2003434648e54d29e6b747a812a108cfcb8202000000c9a7"], 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f00000001c0)={0x20, 0x0, 0x2, "0500"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

14.811655104s ago: executing program 4 (id=1148):
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000200000020bd28350940000102030109022400020000000203010102"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e1f, 0x0, 0xa}, {0x3c2, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x7}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0xb}, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, 0x0, 0xffffffffffffff32)
setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xcb, &(0x7f0000000240)={0x0, 0x1, 0x2, 0x0, 0x4f}, 0xc)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4bfb, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094b24610b11342003d9d0102030109021b000100000000090400390009"], 0x0)
syz_usb_connect$cdc_ncm(0x1, 0x142, &(0x7f00000008c0)=ANY=[@ANYBLOB="12010003020000082505a1a44000010203010902300102010710030904000001020d0000072406000128f5052400ff0f0d240f0103000000ffff00000006241a02001005240100029c2413083e5a5419ebefb6fde92ef04831fb024fceb7752af08492dd0a9c0b4c106d90ca28621fdf16c8b8e8f0605df634291b4e06a16289e960f1a84fce493efafdefc8e676da77de643c7009bae912ecbc25b39775a544a0"], &(0x7f0000000700)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x200, 0x81, 0x1c, 0x5, 0x30, 0x12}, 0x28, &(0x7f0000000580)=ANY=[@ANYBLOB="050f2800020710021e6f02001c10aaa771138b0f5df9ecd2e79498ae030aff00c00000e3ffbf000000001e3cb22a9a67cfbb6ab87cffde7aab49efb0f0cc0b473405eedd1111bcc00733f4faeca958b813a5dc47b248385e3d"], 0x5, [{0xc6, &(0x7f0000000440)=ANY=[@ANYBLOB="c603b39a48354f6a87ea26db9a202136fd3d284e9716106182a100214992ac07ae79145a35bf2c4f778bca0bc373f03c4960ae0d8d8386ad50ff2d55d09ca9543687e46fe66022b8ba3a951cd3cb1076012e4f6f7f946ffc87ceca60303f49d9510470dcffd7d4a6457989936958080dff5937305f8f0a081d2e0753726a2bbe59441e4ef957cf19d503a68cbe9b02b4cd6f8811fd4ff73fb0040fca86d2d9e1ec099faaf30d9bee6b82d4adf1796a06cfdecd9a5302ef40b050726e5ef69170193374ef00800000e84dd80f8180203da6f8740284c9273fa21faedb0f074e11e7d2cc35bc"]}, {0x35, &(0x7f0000000280)=ANY=[@ANYBLOB="3503902d87ed30e741e177472058a983dcfaa35bc655f7bc257eb1eb8fa56042e67c451b000001000000000035ca1bcc477fbd32cc"]}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0xc0a}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x406}}, {0x40, &(0x7f0000000580)=ANY=[]}]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = memfd_create(0x0, 0x3)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000880)=0x8)
fcntl$addseals(r4, 0x409, 0x7)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSSL2CALL(r5, 0x89e2, &(0x7f0000000040)=@default)

12.704101677s ago: executing program 0 (id=1151):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
unshare(0x22020400)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a)
r1 = accept4(r0, 0x0, 0x0, 0x0)
write(r1, &(0x7f0000000040)="cb", 0xfffffdef)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240))
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r3, 0x3ba0, &(0x7f0000000d40)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0})
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x200000000000000}, 0x800, 0x0, 0x3, 0x1}, 0x20)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)

12.526465001s ago: executing program 3 (id=1152):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r0, 0x560e, 0x0)
timer_create(0xb3b54c18e0590239, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001140)=@newtaction={0x190c, 0x30, 0x2, 0x0, 0x25dfdbfb, {}, [{0x18f8, 0x1, [@m_police={0x18ac, 0x1, 0x0, 0x0, {{0xb}, {0x880, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x401, 0x3, 0x4, 0x7, 0x6, {0xd, 0x1, 0x5, 0x4, 0x6}, {0xe, 0x0, 0x7, 0x9, 0x2, 0x7}, 0xb11f, 0x4, 0x6}}, @TCA_POLICE_RESULT={0x8, 0x5, 0xfffffe01}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x9}], [@TCA_POLICE_RATE64={0xc, 0x8, 0x8}, @TCA_POLICE_RATE={0x404, 0x2, [0x5, 0x5, 0x8, 0x80000001, 0xa2c, 0x3, 0x1, 0x113a850f, 0x8, 0x40, 0xfffffff0, 0x8, 0xffff, 0xcb4, 0x5, 0x3, 0x5, 0x8, 0x9, 0x6, 0x80, 0x400, 0xe95c, 0x7, 0x7, 0x4, 0x0, 0x0, 0x4, 0x3, 0xa, 0x9, 0xb24, 0x2, 0x4, 0x10001, 0x0, 0x1, 0x3, 0x8, 0x6, 0xfffffff9, 0xa075, 0x8, 0xe43, 0xff, 0x3, 0x200, 0xfffffff7, 0x5, 0x7, 0x5, 0xa, 0x3, 0x2, 0x1, 0x0, 0xffff, 0x1, 0x101, 0x40, 0x80000001, 0x5, 0x5, 0x7, 0x6687, 0x401, 0x6, 0x7, 0xffffffff, 0x6, 0x9, 0xf, 0x9, 0xfffffffc, 0x2, 0x458, 0xfffffffe, 0x0, 0x80, 0x0, 0x7, 0x3, 0xe53, 0x100, 0xb, 0x3f5, 0x9, 0x40, 0x401, 0x3, 0x52ebc4c0, 0x4, 0xddb, 0x7fffffff, 0x8, 0x8, 0x10000, 0xffff, 0x5c, 0x2, 0x2, 0x5, 0x9, 0x200, 0x1, 0x9, 0x7, 0x0, 0x0, 0x2143, 0xa, 0xe, 0x5, 0x0, 0x7, 0x4, 0x978, 0x8, 0x2, 0x200, 0x7, 0xfffffffb, 0x0, 0x4ba6, 0x0, 0x8, 0x5, 0x0, 0x6a6, 0x0, 0x6, 0x4, 0x8001, 0x800, 0xfffffffa, 0x3, 0x3, 0x4, 0x9, 0x2, 0x4, 0x4, 0x2, 0x15f, 0x101, 0x6, 0x9c, 0x6, 0x8, 0x6, 0xf, 0x2, 0x7d, 0x0, 0x4a, 0x9, 0x4, 0x7fffffff, 0x7fffffff, 0xc, 0x101, 0x1, 0x9, 0xcec2, 0x1, 0x2, 0x100, 0x1, 0xfffffff8, 0x5, 0x9, 0x7, 0x3, 0x46, 0x7, 0x6, 0x7, 0x2ce, 0x1e, 0x9, 0x5, 0x2, 0x3, 0x9, 0x8, 0x6, 0x1, 0xffffffff, 0xeb, 0x8, 0x6, 0x1372c724, 0x8001, 0x7fffffff, 0x2, 0xfffffc01, 0x8, 0x8, 0x3ff, 0x2, 0x8, 0x40, 0x4, 0x2, 0x1, 0x7, 0x9, 0x8020, 0x6, 0x9, 0x1, 0x4f0a, 0x6, 0x4, 0x7, 0x44000000, 0x4, 0x0, 0xe5, 0xffff, 0x8, 0x5, 0x8f04d9b, 0x200, 0x3, 0x7, 0x6, 0x5, 0xe, 0x1, 0x1, 0x5, 0x2, 0x3, 0x4, 0x800, 0xa350, 0x70cb, 0x5efd4887, 0x9, 0x800, 0x3, 0xffff0000, 0x0, 0x8, 0xfea, 0xb, 0x2, 0x80000001, 0x0, 0x537, 0x81, 0x7, 0x3, 0x4]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x80000000}, @TCA_POLICE_RATE={0x404, 0x2, [0x200, 0x0, 0xb0f4, 0xbf, 0x1, 0x0, 0x7, 0x7, 0x80, 0x3800000, 0xff, 0x10, 0x2, 0x3, 0x1, 0xf3f6, 0x8, 0x2, 0xc73, 0x10001, 0x3, 0x3, 0x0, 0x3, 0x8, 0x5, 0x10000, 0x42, 0x8, 0x2, 0x6, 0xffff, 0x2, 0x860, 0x2, 0x101, 0x80, 0x406, 0x6, 0x7, 0x1, 0xce, 0x5, 0xfffffc01, 0x81, 0x3, 0xda6b, 0x1, 0x4, 0x2, 0x10001, 0x8000, 0x9, 0x3, 0x10000, 0x9, 0x10, 0x8, 0x18000, 0x6, 0x5, 0x800, 0x8000, 0x2, 0x4, 0x9, 0x4, 0x8, 0x6, 0x9, 0xfffffffb, 0x9, 0x3, 0xb, 0x6, 0x4, 0x8, 0x0, 0x0, 0x0, 0x6, 0xffffffff, 0x4, 0x0, 0x10000, 0x80, 0xef, 0x80000000, 0x6, 0xf7, 0x5, 0x6, 0x2, 0x7, 0x1759, 0x9, 0x4, 0xffffffff, 0xfffffffd, 0xffffffff, 0x3, 0x2, 0x7, 0x3, 0x2, 0x1, 0x5bc, 0x7, 0x4, 0x3, 0x6, 0x5, 0x650, 0xfffffe00, 0x9, 0x2, 0x101, 0xffe1, 0x1, 0x1ff, 0x7, 0x1, 0x1d12, 0x4, 0xfffffffe, 0x9, 0x0, 0xc, 0x7, 0x3, 0x4c3, 0xa8d1, 0x53066b71, 0x8, 0x2, 0x7ff, 0x316, 0x4, 0x4, 0xfffffffa, 0x1, 0xc, 0x1, 0xffff, 0xfffffffd, 0x7, 0x1, 0xa9fc, 0x1, 0xffffffff, 0x2, 0xffffffff, 0x1, 0x2, 0x3, 0x4, 0x8, 0x3ff, 0x9, 0x1efd5e2, 0x2, 0x6, 0x101, 0x100, 0xcd, 0x9, 0x9, 0x77, 0x1, 0xfffffffd, 0x1a, 0x0, 0x2, 0x80, 0x69, 0xace7, 0x6, 0xffff, 0x7, 0x9, 0x4, 0x1, 0x7, 0x7, 0x9, 0x8, 0x4, 0x0, 0x4, 0x80, 0xffff, 0x101, 0x7, 0x0, 0x4, 0xc, 0x7f92, 0xfffffffa, 0x1, 0x1, 0x6, 0x7fffffff, 0x3, 0x7, 0x8001, 0x7, 0x10001, 0xfff, 0xf8000000, 0x7, 0x8001, 0xf51a, 0xc, 0x7, 0x0, 0x0, 0x6b, 0xa90, 0x200, 0x7fff, 0x80000001, 0xff, 0x10, 0x8, 0xe, 0x40, 0xc02, 0x2, 0x8, 0x4800000, 0x6, 0x0, 0x7fff, 0x80, 0x8, 0x7, 0x8, 0x0, 0x9, 0x8000, 0x0, 0x9, 0x10001, 0x4, 0x1, 0x8, 0x8, 0xa, 0xa73, 0x9, 0xffffff80, 0x9, 0x4, 0x6, 0x62, 0xc0]}], [@TCA_POLICE_AVRATE={0x8, 0x4, 0x7}]]}, {0x1004, 0x6, "7b988f1b4baa7dd7f1fc4b157248c45eaeaf998597672243f7ca87f6e3e32a04b554bc05a5832a4f5024adf3168b34b45a5af188ac929bf037d537a0f9cfffb45510bffe4c63f3a9f63b30757a28672a1bc5c8ebb5d81cac588754609589fd03b99621cb8b4435606ae3a81de1b2838eecc0e79747a7f741eb6dc9d0698bd220403614e51284b1d4d97be403af8d67c79d0a259eee2a1c1336837cc3ed95f08b982a498a13b22cde92370aff439d26b0965f0eef51b4aff4b2c5e8a04ece4ca101b2e67b4fcf0e047ecc3c52d0351ae55ce9e33979e2d0e63ba89d9ddd35ec7122c29c951ee24feab0940519597e60b5552818c79eacc87f57f091ea34ba3b19886ab2d8d045c9f521683c9a680084b93f96aba0a674ca38c8634ce498de9e6022ff0517a4d3ab56dc25fc8701b4af3c56d8b8b8a00bac4c6689049f95595414fb34a0d99ce7b446858b0bf836aa1788b06abb3659f62eb79e4d9fab2cd2a1b177cdc0e031889908a9899d70b67614e94a44839c83176a4a9d5c2e2ef739fe32d375142ffa6a0cbe1ed1cf4909733324b6c201270ec032194d12e434acb5e19b38ac6b1eafca60ac443b016b0792385633767ec55ff7fbff6644f719046794b80913a6d2dbd6fc4b2f9f2483fe0fd5fe20d8ba3211f2c592c45cdbdd483d7eb5fc4a3b4faba6f10c2d311a1db3a0ad60b57a678adf758f11a3f911d945a3b8c8aecddede174fb847c3c14d34c4d250ca5886b1ba332ef87c4ada729913c558cb1cfe7bf4ae5b6c42a37b33ce20ffbaa8c168bddf6e179be8fab1e2dcb43e3fc4661429d2c533d3f74445cdaf0169603a6da8fe5386604eb802a275e0931d279320408607e0d6cd1fb4e96312f4f13150611153584753cc90d3317f8053e17bc93e07492920ae66bb6e4b5045ba2cee598dc4fec1c2965b43935672c9190828893575c14d8a016a29557d875f5d13dffc60009721f7cc76b834999b96f50596f2ed55410909955865e20e62d8cb87f58179f0aaee79d217e8b8f8708d0fd030153435bdcdb6c3c69e0ea85f8b6baf041cbf22e92a7ac7ba2890aaf407b2a42b458bfe057a3d0b542148adf855776c544f27bdbc3092c7436a0dab629c021073517d3f02008a42327648862c42cf2daab5b50037f4d77f42a8ea401911030c71dc6a5efedcc1be024b7cffca3c5a14f494ec7edbc87e8eb22ae8d52f01693d82e8a51f80cf98505570203e3ddee017d76629cce02c7bab0e968300cdfcf19352534f6628f72cf3aaa8b6cfb88035031dd1a1f6bfe934ccfbcd4472eae59e0e40ea8d2d9e9ba976dde0ce9f4ea9743091d8f3f1ac1a44b8b90877f529b432ffc557ca21e1c9a990d42041d109520d09eee13671f1c52174dff5c1103c5a11cabac9f68d20a559859136b988417a0143f5e6d8365ccc8de9dc14b1f3dd0b404c4b3cc82b4098f4db74ff639115fc9aebfb5fbb09c46571380aba663fc7fcbc0b245d63ce8f98068f12720a312f60acd70e942a377113f34fd5f7d2236475804ee2a7fff14fe39bc88b70da045eccb1b06c2757d1e8dd5150cfa5458ed90fe013dca261cb5cf31736d675ec350af3d3b908db6f57dab4fd91cca04b92d850a339e3f364a5c08f88e8edb211b6ceeefbab3b14bc0d45970ec8dca45999ab6cbf74c783e6cbc8841d08c43f121221ec4ffe49ad928c8025fbf72edf83447fe2c69bc4b1197af88cf112d86df2da071ea6634f26691d7a291d7521a851c1525d3488d22ce87f9b127488304d401156f6860024478ef54fe23cb4c9258d2c525a8329cc2a5c9a84e7cdf812329239523a1f2048ac3d604c37656b93a898ff280a0131dde9b4fd13cdfaca9dedc8c8189384b28d9e4e0dbc096b1e77cb6b7abe3e31dced43c9e80428d7baeee3a032aecf25846aa2c9e81bcaab56f11c1acf0b1171dcf6f7255d4c26e9a57118533ee3507b346204601efbefba5ba0e3214fd20c04470b851a715864f73007152678d5a77d4eee98f39c99980fca91d7f22bc7d2fa6d88a572bae90755111459a423d50580b409b301c1934613cf33ac1542138a29d2e7eecc125b197550684f1ec02260f99d01ee7df9a6733700a85b6dc0d7f8b1f8b69f8d9215a61dc71ed77709428760515a7422a769d0df705575bf2bf7f405c6eab2742d90f8581a9498c4dbd5c68b1402bf1b08b5c9a086018a27bbed843ae47713ce1e2af6c83a8bd579a2523514f012145aa6c23541d9bf5ffe04232a5e3e7b832b6eb3158efc553154acf5c08126c3c67a26b49211b4cea0d67d3eef1c71c133cd0a810fa51f5554ad30cba6fc6c3bb101e9c2be5ef360d8571a3ba05ca092c5d2efb6027fccceab1451af7ee413db36bc8c854bb3cc27da388bed56f560f5ee89438034609b3b6bdb50f878836694df775b983b5724b659e77d33b5195d576a7f5eb4ab7de9451fe22036e74432ad5646a6c759aa42f0b3e1f711c699dd9166933e892e5b25b2ba123caed3a4ed0c73add229246ef96b7770227502fc27d54040eb2c87d8a3b06887e11746f34e747c3ef4528bf087fa17dc44bd9b624fc51b391395a6dc78f4f3652fda93e7890be1304848476ce9e2dc97cc0086bee61dfa94f5b837bd7226007054fba92a828509787b51f0c95722e25da70778e94d502060fe0e828a24e660d929b85d10651dfe941a42e77b39c8ee54d63bcdd7da55efae15b7bc88fce028a170adbf52e93ee0d38ef82121f6983925d38fe15bd157a51ec1b45c05a2b0c70de75b13da6002bfd7a50e2b8b51b7563be7616955795eba3dc38281e1c93c0a97cbceaeea7b61b7897b4e6e061ecc676eb52c3a2e50b7c7c89e0abf89b257172bb79e8f14877584022cd698f9edfca5e5d90ea8402c937f2e97da7e3583530f9a4628f6b605dbd702d4313f560b50c6aa9a6b4118da3d408f9a0dc8dc58d619d8ffa4b739633d4315e087cda684d461b33c288b8c9e29987346ef650e8ac159e5d95360d8195b40a2fdc597a712e7e62b684901701435f9360873aa0b5ef0e6be326e938cec0d6c2915c8ae098bae0d1cc6adf2428778eb1cbe110a21060f4291a60c4fbee9eeb096714af996485bdf2dc49b0bfdcd6d6a4f87a4871e7628ece61b9411071f98d1cbd353c510d44287454bd777849b94d0ca58b5b44be1a66586068e5ed6912b60a3ff81e07541a19425d36b2b4f7c4033a73f7dcd3bd5c9e1b81e33104e0a8674544deabe8cb18d90a3180e94ef0976ffc8836137333458d8f6de52920fd50c0adbc6d231a3ecdc3b8dcdfc41530d705b35b67fae299b2b33e6e082b073c53083e757f3b80acd0bb810e9c53d94cbcad1829e0ee3f2593fe69e610fcc799811d66b9d6b5d5f7901317c5bdc5088ad5a9c2bce849e3b577b6ec743ae3c4fe49173ee899463310676cc2b7bced0e352074780bfbca427fd7e133df65a957c4d69a93465057df403e2a60e912ccb36dbe482a54ea8076bbd48cc33296ec58e83d7e6e5a0786edf40588593ed937d5f5840f9d0da55ddeaf6351cb0fea9e7dca29928ea0c3f30ed13cffb3bc2d465382b81d9765bbc0add56694205d292be158d5c14c29f609ec4d30eefb448ff8fe2a5b0a53508aaf0613c799a78fe2ce8f5f2c94da4d6aeed89eb8b93c05747a70c6d8f49ce5d47b3fae0f674065b7ce6bdb4c5f9d6842586ccf50399e8131bb1002b8df922f2167d6a62e43670af78d9c50a4fcdfe583708d0effe25c0ad0a50f80c183f6d451ba0e0b2899c78a451935564845c705c0edba98b1e25093385c6168d25210efc5170bc081f4ecbcf33083420961d27078c6328fb5f324f6582e633a6e6ddef23ca1408b55dc88062f204e4921b86806be6501a52a374347c2adedac37c0def594a83cdcf2716b80181206a6cc5690f98885e69980451e25ef1eb6f558db6e6fb176136fd5561a14712924f26dc174ac054525239359706a0de908b82f8ab9b67277f14ecc0f50a485907af7b777c7889cebbc4a4c4bfe54f76b08489c293a55a8af9ce3050119a4eb61d3837ce3349503ebdf59c741b477286cb63fde86c385351605b96d6bbb81c236abc87a0e1470cb1a22ef7f2884f7e4468e33b0a18505f906b3d28c8f403123f19250517f3064076bf8cbded166a74e6a4a1c6bfba12ef0b3777d4bf04068be3f98c47110d7801b45c3dc7c02f38900dc8d3fef218bc36ea7fbc68e2fd945f31fb7f457c517a5b81298e0ae7d9235cb27bb23f2e4655050922a896c16ab8e3b97ac36c376b9683bd7c89439c529286d2647272b34529cb3caf5ce8ac41473df36e39d8fec21bec790b6419a363f2ce12496e34a98166f3c8bf0f9a0668c075666d136369de4c13d507bf6d7153e39dc6b95fef744856cd67b8b2f9c074bd8f3753521eb1ada0e58a780c9d2b8cd46fb4ee49b910448e055a1b135edf7aeeda319b59c012ab0c99f215346a858b03b8ab06106c2cd5eaf1fc13dfa8916b877b67395bad89afeefe4d1956c8bc884c4bb94b86b44ee5504ef4719f8332f472e75ba35966bf963f3876d82c7a6ea717223de4251a4033008e7e1fbf22fe30dfb16ad3d323cbf071f33eba6fbb8ea2aa9eaf2a079885ea9695fb62dc17a75f7d75ef08e0379b9ea363e0b3aec6bcca9d3da9cf07e98d4568e8f47984a8926721c68e0685088fdb4cb62e65aabb1afca7c92427141fb5eee5e60081c1c1e124c5e5d2f7db8abb29ed4c44e312b30f3be5ea544030907059379697a2d6e684295564bd3125245983e1de2cd051b64ba3d3af7aa6a8e0d598a9b846c07562ffccd3e602041525d15b05e258ac5548f6e61acd6abc1e526cad1233180601f45f8fd45dbf5b8288e8a45eb8acc1b7a36777bafd2cebc31d412e0978f81b49a7da57d70269f28255e797358e0be90e149e7967f8b3bfa141d2f8e99098d26e033526c33b8cf96bc5fb8840b131ad16b1aa4eaf231a4d0fde3b1b50015f7ce337af91b4eab7d42f1f8b8b2b0d55881fca2e12d3631a90ce9ff2ae8eaf9b57876dcbc2568137361718f605471c45324044d8caf82f8f610477214b113736ebce8db9ae5bd8c5a46c91712f4a67108e8ca89a0580786084360ad0102ef66fed79d31ec81e9f6517ac68fb07dcf41320e6723816b028c830a3d96a834f1e8d89b8fdf892e1c71eb47fa7a2f08522c4abd918c5f19ae62f7038bea7374fcea168475cb1b65b803a7d1f8730b8c1e83ad8747348422d9b161f4bf6d03e72c6705ebb78182506f1517f0975cbe11494f105b97433aec68bf1b2ac9399759d90aa1e48ed8e8d5398940d7fb3eddf91dba6cc3cf48f39de6f429c65979ae5793cc51055a81c31ca165d75fa988d291a9d1ab544a0c0fcdd6e353e897e04dcda1f7ff40b52bea0f92f0673f78d3631e60587c8d2f614e2e593665c50584bf794c53c04543f75b87c62026285d067923f50f2a5a65c2f644c0a03cd3cf27c07c545c9eca63307187a708040bcd2a974740fa91db4369dbc05c86f6c013aad63f0d16e97c978da59dd3e2e4d3932b4b7397d843844d3f99f5c05ef32d3359688d785a4856dbb3c8bd66dde0bfaf3e8958494b1b41b579797a1afc16b0e90e0684f588b11bef89d9ea7ebcc3c44a47ab11c9f96c215061cebd48198fa5fde0e749a5b556667b8410795c88f06d87dee9f58f53d00663ed3a85abe55b25fec60ff12aae2a7c19c8463979ecbc4254d3cf99e26fe7db3bc20d72ff60121933bc797a212b8645d1ff797ff4660b79370153a6ae6098d08aacb2699adeea7b5c9851f"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xb}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x190c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x40000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$binfmt_aout(r2, &(0x7f0000000140)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x5, 0x0, "0062ba7d8200000400f6eb2bda00"})
r3 = syz_open_pts(r2, 0x0)
dup3(r3, r2, 0x0)
r4 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0xa00000000000000, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x990, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000e00], 0x0, 0x0, 0x0}, 0xa08)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000001100)=0x12)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r5, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

12.493701188s ago: executing program 1 (id=1153):
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000040)=""/37)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000000c0), &(0x7f00000005c0)={'syz', 0x3}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000180fffffffd0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a1720eef87d2ac62bdef31000000069c3552a2d9c7356fadec9fe4693cb9156ed22d815b2c765f1a6406b48c61bfe6f4cc5c8455a54295347d1d0e38ca197be866fd36fe1cfcf8b5e6c31d18fd07e0bb66d3d2920670a2e23cbcc954b957a9dfd0349243c2b2da51e2031b0b2b0f179dc8c0209cf16a4092245255616b2360f8a7b61ca063f80915703adf6ef339c92a4f1a99a9398b86e643310c2fd149691f44a985cb6c3cf13e6d9c1b0ec8ece32266c22c8bf10df44fcb85590e7f088ffd4b9644f0f56fba823d7383ddb8b60840863b98aa332182537f9080b778e64ccbdf7dc0939b3014488efad4102b87b594edda1"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a090000000000007f44ee08b1b7113a6f0ecbb1d4000000020000000900010073797a30000000000900030073797a32000000001400000f000000"], 0x54}}, 0x0)
r7 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x1}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f659a", 0x13a, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r5, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x142)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x60000}, 0x20)
creat(0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
syz_open_procfs(0x0, &(0x7f0000000940)='attr\x00')

12.386549844s ago: executing program 2 (id=1154):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x60000, 0x0)
ioctl$TUNGETVNETLE(r2, 0x800454dd, &(0x7f0000000300))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_KEY(r4, &(0x7f0000000180)={0x0, 0x22, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090000000000feffffff0a00000008000300", @ANYRES32=r5, @ANYBLOB="140050808bab09000200000005000200010200000a0006000802110008010000"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000001c0))
openat$kvm(0x0, 0x0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x30}}, 0x0)

11.076724913s ago: executing program 4 (id=1155):
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000040)=""/37)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000000c0), &(0x7f00000005c0)={'syz', 0x3}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000180fffffffd0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a1720eef87d2ac62bdef31000000069c3552a2d9c7356fadec9fe4693cb9156ed22d815b2c765f1a6406b48c61bfe6f4cc5c8455a54295347d1d0e38ca197be866fd36fe1cfcf8b5e6c31d18fd07e0bb66d3d2920670a2e23cbcc954b957a9dfd0349243c2b2da51e2031b0b2b0f179dc8c0209cf16a4092245255616b2360f8a7b61ca063f80915703adf6ef339c92a4f1a99a9398b86e643310c2fd149691f44a985cb6c3cf13e6d9c1b0ec8ece32266c22c8bf10df44fcb85590e7f088ffd4b9644f0f56fba823d7383ddb8b60840863b98aa332182537f9080b778e64ccbdf7dc0939b3014488efad4102b87b594edda1"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a090000000000007f44ee08b1b7113a6f0ecbb1d4000000020000000900010073797a30000000000900030073797a32000000001400000f000000"], 0x54}}, 0x0)
r7 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x1}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f659a", 0x13a, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r5, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x142)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x60000}, 0x20)
creat(0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x3)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)

10.271630224s ago: executing program 0 (id=1156):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0xa0000, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r3, 0x4068aea3, &(0x7f0000000080)={0x80, 0x0, 0x7fc0})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, &(0x7f0000000180)={{@any, 0x800}, 0xe07, 0xcb, 0x100, 0x1a560})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
r7 = fanotify_init(0x4, 0x101801)
fanotify_mark(r7, 0x105, 0x40001032, r6, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r8, 0x400, 0x1)
read$FUSE(r7, &(0x7f00000057c0)={0x2020}, 0x2020)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000001b40)=[{&(0x7f00000002c0)="ffb5a6cb34f66de050b75407c32410357ef6edd7a3bdaf462c56304aa3420fd24b0dc5e47c799967f99389aa10f28d0e997a7b5f35f54ee0cdbd4b237e178355b1f4c0efcd4feb21236e0d01296ec066e9d085243f839c31a43b784f63dde0b80084b3ae3c45bc8a64ee82f2cf8ad19d8723c59e0a5b583d6f6a00613726", 0x7e}, {&(0x7f0000000780)="f456a322442cd4c94e394eb5e689ef71bef0ca52dd9777ad0455083e09b515a4424caf4b84f370c5e116b1809729a666ed733a9904294c950be5417bfe62f57ee640dc7986d63747256016d6e9d2491ecb10750e2e52a3f7c3b6d775332580ddbc1b1302b8a9f767b4e47b09ba9d4ed2c10bdab489154d5220116105df6c54cf3a4f7c3b4eac464127c2dff5b25dab8f97f50588dcd79b6f2394022bb986bc1132b42592601dfead0c5b", 0xaa}, {&(0x7f0000000840)="21a8ae5ed04c1807fb9ec60cfd4be915bd1a6337b495277937e44e44bff10d4217276dea21c3a6da5e851b11c7276cb861f0e605f7860ddd77d5565e692eb4fbfe34b979cee584cdb8d22c0fdbdfb8b475a8b1ce95a7f9fc122f2bf3ddac7c02af4e3f7a56adf095038cacdeb2858f52096f23c2604806784236773f60f0063a1cf632f01f7aad1109ed836e5605168c88600c9176032dd6", 0x98}, {&(0x7f0000000900)="9bc16c0e296ec4b3505ef4106fbcd7c26433cc1a55b68d83cb87d627b89be803caf1e165faafa86f557aff434c9035cb82ecdca7c5541f485d0007862711b7b700a1ecf798b7d41f80316eb61f6b23bd3a5dd4d794dcd353def49ae7835875b846", 0x61}, {&(0x7f0000000980)="bb5240cc7a030587af896c5d4a35da605d00cecec7a9d5f3fc84a1a982978aa919cbeb8894dcd85cfcc4ccb640d455ddbac017dc13b656b914baae3d70188b4b7deddfe6d3dc9b44bd24a32c86a90c70c3ce4a427f5e4a5e1d34b266b5baebd245c20f222c2dca9c47dde0ec76175bc3ff576042006924fddcb727fbbadfdbf450b9f33fa8e69fcca2a9e671ef8ec4cde6f21c7be59f5bc06a9b6ddb0561268fe72a1084d12f815e861322fb62fcf992174718b909f480383c438626fbb2e8b2a344274c7396dab3bf3048ec58d330ea1a0f54ebbc05c68336bc5516e1346c73d06cbb0dbc979a0caf74a6c29c411dea5a8e36ba", 0xf4}, {&(0x7f0000000a80)="f58c56b2481d5034bea9defa9f645403c839264f396f1deb57193b2ffce78d05be30a6f02041c53f94fdacd38fdaa25d5f084ad6c2bbe39d69156d9a26d8111726084306f37820c9073b6550afd1193f3391b029d2d2724444d23aff129af96ffc61bbd2af8729c1a5926c7ca812cb77525abbfabf6300a3018f602646d6c25543d42c2c25ab68259ddb26c54a64c310fe5b62d239c2e24c9455409ff8372ff37d43770045da1d42bfcc", 0xaa}, {&(0x7f0000000b40)="49cb2328793dc77cb7e41ada058fdbde1a78297e71b53f16d80e78fb4165869210b7e5163cc9f064d881423bbb1267eaadbc9c52f6f5a7874c48d96a071141440a37b2d78d243fc46de64af9fc30784d84bfc571bf40d54184095046591f418619546d19b26419167ce96a89743761c6263a7cbb63222a192b5183e506c2ab8577e7d1514e6672730c1e6c04e91df53190e2288470bf01d763a7db3621ea8d1b5747c736912b0040514df75de30eb92fa36c00c38b07697048f566ff9612067915a0801e85ce191ce4628a1fa6603b4451e8be73d6fc657d56eda9bccd7ae9ba22ae1e5208a0e26cf90145df5ef203d901ba7d24b90a9f42514d2eca82352772d5d373b1a1e7a486eee78e068e165d2bf49429415d2ba37c36a2b65f9d14b1080ce415705b52a2b52d34d17853a1a887fb35b5c1cd64c4ab44b47593f4af5210d04d893efcdd6796151116c05d238d27e466f71d73faff4426937632240cb54a7c061d4b85e13b373e7d9c678d71d84b7b998caa5d388a14c9659c0ecd9c84d55c00ee3bebac0f82ed5b3b9ef45aad678a3d6b080da47c53a879913c71a52ab1c82aefd8f817829e19809235c457a5ed78013c548d44741d90850ba13bdead1d83a6343ae9da40d88d334c803ac60fee071b5fb1c576ef5be124f787cb7af016e6af47c7beadbe2061f456bf2a67a0c1cb3ad427950f945b8dc3088045aea1d4f240ed0fd5e3dd72b4969100058248c16c44cfd56c73962bb0af8c20720abe6ff66be784fd58ea067ddaa445c0c45b88cb6128ea9d87774d1e53d1ac9e18ec0c4b0c331123a09d868d9148cbd493a78940c4caccb6fc2241b457d0e2db09b9d6f2078f715a3a77b629406e7bc2ffebcfc3a5848f01c4f71445b679ddcc1404e90360b0c8734e9d63950ca0582035863292f953e53192335ccac7c642b0369fb89e3d15f82c4d68e93af3738e6de9f2ae718d9cae18ce5906a769c7eb5406debe41e51beeb8a75bf007fb0e80d99da5d458ff62985c14f46b2911185342e54b86d5d96cad1737eafc794e28e0a5c0ab80f80f34b787bf8421c83c2a77a9b783f70893716653964fe5a98521ec8ffedd4541f30378163e5325671b9528130bfc5d62ed6355a4868f7b8e3ace3381ae4f1057b5dfbd8062d541f3279771bfa97e7d37eab3318a7ff4714e6432309fa1f1eec7c830ed1bc3e2eed4bb5ccb01fb067d5db4756cb45a831028425d5ff83834ae6b1c49ec9cfdb7ae59e0a00c907407f7b4d916e0e1a47a2548162ecc7f759b001eb8227d2c38f9e2170ba095077346577f1b384fc29829486de18723663d5d831f965a88f22c928e7db125979b23346eb48fd9218f5405978343d0545d2d525958ce90782643bb2456a309dc1d5e7301d5463b4d446b96e1c765af0daef04dd5c340e17a51948b92750b8a9985cf7273abe8e72cce095e9da25a72efcf4ea5fbf945e7ffabc7b4e06ab5265dcb3d1c61eb752eed535716e158b49cd0ee22f90379c19f28cb93e171a085c29aad71c435bf9f7d9d6a3e8337354ae6c1d9606b4ab80c1149401fdb813557e478df4176e42fb5d805d0f835978566bc614d49bd73c12c89e2e04b8633c0b563d069b7a72b1a52a0464487043588fe2560d0ebfcd259dcc3b46858f298791ac3cde56c81e70c52c9451dcabf877360d77429affd871b4ae7ee4ce4d9dea03ec3622c2014508bae07b5c369e2bbceeb2de79686f2f714391edbe587684a4efc219d69611755ba089703c7c4a65131f6fc2a12a39005fb292c6ce078c761a88ea860444da9eb13d9380dc8ba7ec686e999f883777ee301479600fb280f05066946c7f5ad0ce6e114339fa606b8bbdc793500fb701174614d0e8a0147c240f27107deb639a8cedce56fb660b58f5abfc965675a58f2bd45f356045dee604b7360c190795c5773dd297264df9004850656447477bd86b7d7322eee44231e9db31a8ecf6c49a71f6024812e686fc6146e8fe8e47eb8c8ffe0f91020a81ac8f85c1f6fe50a4f6933bd0c0e4e345cca41fdab4a626fd65a49af3d3fe50900b99343cf2bd86f302c5a3b91b69c49cff50220fe9dbc9a61ce7f6cd49aa4b37b173c9c6ef8bd5b9e7da6d02b19ff8060adb0617cc9a1120461350edc86c43bc0a6be5dd18c039d59fb10203378ee040ac0354230b20e9da1d1c8826e622b395a49fb77ab80341bb8e63272db68265400bf9349d7bea3f4470764b4718c5ae3622b0e5fe655535e6e72e7bb9c9b53f698298aa5a27fb6cf030f6c0fbe60c14bec4805654a63eb37cccc9da52d20250ebb8c02a6e64f90df1e5850b8c4281d2c93716f3a2db30fb1931e722d062081455a0576514fea7df2664d20e1ff4d4dc14ae167993029955643ee879e5d967a5e2c51fe4243e14945759a213fce564f6d0fdeff98e2242aa4e6ba8afe874310de3f983ef9003179222da3ed86c57496e7d002b6b784ce0674428ce8d20c1adf2bb8b0a03ac1cfc8a95871d78393df815872f826cb254aae0d94eb6e88d722a48efa48191e3446b5b29ae0165a0822c5d3dee861730692df2fb1f15c768a2425951c1618e7a59317ba0eaffb6c90b74eadbc4b0d906a7527050c9dc16d4b74541e8ab45c055b1068f6ef736d10e7087cccbef9d2194e02c30378ee234648cb287bc9b3ceeefe43e663b5b0cde53c2d1b4d1dc1936cecad453eec053964ec64ce23e44f4ee8702eae7fc3087fbf3c9122c8089bf7e8592ea0b69b35290650b6ae0351a4a030ff9884ed4801347bf561f469bf77c55e04d35aa69de9774ab23235e07195e556dd569be72a9d92bc2c768733fcdc4b5888cf9dc2c94d031208f3dd06aee47045a0684dbf3c426ce2e22cc3faf3b00cc0aaa7d918128c2ee392e113de23b3f5d21688b98568de9babc7bd2ba4478e8ce94a0db6e6def41ca811a46b94c8e0095f10c22d40fd315e31112ed7a0ad59b287df62efb538b48027859037ae5b6dac8a590b872c6642ab9df310b015c448112e925eadc1f2ff94a089d60d868cf33c02cb5c9f65d5407191a8730582c5c42b7a6f335f9f4ae822a94e62811c0db10a6a2a90a28d4551b9aaf14647314ff3ae343ec38c1df1aac41c5b9087baf293419a670ffda3c60844e76611019b4c560aeb93ebd050b9e6a6619b1a6faff5c21eabae95b279feeda23c73d05fc952e1cf1309ec072e069ccb98ddaebbe238722e9b4305c2030fea2e036056b527e8157ea16e36bf90aec4e0ca795d8bef4cf2f24fa1f3ed4fb234cbfc3ae14f23bc224cd7f6402c9f40f2dc23eed89b6a3d86878c1ac32fe389cc7be11ca88b3b977f988d2e17376fcce6046a4bf0598f504d947456a80c48270f38140706e9a9a78238d2d408191c18d4ca83c0989eab5dde674675481148a1085a9dc24ea9ec6fee664394aa8b515731b6fbb5cd082298ddabd00e86ee6d4f4654b3609c103e671a4174e05295ae2a06be051f4565d1e5acf90944a7ba7c915fbaac25d75c46b4c4ac8f9c2a137692e94e8cb38e8dca4e1b45092e7a4f850087cce28eb7688d70892e0b59f4d39f7e38528ea142f44418a0ca4041b86ccb37865c0829ff77c47d305a87c9e4bc5d3939f07fb90f5a06cc89457e3af3230892e33fd62c6dc74a671250f623fc9a8a392a7e7e2f70c2c0b8a279292e9128563dd2af099a750c974788de105cb886f9308ddf84d5faaf392008c439f67bd673b139c9e6970feb4d405d0d3e1b30c01fd456f3caf61be50c5d9d544e5a8e8d82fab47f9240eb3ce639e9c7b1542b2eef3cbdb16c412ee272cc784d7705c2ea8983b563c7298d6eb67c4b648b33fe3c2721cf6dda43984b6bab14a59b80677efcf0d6a4b216d05a291af6da8b68f268ac7c25ff4482325ee93af1c778eb3c8fe8b6047bf600b911528e7a95b43c8d19996e23311a450fd3753f7af3599bfb8219f038e344d5e9734337c7d40803ced55e75fba2b798b1ba6957becac297c78882657d215791baaaa65dd674d86a0a43ddee3844dbf19c1dbd0d86bdff8cd6759878db67f24e8f3914a188b5821636c02ef3086b8db85557450a752322151ebc95e45e903fdb8a21974e9fa9336fb50c85379204424422ff373f32adaf3208807253a0532eac453ea12fa9754b8f862dcd75d7d76e6adc567a6cc176e275830eb7bbb89fce15cd6a7af165057b8e3d31b770871faeb8831dbf0310bfba33404663375ae474e12c42f2eee4e679a39a8496d1ba59644ab47bb807813d4fd3793a0ab5d7c2c2922c1ecdd7a1345c22778ee71a6dff30c409dca92f3a4ba33a2bfb68dfc3d692b7554d3a9081efd4ab31a9ac1fae3e02893abb58ef30d018afbe4a66bd30a7c78ff4f86f2e044e67ecab3d1a6cb40ad5e51e84f9c1a2dfa352b9904465ba1bd293592a8d463b9117f45f75f4d0ca6a083442d352b46bc8f63b8201f7b44f10958d2f1ad57565fded06d17bf5cfd4dd494e3591ed21941de42693bd9e68776930b00b6d67499029d0abcc93b99dd21e829e6e06f743a8d2a3ddb7dd6ba025e171e376739d024bd1d29afb7d3e449b3c74c8c4068a82b69efbf765b0e3f13a6eb6bea3d15d1c114edaebf45f1ab92b24da8fc6399f9043334007301d7e4a504d9a50879ab4a2cf33917b016977c8664304f1759eeb4524183a1e0d01119c7d3529bd32bf58f594c57ea277521d384d9d1a2a02c1f94f351c703c2a2d9a83c46054d3e463d54fcabc390b186bc68cbd742af9eddd3361f57c3aa37c93f41fe8aa0b8ef671137457561b316c53fe6897d560e266cf69083a952d127678652db40e3ff2a7860a198874ccc411e176f35607a94747987194402794b48e54e173f02b6e03f9dceec3956c88ee6a71acd7ac535acccdc97aed0790b5a621640b9404c46d12d882a87ff92be8d99de5d0730cb299c73bbb7e13266de7f05691619dd4da18ffea5c55292cea0eb004eae876f57cb2d9bedb118fc9c080e36b67b2bb0c59d020ce676848058ec2c735fd925622bfb776a701077618b2a81589b92530673558d15bef90514aa0a67750c57298bc2cedaddaf1c368b44ef9bee8db89771cc27f476df5afde35aebf0bc0c0fe54dd29aa094e9d6b578c1a8fb24523209e4f7f065618bbb5d495519eb13164ae621e186f156ba0a14dbffb91462cd432c23e298cb630a15feaf80e415ebc2398146bb6987aaeff753beaa1248b0e789ea79b1d969d40b7c775e2a7143ff2a9c1957ec5118d88f39d91a339bf417fafd766f37fe6b4f75b0fb67e1e84151c1635d5fe0df8b0e52a361448ef666bdb95992084a13fc8e11131e3101373b86c4c61367a1d294d91d77dea471011a16ea35360df262dbe462525a2b99a6c4d76240484da8ff73e26c6ab101ba96c79a5a09eb73794a32dea45035248eb4ca492c7fdc06cdcfd1dd8e67146f045980b2834b6ac0672eb917e370ed5b78f3aed1d0395b59bf75145800d86f21176b6f0283f0b4fa2777a31a3033f3b8a1d95911bbdeb87e153707cf40400daedd070acb343002c9748d6a2d4c49535133d9d0999490c806059548f782af09406694a6b8c56a65d74c0897dde844f40f723ac3df6d5055b1bc517847b7318bcf21c4b91d3e7c8a940895408ff9b67f5e7be6a2b947e176e3c54624d836064494cab31fa8d8143e9e43eff9f36ef44bf8815b3784c5289f0272de9876153a5710ba4c8010d4dbf5162e92123297f9b1356cfff7c121a7b00b33af2fa87c1122c326e418eb282b9094847a1cfc0cf45a53b0382095f7514aa6ad0", 0x1000}, {&(0x7f0000000240)}], 0x8, 0x7, 0xffffffff, 0x17)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r9, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x61, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r10, 0x4400ae8f, &(0x7f0000000380)={"0d78979038728ac34e605fdaf0834b15989a2e035c2cbd8818d93504457c83594d580ff3d7d59e704ac99ab5a66d65c8ed87d229e38300625b9824ea189b775e6798340a56dd4235cfcb59ccb775b8fb3d09c110674fb47bf8f5d74ae8e8bc790f93f6a975b5b88c382ac10aad39c1f4ef05f03f4ef11e71ea072eb065aa3051e72d51b2a32d8be382bc3e2d016d92938dffb7db8bd4960983b678178d65432e471741c18befef4d195c305b968f8482d77446c877f31345c56a363f68ab0f97189b8d226f8dc16c146f422c54e64a8ab9a1df29a78dcf121265389cce4d4c028863ded6424ed85f2459e731e083d21ee2373537066727f43494e9805109e79fcdbd2e9d77a2f7ddef0e0051e6abf26917b02ae54f1ca28d0c9d04cff1494f2af18fab499e90782983aa25163e709463038b4cc1ed3542f78211845de7f6c4d9c5b0ae984e13daf98cc0ef4786c8ffddb2b5d41a55167a04bf9ec4ac36258703c6172a2d615e771b29cb4c20a3ed978e47e1124038ab6a867c02858748389464bd642c47acbafb46d72a63257615c643db696e597dcb3d93ca45ea8b65f2b541cf1df8adee87d153e6cefc19db36329e4c9546b60de927516dc790a465869f5398d6b2d058194b922147ed46b49c47feab9c18ac3c9806fac19134d159e7872d31c10f0a9fb4af905494b80e45736d5c8641260bd81d9041b8c28acec9c0465dc8adab47b2089395e74e0d8208d880ee502877155da9102ffe6449302fe7d502ac83521918642ecce911a2d09c1469988dae8c55a4f9a30768fa29be948f228c1ae97e758023c7640fa2bb39e3b3d431c19e3ecea4d02bd69c5ac9a22e7e800d5549450d8ce0dac8641f78b42f813a1f9df41b865a1ee690f55ed0919c2746e4e757d4e916d71bb54f17b72cf5ae0182eb908d0fcaac1d57defb157cc1ee742ddb1073c437bf010c5e2412a1001eedf34a902e5ffca303ca49bd18e50298af4131433ebb6bc575607c2fd23dde277a8e59891600c1778b35994ff852f0e4ee2e2cfd4fbbdac77c89b6ffbe363eec7a142ce89d9adf35bd3346ccac467488a1b474c803b2fbc76aaa9de81d205e4d431ed10e76233ac64e59001e8e762d176f998add4ae7a31f15259f41919e167a718ea38cadf9a7e776413121ae701de817f2fb6b85cfa47c59c7604f2b0a4166ae05c34f2184dca817fbf9f9220c42ca52a1eff03bb6709cae1ae59cacb04e21e897bd802f952a2f6de66568ee69fe7eac2cae483eba16d2486a3b1a750e02318a4a703319c21f58ce9ec6d3759f22ba87c7339928dc22a5a6a918ce439b44c0cb27e3b02ac9dbb1c3c1aa22d048c78821b30a74be8fbe74bf2c9595debbd29926f72243837766d64cf26202b71a76738b37f285d0c2bbbdbd6260fd756e68b728c9979a57cc87175b46cea08b2428f42d4a"})

9.645267006s ago: executing program 3 (id=1157):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000011c0)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6fc40b5d175e86ac0b7a9fd7f1748af98902340eb", 0xa4}, {&(0x7f0000002880)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cbf8fbaaec9647b07d0a4965f0f1e39afd84e7e2523aaded5e09aa1e36fcc90c269ad6d38d57619127cee425367bc33b71054226beb00b9ee6ae29f0b07bc6fe7981126ca804c1f64e6c19ba36b2778c", 0x73}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000740)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb332e33b6e0df4f0158b26c4e40129ee086a975e31fe6f3efdcb3cbe854b9744e05c052b222753064cb6d4cb4389c5922e40976a5546e8474066070f075c1634163d7952a8efea44b3e3a593fd00e59ae93a5ff42896ed56473baf984a067b1b8773017042c903de1c421991e68995f58d3465ec4e7d734b375c04d5ba90d06cf30a05e802b63ce2ff861f27d6ded13918f0c33169c6bca92fa8b8cccc944946434358e5a0193a91a73794fc724911f4", 0xda}, {&(0x7f0000002700)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635af71dc487553859348d48e6fc49d81c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e661725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d70581691a79a4678db1e5e7fa1c98c5b9e4a87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae99200000062635399677c089645ecee7fdddf4f74", 0xe2}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472f0700000000000000e71ba62334303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc25806000000", 0x5c}], 0x3}}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="b5d3838236773268a73daecfa0fdc5beb5a7ac332a11523627b41db31da6be0055bf716aa2b23b97d43cc40c632f6b9850f364ba0831ed0d6f7157f204275aa850d992d81ba6ab984bd809254e847b644cf6459a8139c3ebba62168141343c853896523ffb04131b2786acc44a57f5b1bd33cdaef8dd3c0526b7454eefe5153c5778ce05c77e962fd6bf3a4b9eb05654e64f1867398e202b4920e9ebc08f6e6dc652a12e45445030e0", 0xa9}, {&(0x7f0000000500)="e47ecfc6ce6d4d9cc5a0fbf98f301803da3adfbec8a1d5324076b744b24bc7cf83120d4819726e827d90219c7100dc54801b32c3a9a69a238db1f4d16464062d870e812ee381b6b3c234824a4a4475f9ee81286836e549ff446b0004ad", 0x5d}], 0x2}}], 0x3, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

9.510515932s ago: executing program 0 (id=1158):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0x1}, 0x6)
write$bt_hci(r3, 0x0, 0x2d)
chdir(&(0x7f0000000280)='./file0\x00')
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback, 0x8000}, 0x1c)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100e2ffffff00000000090000003000038014000200626174616476300000000000000000000800010002000000080003000000000020"], 0x44}}, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

9.455413852s ago: executing program 3 (id=1159):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x60000, 0x0)
ioctl$TUNGETVNETLE(r2, 0x800454dd, &(0x7f0000000300))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_KEY(r4, &(0x7f0000000180)={0x0, 0x22, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090000000000feffffff0a00000008000300", @ANYRES32=r5, @ANYBLOB="140050808bab09000200000005000200010200000a0006000802110008010000"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000001c0))
openat$kvm(0x0, 0x0, 0x0, 0x0)
dup(r6)
request_key(&(0x7f0000000040)='cifs.idmap\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000200)='/dev/snd/timer\x00', 0xfffffffffffffffe)
syz_open_procfs(0x0, &(0x7f0000000100)='gid_map\x00')
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

9.195178416s ago: executing program 1 (id=1160):
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000040)=""/37)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000000c0), &(0x7f00000005c0)={'syz', 0x3}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000180fffffffd0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a1720eef87d2ac62bdef31000000069c3552a2d9c7356fadec9fe4693cb9156ed22d815b2c765f1a6406b48c61bfe6f4cc5c8455a54295347d1d0e38ca197be866fd36fe1cfcf8b5e6c31d18fd07e0bb66d3d2920670a2e23cbcc954b957a9dfd0349243c2b2da51e2031b0b2b0f179dc8c0209cf16a4092245255616b2360f8a7b61ca063f80915703adf6ef339c92a4f1a99a9398b86e643310c2fd149691f44a985cb6c3cf13e6d9c1b0ec8ece32266c22c8bf10df44fcb85590e7f088ffd4b9644f0f56fba823d7383ddb8b60840863b98aa332182537f9080b778e64ccbdf7dc0939b3014488efad4102b87b594edda1"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a090000000000007f44ee08b1b7113a6f0ecbb1d4000000020000000900010073797a30000000000900030073797a32000000001400000f000000"], 0x54}}, 0x0)
r7 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x1}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f659a", 0x13a, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r5, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x142)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x60000}, 0x20)
creat(0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x3)
syz_open_procfs(0x0, &(0x7f0000000940)='attr\x00')

7.217776256s ago: executing program 4 (id=1161):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000600))
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x900, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
gettid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
lsm_set_self_attr(0x69, 0x0, 0x106, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0)
mkdir(0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=@framed={{}, [@printk={@p, {}, {}, {}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x5}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='neigh_create\x00', r3, 0x0, 0x100}, 0x18)
r4 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0xff, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1000000000000000000000000000000018"], 0x28}, 0x0)
chdir(&(0x7f0000000140)='./file1\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000640)}, 0x0)
quotactl_fd$Q_SETQUOTA(r5, 0x80000300, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x0, 0x0, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r1, 0xc02464bb, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8})

7.111180133s ago: executing program 1 (id=1162):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r0, 0x560e, 0x0)
timer_create(0xb3b54c18e0590239, 0x0, &(0x7f0000bbdffc))
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x40000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$binfmt_aout(r2, &(0x7f0000000140)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x5, 0x0, "0062ba7d8200000400f6eb2bda00"})
r3 = syz_open_pts(r2, 0x0)
dup3(r3, r2, 0x0)
r4 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0xa00000000000000, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x990, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000e00], 0x0, 0x0, 0x0}, 0xa08)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000001100)=0x12)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32=r5, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

7.110617526s ago: executing program 3 (id=1163):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, &(0x7f0000000680)=""/4096, 0x0, 0x1000, 0x0, 0x10, 0x0, @void, @value}, 0x28)
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000480)={0x0, 0x3, 0xb, @string={0xb, 0x3, "ca1ccae1e119c5580c"}}, 0x0, 0x0, 0x0}, 0x0)
pipe2$watch_queue(&(0x7f0000000500)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, &(0x7f00000001c0)="bf", 0x1, 0xfffffffffffffffd)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x63)
r4 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000240)=0x1, 0x25)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "000001fffbffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "faffffffffffffff"}, 0x28)
sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r1, 0xffffffff)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r2, 0x800442d3, &(0x7f0000002800)={0x0, 0x6, 0x3, @local, 'sit0\x00'})
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0003020000000203c8b93b08db8d51b3d184a246380ba3fadbc2b3f233aab3c7194db0c0f5be029cceb737e4d9769af7bce3c6cb8900b19ddc5d36924a57975b062f27a5d1b5b04398d0518383a7c75ba88f13df46332681775e9031412934e10e45b32582fbfed9d6b9667ac8467fd19db528cdb7c371e4524468d8f1b573dae7ae34f3cd9601506d70eb8b60183223adf20dd36bded9cc6fef2dc096e84c43274de454539789045dde548802019e024a34707fda463314ca25e7af2d0e034fe9c48a8773eda3d4a0e9dce5d72dc1429f9cb5313e7f439561a3fb5cec6c57ba6c3197600a990c96cc2e6441349d3171a0e1aff86796a11760a9ac21e1394f8c0bea7e5a6622ea6ec3812fc9007471228d768390ba7587fda2f016618e74217bb776a5af7e177a2a239566b907ea75e89ea921c311ec4218084e2346be29036f66f291d799adbe254156fbad40a777d23fea0f2462ae85597fb2e029c0690e85cd01d0a6d95c57"]}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="2003434648e54d29e6b747a812a108cfcb8202000000c9a7"], 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f00000001c0)={0x20, 0x0, 0x2, "0500"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

6.52371255s ago: executing program 4 (id=1164):
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010003000000ff1c1b1f1c4000010203010901026809210800060122cb0f09058103ff0310ff52"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r2, &(0x7f0000000100)='./file0\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180))
ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0x800000000000001)
kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x3b8, 0xffffffff, 0x0, 0x0, 0xe4, 0xfeffffff, 0xffffffff, 0x390, 0x390, 0x390, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x4}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418)
r6 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x7, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})

6.377894388s ago: executing program 0 (id=1165):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0xa0000, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0x80, 0x0, 0x7fc0})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, &(0x7f0000000180)={{@any, 0x800}, 0xe07, 0xcb, 0x100, 0x1a560})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
r5 = fanotify_init(0x4, 0x101801)
fanotify_mark(r5, 0x105, 0x40001032, r4, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r6, 0x400, 0x1)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
pwritev2(r8, &(0x7f0000001b40)=[{&(0x7f00000002c0)="ffb5a6cb34f66de050b75407c32410357ef6edd7a3bdaf462c56304aa3420fd24b0dc5e47c799967f99389aa10f28d0e997a7b5f35f54ee0cdbd4b237e178355b1f4c0efcd4feb21236e0d01296ec066e9d085243f839c31a43b784f63dde0b80084b3ae3c45bc8a64ee82f2cf8ad19d8723c59e0a5b583d6f6a00613726", 0x7e}, {&(0x7f0000000780)="f456a322442cd4c94e394eb5e689ef71bef0ca52dd9777ad0455083e09b515a4424caf4b84f370c5e116b1809729a666ed733a9904294c950be5417bfe62f57ee640dc7986d63747256016d6e9d2491ecb10750e2e52a3f7c3b6d775332580ddbc1b1302b8a9f767b4e47b09ba9d4ed2c10bdab489154d5220116105df6c54cf3a4f7c3b4eac464127c2dff5b25dab8f97f50588dcd79b6f2394022bb986bc1132b42592601dfead0c5b", 0xaa}, {&(0x7f0000000840)="21a8ae5ed04c1807fb9ec60cfd4be915bd1a6337b495277937e44e44bff10d4217276dea21c3a6da5e851b11c7276cb861f0e605f7860ddd77d5565e692eb4fbfe34b979cee584cdb8d22c0fdbdfb8b475a8b1ce95a7f9fc122f2bf3ddac7c02af4e3f7a56adf095038cacdeb2858f52096f23c2604806784236773f60f0063a1cf632f01f7aad1109ed836e5605168c88600c9176032dd6", 0x98}, {&(0x7f0000000900)="9bc16c0e296ec4b3505ef4106fbcd7c26433cc1a55b68d83cb87d627b89be803caf1e165faafa86f557aff434c9035cb82ecdca7c5541f485d0007862711b7b700a1ecf798b7d41f80316eb61f6b23bd3a5dd4d794dcd353def49ae7835875b846", 0x61}, {&(0x7f0000000980)="bb5240cc7a030587af896c5d4a35da605d00cecec7a9d5f3fc84a1a982978aa919cbeb8894dcd85cfcc4ccb640d455ddbac017dc13b656b914baae3d70188b4b7deddfe6d3dc9b44bd24a32c86a90c70c3ce4a427f5e4a5e1d34b266b5baebd245c20f222c2dca9c47dde0ec76175bc3ff576042006924fddcb727fbbadfdbf450b9f33fa8e69fcca2a9e671ef8ec4cde6f21c7be59f5bc06a9b6ddb0561268fe72a1084d12f815e861322fb62fcf992174718b909f480383c438626fbb2e8b2a344274c7396dab3bf3048ec58d330ea1a0f54ebbc05c68336bc5516e1346c73d06cbb0dbc979a0caf74a6c29c411dea5a8e36ba", 0xf4}, {&(0x7f0000000a80)="f58c56b2481d5034bea9defa9f645403c839264f396f1deb57193b2ffce78d05be30a6f02041c53f94fdacd38fdaa25d5f084ad6c2bbe39d69156d9a26d8111726084306f37820c9073b6550afd1193f3391b029d2d2724444d23aff129af96ffc61bbd2af8729c1a5926c7ca812cb77525abbfabf6300a3018f602646d6c25543d42c2c25ab68259ddb26c54a64c310fe5b62d239c2e24c9455409ff8372ff37d43770045da1d42bfcc", 0xaa}, {&(0x7f0000000b40)="49cb2328793dc77cb7e41ada058fdbde1a78297e71b53f16d80e78fb4165869210b7e5163cc9f064d881423bbb1267eaadbc9c52f6f5a7874c48d96a071141440a37b2d78d243fc46de64af9fc30784d84bfc571bf40d54184095046591f418619546d19b26419167ce96a89743761c6263a7cbb63222a192b5183e506c2ab8577e7d1514e6672730c1e6c04e91df53190e2288470bf01d763a7db3621ea8d1b5747c736912b0040514df75de30eb92fa36c00c38b07697048f566ff9612067915a0801e85ce191ce4628a1fa6603b4451e8be73d6fc657d56eda9bccd7ae9ba22ae1e5208a0e26cf90145df5ef203d901ba7d24b90a9f42514d2eca82352772d5d373b1a1e7a486eee78e068e165d2bf49429415d2ba37c36a2b65f9d14b1080ce415705b52a2b52d34d17853a1a887fb35b5c1cd64c4ab44b47593f4af5210d04d893efcdd6796151116c05d238d27e466f71d73faff4426937632240cb54a7c061d4b85e13b373e7d9c678d71d84b7b998caa5d388a14c9659c0ecd9c84d55c00ee3bebac0f82ed5b3b9ef45aad678a3d6b080da47c53a879913c71a52ab1c82aefd8f817829e19809235c457a5ed78013c548d44741d90850ba13bdead1d83a6343ae9da40d88d334c803ac60fee071b5fb1c576ef5be124f787cb7af016e6af47c7beadbe2061f456bf2a67a0c1cb3ad427950f945b8dc3088045aea1d4f240ed0fd5e3dd72b4969100058248c16c44cfd56c73962bb0af8c20720abe6ff66be784fd58ea067ddaa445c0c45b88cb6128ea9d87774d1e53d1ac9e18ec0c4b0c331123a09d868d9148cbd493a78940c4caccb6fc2241b457d0e2db09b9d6f2078f715a3a77b629406e7bc2ffebcfc3a5848f01c4f71445b679ddcc1404e90360b0c8734e9d63950ca0582035863292f953e53192335ccac7c642b0369fb89e3d15f82c4d68e93af3738e6de9f2ae718d9cae18ce5906a769c7eb5406debe41e51beeb8a75bf007fb0e80d99da5d458ff62985c14f46b2911185342e54b86d5d96cad1737eafc794e28e0a5c0ab80f80f34b787bf8421c83c2a77a9b783f70893716653964fe5a98521ec8ffedd4541f30378163e5325671b9528130bfc5d62ed6355a4868f7b8e3ace3381ae4f1057b5dfbd8062d541f3279771bfa97e7d37eab3318a7ff4714e6432309fa1f1eec7c830ed1bc3e2eed4bb5ccb01fb067d5db4756cb45a831028425d5ff83834ae6b1c49ec9cfdb7ae59e0a00c907407f7b4d916e0e1a47a2548162ecc7f759b001eb8227d2c38f9e2170ba095077346577f1b384fc29829486de18723663d5d831f965a88f22c928e7db125979b23346eb48fd9218f5405978343d0545d2d525958ce90782643bb2456a309dc1d5e7301d5463b4d446b96e1c765af0daef04dd5c340e17a51948b92750b8a9985cf7273abe8e72cce095e9da25a72efcf4ea5fbf945e7ffabc7b4e06ab5265dcb3d1c61eb752eed535716e158b49cd0ee22f90379c19f28cb93e171a085c29aad71c435bf9f7d9d6a3e8337354ae6c1d9606b4ab80c1149401fdb813557e478df4176e42fb5d805d0f835978566bc614d49bd73c12c89e2e04b8633c0b563d069b7a72b1a52a0464487043588fe2560d0ebfcd259dcc3b46858f298791ac3cde56c81e70c52c9451dcabf877360d77429affd871b4ae7ee4ce4d9dea03ec3622c2014508bae07b5c369e2bbceeb2de79686f2f714391edbe587684a4efc219d69611755ba089703c7c4a65131f6fc2a12a39005fb292c6ce078c761a88ea860444da9eb13d9380dc8ba7ec686e999f883777ee301479600fb280f05066946c7f5ad0ce6e114339fa606b8bbdc793500fb701174614d0e8a0147c240f27107deb639a8cedce56fb660b58f5abfc965675a58f2bd45f356045dee604b7360c190795c5773dd297264df9004850656447477bd86b7d7322eee44231e9db31a8ecf6c49a71f6024812e686fc6146e8fe8e47eb8c8ffe0f91020a81ac8f85c1f6fe50a4f6933bd0c0e4e345cca41fdab4a626fd65a49af3d3fe50900b99343cf2bd86f302c5a3b91b69c49cff50220fe9dbc9a61ce7f6cd49aa4b37b173c9c6ef8bd5b9e7da6d02b19ff8060adb0617cc9a1120461350edc86c43bc0a6be5dd18c039d59fb10203378ee040ac0354230b20e9da1d1c8826e622b395a49fb77ab80341bb8e63272db68265400bf9349d7bea3f4470764b4718c5ae3622b0e5fe655535e6e72e7bb9c9b53f698298aa5a27fb6cf030f6c0fbe60c14bec4805654a63eb37cccc9da52d20250ebb8c02a6e64f90df1e5850b8c4281d2c93716f3a2db30fb1931e722d062081455a0576514fea7df2664d20e1ff4d4dc14ae167993029955643ee879e5d967a5e2c51fe4243e14945759a213fce564f6d0fdeff98e2242aa4e6ba8afe874310de3f983ef9003179222da3ed86c57496e7d002b6b784ce0674428ce8d20c1adf2bb8b0a03ac1cfc8a95871d78393df815872f826cb254aae0d94eb6e88d722a48efa48191e3446b5b29ae0165a0822c5d3dee861730692df2fb1f15c768a2425951c1618e7a59317ba0eaffb6c90b74eadbc4b0d906a7527050c9dc16d4b74541e8ab45c055b1068f6ef736d10e7087cccbef9d2194e02c30378ee234648cb287bc9b3ceeefe43e663b5b0cde53c2d1b4d1dc1936cecad453eec053964ec64ce23e44f4ee8702eae7fc3087fbf3c9122c8089bf7e8592ea0b69b35290650b6ae0351a4a030ff9884ed4801347bf561f469bf77c55e04d35aa69de9774ab23235e07195e556dd569be72a9d92bc2c768733fcdc4b5888cf9dc2c94d031208f3dd06aee47045a0684dbf3c426ce2e22cc3faf3b00cc0aaa7d918128c2ee392e113de23b3f5d21688b98568de9babc7bd2ba4478e8ce94a0db6e6def41ca811a46b94c8e0095f10c22d40fd315e31112ed7a0ad59b287df62efb538b48027859037ae5b6dac8a590b872c6642ab9df310b015c448112e925eadc1f2ff94a089d60d868cf33c02cb5c9f65d5407191a8730582c5c42b7a6f335f9f4ae822a94e62811c0db10a6a2a90a28d4551b9aaf14647314ff3ae343ec38c1df1aac41c5b9087baf293419a670ffda3c60844e76611019b4c560aeb93ebd050b9e6a6619b1a6faff5c21eabae95b279feeda23c73d05fc952e1cf1309ec072e069ccb98ddaebbe238722e9b4305c2030fea2e036056b527e8157ea16e36bf90aec4e0ca795d8bef4cf2f24fa1f3ed4fb234cbfc3ae14f23bc224cd7f6402c9f40f2dc23eed89b6a3d86878c1ac32fe389cc7be11ca88b3b977f988d2e17376fcce6046a4bf0598f504d947456a80c48270f38140706e9a9a78238d2d408191c18d4ca83c0989eab5dde674675481148a1085a9dc24ea9ec6fee664394aa8b515731b6fbb5cd082298ddabd00e86ee6d4f4654b3609c103e671a4174e05295ae2a06be051f4565d1e5acf90944a7ba7c915fbaac25d75c46b4c4ac8f9c2a137692e94e8cb38e8dca4e1b45092e7a4f850087cce28eb7688d70892e0b59f4d39f7e38528ea142f44418a0ca4041b86ccb37865c0829ff77c47d305a87c9e4bc5d3939f07fb90f5a06cc89457e3af3230892e33fd62c6dc74a671250f623fc9a8a392a7e7e2f70c2c0b8a279292e9128563dd2af099a750c974788de105cb886f9308ddf84d5faaf392008c439f67bd673b139c9e6970feb4d405d0d3e1b30c01fd456f3caf61be50c5d9d544e5a8e8d82fab47f9240eb3ce639e9c7b1542b2eef3cbdb16c412ee272cc784d7705c2ea8983b563c7298d6eb67c4b648b33fe3c2721cf6dda43984b6bab14a59b80677efcf0d6a4b216d05a291af6da8b68f268ac7c25ff4482325ee93af1c778eb3c8fe8b6047bf600b911528e7a95b43c8d19996e23311a450fd3753f7af3599bfb8219f038e344d5e9734337c7d40803ced55e75fba2b798b1ba6957becac297c78882657d215791baaaa65dd674d86a0a43ddee3844dbf19c1dbd0d86bdff8cd6759878db67f24e8f3914a188b5821636c02ef3086b8db85557450a752322151ebc95e45e903fdb8a21974e9fa9336fb50c85379204424422ff373f32adaf3208807253a0532eac453ea12fa9754b8f862dcd75d7d76e6adc567a6cc176e275830eb7bbb89fce15cd6a7af165057b8e3d31b770871faeb8831dbf0310bfba33404663375ae474e12c42f2eee4e679a39a8496d1ba59644ab47bb807813d4fd3793a0ab5d7c2c2922c1ecdd7a1345c22778ee71a6dff30c409dca92f3a4ba33a2bfb68dfc3d692b7554d3a9081efd4ab31a9ac1fae3e02893abb58ef30d018afbe4a66bd30a7c78ff4f86f2e044e67ecab3d1a6cb40ad5e51e84f9c1a2dfa352b9904465ba1bd293592a8d463b9117f45f75f4d0ca6a083442d352b46bc8f63b8201f7b44f10958d2f1ad57565fded06d17bf5cfd4dd494e3591ed21941de42693bd9e68776930b00b6d67499029d0abcc93b99dd21e829e6e06f743a8d2a3ddb7dd6ba025e171e376739d024bd1d29afb7d3e449b3c74c8c4068a82b69efbf765b0e3f13a6eb6bea3d15d1c114edaebf45f1ab92b24da8fc6399f9043334007301d7e4a504d9a50879ab4a2cf33917b016977c8664304f1759eeb4524183a1e0d01119c7d3529bd32bf58f594c57ea277521d384d9d1a2a02c1f94f351c703c2a2d9a83c46054d3e463d54fcabc390b186bc68cbd742af9eddd3361f57c3aa37c93f41fe8aa0b8ef671137457561b316c53fe6897d560e266cf69083a952d127678652db40e3ff2a7860a198874ccc411e176f35607a94747987194402794b48e54e173f02b6e03f9dceec3956c88ee6a71acd7ac535acccdc97aed0790b5a621640b9404c46d12d882a87ff92be8d99de5d0730cb299c73bbb7e13266de7f05691619dd4da18ffea5c55292cea0eb004eae876f57cb2d9bedb118fc9c080e36b67b2bb0c59d020ce676848058ec2c735fd925622bfb776a701077618b2a81589b92530673558d15bef90514aa0a67750c57298bc2cedaddaf1c368b44ef9bee8db89771cc27f476df5afde35aebf0bc0c0fe54dd29aa094e9d6b578c1a8fb24523209e4f7f065618bbb5d495519eb13164ae621e186f156ba0a14dbffb91462cd432c23e298cb630a15feaf80e415ebc2398146bb6987aaeff753beaa1248b0e789ea79b1d969d40b7c775e2a7143ff2a9c1957ec5118d88f39d91a339bf417fafd766f37fe6b4f75b0fb67e1e84151c1635d5fe0df8b0e52a361448ef666bdb95992084a13fc8e11131e3101373b86c4c61367a1d294d91d77dea471011a16ea35360df262dbe462525a2b99a6c4d76240484da8ff73e26c6ab101ba96c79a5a09eb73794a32dea45035248eb4ca492c7fdc06cdcfd1dd8e67146f045980b2834b6ac0672eb917e370ed5b78f3aed1d0395b59bf75145800d86f21176b6f0283f0b4fa2777a31a3033f3b8a1d95911bbdeb87e153707cf40400daedd070acb343002c9748d6a2d4c49535133d9d0999490c806059548f782af09406694a6b8c56a65d74c0897dde844f40f723ac3df6d5055b1bc517847b7318bcf21c4b91d3e7c8a940895408ff9b67f5e7be6a2b947e176e3c54624d836064494cab31fa8d8143e9e43eff9f36ef44bf8815b3784c5289f0272de9876153a5710ba4c8010d4dbf5162e92123297f9b1356cfff7c121a7b00b33af2fa87c1122c326e418eb282b9094847a1cfc0cf45a53b0382095f7514aa6ad0", 0x1000}, {&(0x7f0000000240)}], 0x8, 0x7, 0xffffffff, 0x17)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r7, r9, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x61, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r9, 0x4400ae8f, &(0x7f0000000380)={"0d78979038728ac34e605fdaf0834b15989a2e035c2cbd8818d93504457c83594d580ff3d7d59e704ac99ab5a66d65c8ed87d229e38300625b9824ea189b775e6798340a56dd4235cfcb59ccb775b8fb3d09c110674fb47bf8f5d74ae8e8bc790f93f6a975b5b88c382ac10aad39c1f4ef05f03f4ef11e71ea072eb065aa3051e72d51b2a32d8be382bc3e2d016d92938dffb7db8bd4960983b678178d65432e471741c18befef4d195c305b968f8482d77446c877f31345c56a363f68ab0f97189b8d226f8dc16c146f422c54e64a8ab9a1df29a78dcf121265389cce4d4c028863ded6424ed85f2459e731e083d21ee2373537066727f43494e9805109e79fcdbd2e9d77a2f7ddef0e0051e6abf26917b02ae54f1ca28d0c9d04cff1494f2af18fab499e90782983aa25163e709463038b4cc1ed3542f78211845de7f6c4d9c5b0ae984e13daf98cc0ef4786c8ffddb2b5d41a55167a04bf9ec4ac36258703c6172a2d615e771b29cb4c20a3ed978e47e1124038ab6a867c02858748389464bd642c47acbafb46d72a63257615c643db696e597dcb3d93ca45ea8b65f2b541cf1df8adee87d153e6cefc19db36329e4c9546b60de927516dc790a465869f5398d6b2d058194b922147ed46b49c47feab9c18ac3c9806fac19134d159e7872d31c10f0a9fb4af905494b80e45736d5c8641260bd81d9041b8c28acec9c0465dc8adab47b2089395e74e0d8208d880ee502877155da9102ffe6449302fe7d502ac83521918642ecce911a2d09c1469988dae8c55a4f9a30768fa29be948f228c1ae97e758023c7640fa2bb39e3b3d431c19e3ecea4d02bd69c5ac9a22e7e800d5549450d8ce0dac8641f78b42f813a1f9df41b865a1ee690f55ed0919c2746e4e757d4e916d71bb54f17b72cf5ae0182eb908d0fcaac1d57defb157cc1ee742ddb1073c437bf010c5e2412a1001eedf34a902e5ffca303ca49bd18e50298af4131433ebb6bc575607c2fd23dde277a8e59891600c1778b35994ff852f0e4ee2e2cfd4fbbdac77c89b6ffbe363eec7a142ce89d9adf35bd3346ccac467488a1b474c803b2fbc76aaa9de81d205e4d431ed10e76233ac64e59001e8e762d176f998add4ae7a31f15259f41919e167a718ea38cadf9a7e776413121ae701de817f2fb6b85cfa47c59c7604f2b0a4166ae05c34f2184dca817fbf9f9220c42ca52a1eff03bb6709cae1ae59cacb04e21e897bd802f952a2f6de66568ee69fe7eac2cae483eba16d2486a3b1a750e02318a4a703319c21f58ce9ec6d3759f22ba87c7339928dc22a5a6a918ce439b44c0cb27e3b02ac9dbb1c3c1aa22d048c78821b30a74be8fbe74bf2c9595debbd29926f72243837766d64cf26202b71a76738b37f285d0c2bbbdbd6260fd756e68b728c9979a57cc87175b46cea08b2428f42d4a"})
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)

6.343986319s ago: executing program 2 (id=1166):
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000040)=""/37)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000000c0), &(0x7f00000005c0)={'syz', 0x3}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000180fffffffd0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a1720eef87d2ac62bdef31000000069c3552a2d9c7356fadec9fe4693cb9156ed22d815b2c765f1a6406b48c61bfe6f4cc5c8455a54295347d1d0e38ca197be866fd36fe1cfcf8b5e6c31d18fd07e0bb66d3d2920670a2e23cbcc954b957a9dfd0349243c2b2da51e2031b0b2b0f179dc8c0209cf16a4092245255616b2360f8a7b61ca063f80915703adf6ef339c92a4f1a99a9398b86e643310c2fd149691f44a985cb6c3cf13e6d9c1b0ec8ece32266c22c8bf10df44fcb85590e7f088ffd4b9644f0f56fba823d7383ddb8b60840863b98aa332182537f9080b778e64ccbdf7dc0939b3014488efad4102b87b594edda1"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a090000000000007f44ee08b1b7113a6f0ecbb1d4000000020000000900010073797a30000000000900030073797a32000000001400000f000000"], 0x54}}, 0x0)
r7 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x1}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f659a", 0x13a, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r5, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x142)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x60000}, 0x20)
creat(0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x3)
syz_open_procfs(0x0, &(0x7f0000000940)='attr\x00')

5.589700159s ago: executing program 0 (id=1167):
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
readv(r5, &(0x7f0000000080)=[{0x0}], 0x1)
tkill(0x0, 0xb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r7=>0x0})
connect$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, r7}, 0x18)
sendmsg$nl_route(r0, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB='$\x00'/20, @ANYRES32=r7, @ANYBLOB="0c0001800500030002000000"], 0x24}, 0x1, 0x0, 0x0, 0x300440c0}, 0x4000)
connect$bt_rfcomm(r6, &(0x7f00000000c0)={0x1f, @none, 0x9}, 0xa)

4.806278927s ago: executing program 2 (id=1168):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0xa0000, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r3, 0x4068aea3, &(0x7f0000000080)={0x80, 0x0, 0x7fc0})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, &(0x7f0000000180)={{@any, 0x800}, 0xe07, 0xcb, 0x100, 0x1a560})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
r7 = fanotify_init(0x4, 0x101801)
fanotify_mark(r7, 0x105, 0x40001032, r6, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r8, 0x400, 0x1)
read$FUSE(r7, &(0x7f00000057c0)={0x2020}, 0x2020)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000001b40)=[{&(0x7f00000002c0)="ffb5a6cb34f66de050b75407c32410357ef6edd7a3bdaf462c56304aa3420fd24b0dc5e47c799967f99389aa10f28d0e997a7b5f35f54ee0cdbd4b237e178355b1f4c0efcd4feb21236e0d01296ec066e9d085243f839c31a43b784f63dde0b80084b3ae3c45bc8a64ee82f2cf8ad19d8723c59e0a5b583d6f6a00613726", 0x7e}, {&(0x7f0000000780)="f456a322442cd4c94e394eb5e689ef71bef0ca52dd9777ad0455083e09b515a4424caf4b84f370c5e116b1809729a666ed733a9904294c950be5417bfe62f57ee640dc7986d63747256016d6e9d2491ecb10750e2e52a3f7c3b6d775332580ddbc1b1302b8a9f767b4e47b09ba9d4ed2c10bdab489154d5220116105df6c54cf3a4f7c3b4eac464127c2dff5b25dab8f97f50588dcd79b6f2394022bb986bc1132b42592601dfead0c5b", 0xaa}, {&(0x7f0000000840)="21a8ae5ed04c1807fb9ec60cfd4be915bd1a6337b495277937e44e44bff10d4217276dea21c3a6da5e851b11c7276cb861f0e605f7860ddd77d5565e692eb4fbfe34b979cee584cdb8d22c0fdbdfb8b475a8b1ce95a7f9fc122f2bf3ddac7c02af4e3f7a56adf095038cacdeb2858f52096f23c2604806784236773f60f0063a1cf632f01f7aad1109ed836e5605168c88600c9176032dd6", 0x98}, {&(0x7f0000000900)="9bc16c0e296ec4b3505ef4106fbcd7c26433cc1a55b68d83cb87d627b89be803caf1e165faafa86f557aff434c9035cb82ecdca7c5541f485d0007862711b7b700a1ecf798b7d41f80316eb61f6b23bd3a5dd4d794dcd353def49ae7835875b846", 0x61}, {&(0x7f0000000980)="bb5240cc7a030587af896c5d4a35da605d00cecec7a9d5f3fc84a1a982978aa919cbeb8894dcd85cfcc4ccb640d455ddbac017dc13b656b914baae3d70188b4b7deddfe6d3dc9b44bd24a32c86a90c70c3ce4a427f5e4a5e1d34b266b5baebd245c20f222c2dca9c47dde0ec76175bc3ff576042006924fddcb727fbbadfdbf450b9f33fa8e69fcca2a9e671ef8ec4cde6f21c7be59f5bc06a9b6ddb0561268fe72a1084d12f815e861322fb62fcf992174718b909f480383c438626fbb2e8b2a344274c7396dab3bf3048ec58d330ea1a0f54ebbc05c68336bc5516e1346c73d06cbb0dbc979a0caf74a6c29c411dea5a8e36ba", 0xf4}, {&(0x7f0000000a80)="f58c56b2481d5034bea9defa9f645403c839264f396f1deb57193b2ffce78d05be30a6f02041c53f94fdacd38fdaa25d5f084ad6c2bbe39d69156d9a26d8111726084306f37820c9073b6550afd1193f3391b029d2d2724444d23aff129af96ffc61bbd2af8729c1a5926c7ca812cb77525abbfabf6300a3018f602646d6c25543d42c2c25ab68259ddb26c54a64c310fe5b62d239c2e24c9455409ff8372ff37d43770045da1d42bfcc", 0xaa}, {&(0x7f0000000b40)="49cb2328793dc77cb7e41ada058fdbde1a78297e71b53f16d80e78fb4165869210b7e5163cc9f064d881423bbb1267eaadbc9c52f6f5a7874c48d96a071141440a37b2d78d243fc46de64af9fc30784d84bfc571bf40d54184095046591f418619546d19b26419167ce96a89743761c6263a7cbb63222a192b5183e506c2ab8577e7d1514e6672730c1e6c04e91df53190e2288470bf01d763a7db3621ea8d1b5747c736912b0040514df75de30eb92fa36c00c38b07697048f566ff9612067915a0801e85ce191ce4628a1fa6603b4451e8be73d6fc657d56eda9bccd7ae9ba22ae1e5208a0e26cf90145df5ef203d901ba7d24b90a9f42514d2eca82352772d5d373b1a1e7a486eee78e068e165d2bf49429415d2ba37c36a2b65f9d14b1080ce415705b52a2b52d34d17853a1a887fb35b5c1cd64c4ab44b47593f4af5210d04d893efcdd6796151116c05d238d27e466f71d73faff4426937632240cb54a7c061d4b85e13b373e7d9c678d71d84b7b998caa5d388a14c9659c0ecd9c84d55c00ee3bebac0f82ed5b3b9ef45aad678a3d6b080da47c53a879913c71a52ab1c82aefd8f817829e19809235c457a5ed78013c548d44741d90850ba13bdead1d83a6343ae9da40d88d334c803ac60fee071b5fb1c576ef5be124f787cb7af016e6af47c7beadbe2061f456bf2a67a0c1cb3ad427950f945b8dc3088045aea1d4f240ed0fd5e3dd72b4969100058248c16c44cfd56c73962bb0af8c20720abe6ff66be784fd58ea067ddaa445c0c45b88cb6128ea9d87774d1e53d1ac9e18ec0c4b0c331123a09d868d9148cbd493a78940c4caccb6fc2241b457d0e2db09b9d6f2078f715a3a77b629406e7bc2ffebcfc3a5848f01c4f71445b679ddcc1404e90360b0c8734e9d63950ca0582035863292f953e53192335ccac7c642b0369fb89e3d15f82c4d68e93af3738e6de9f2ae718d9cae18ce5906a769c7eb5406debe41e51beeb8a75bf007fb0e80d99da5d458ff62985c14f46b2911185342e54b86d5d96cad1737eafc794e28e0a5c0ab80f80f34b787bf8421c83c2a77a9b783f70893716653964fe5a98521ec8ffedd4541f30378163e5325671b9528130bfc5d62ed6355a4868f7b8e3ace3381ae4f1057b5dfbd8062d541f3279771bfa97e7d37eab3318a7ff4714e6432309fa1f1eec7c830ed1bc3e2eed4bb5ccb01fb067d5db4756cb45a831028425d5ff83834ae6b1c49ec9cfdb7ae59e0a00c907407f7b4d916e0e1a47a2548162ecc7f759b001eb8227d2c38f9e2170ba095077346577f1b384fc29829486de18723663d5d831f965a88f22c928e7db125979b23346eb48fd9218f5405978343d0545d2d525958ce90782643bb2456a309dc1d5e7301d5463b4d446b96e1c765af0daef04dd5c340e17a51948b92750b8a9985cf7273abe8e72cce095e9da25a72efcf4ea5fbf945e7ffabc7b4e06ab5265dcb3d1c61eb752eed535716e158b49cd0ee22f90379c19f28cb93e171a085c29aad71c435bf9f7d9d6a3e8337354ae6c1d9606b4ab80c1149401fdb813557e478df4176e42fb5d805d0f835978566bc614d49bd73c12c89e2e04b8633c0b563d069b7a72b1a52a0464487043588fe2560d0ebfcd259dcc3b46858f298791ac3cde56c81e70c52c9451dcabf877360d77429affd871b4ae7ee4ce4d9dea03ec3622c2014508bae07b5c369e2bbceeb2de79686f2f714391edbe587684a4efc219d69611755ba089703c7c4a65131f6fc2a12a39005fb292c6ce078c761a88ea860444da9eb13d9380dc8ba7ec686e999f883777ee301479600fb280f05066946c7f5ad0ce6e114339fa606b8bbdc793500fb701174614d0e8a0147c240f27107deb639a8cedce56fb660b58f5abfc965675a58f2bd45f356045dee604b7360c190795c5773dd297264df9004850656447477bd86b7d7322eee44231e9db31a8ecf6c49a71f6024812e686fc6146e8fe8e47eb8c8ffe0f91020a81ac8f85c1f6fe50a4f6933bd0c0e4e345cca41fdab4a626fd65a49af3d3fe50900b99343cf2bd86f302c5a3b91b69c49cff50220fe9dbc9a61ce7f6cd49aa4b37b173c9c6ef8bd5b9e7da6d02b19ff8060adb0617cc9a1120461350edc86c43bc0a6be5dd18c039d59fb10203378ee040ac0354230b20e9da1d1c8826e622b395a49fb77ab80341bb8e63272db68265400bf9349d7bea3f4470764b4718c5ae3622b0e5fe655535e6e72e7bb9c9b53f698298aa5a27fb6cf030f6c0fbe60c14bec4805654a63eb37cccc9da52d20250ebb8c02a6e64f90df1e5850b8c4281d2c93716f3a2db30fb1931e722d062081455a0576514fea7df2664d20e1ff4d4dc14ae167993029955643ee879e5d967a5e2c51fe4243e14945759a213fce564f6d0fdeff98e2242aa4e6ba8afe874310de3f983ef9003179222da3ed86c57496e7d002b6b784ce0674428ce8d20c1adf2bb8b0a03ac1cfc8a95871d78393df815872f826cb254aae0d94eb6e88d722a48efa48191e3446b5b29ae0165a0822c5d3dee861730692df2fb1f15c768a2425951c1618e7a59317ba0eaffb6c90b74eadbc4b0d906a7527050c9dc16d4b74541e8ab45c055b1068f6ef736d10e7087cccbef9d2194e02c30378ee234648cb287bc9b3ceeefe43e663b5b0cde53c2d1b4d1dc1936cecad453eec053964ec64ce23e44f4ee8702eae7fc3087fbf3c9122c8089bf7e8592ea0b69b35290650b6ae0351a4a030ff9884ed4801347bf561f469bf77c55e04d35aa69de9774ab23235e07195e556dd569be72a9d92bc2c768733fcdc4b5888cf9dc2c94d031208f3dd06aee47045a0684dbf3c426ce2e22cc3faf3b00cc0aaa7d918128c2ee392e113de23b3f5d21688b98568de9babc7bd2ba4478e8ce94a0db6e6def41ca811a46b94c8e0095f10c22d40fd315e31112ed7a0ad59b287df62efb538b48027859037ae5b6dac8a590b872c6642ab9df310b015c448112e925eadc1f2ff94a089d60d868cf33c02cb5c9f65d5407191a8730582c5c42b7a6f335f9f4ae822a94e62811c0db10a6a2a90a28d4551b9aaf14647314ff3ae343ec38c1df1aac41c5b9087baf293419a670ffda3c60844e76611019b4c560aeb93ebd050b9e6a6619b1a6faff5c21eabae95b279feeda23c73d05fc952e1cf1309ec072e069ccb98ddaebbe238722e9b4305c2030fea2e036056b527e8157ea16e36bf90aec4e0ca795d8bef4cf2f24fa1f3ed4fb234cbfc3ae14f23bc224cd7f6402c9f40f2dc23eed89b6a3d86878c1ac32fe389cc7be11ca88b3b977f988d2e17376fcce6046a4bf0598f504d947456a80c48270f38140706e9a9a78238d2d408191c18d4ca83c0989eab5dde674675481148a1085a9dc24ea9ec6fee664394aa8b515731b6fbb5cd082298ddabd00e86ee6d4f4654b3609c103e671a4174e05295ae2a06be051f4565d1e5acf90944a7ba7c915fbaac25d75c46b4c4ac8f9c2a137692e94e8cb38e8dca4e1b45092e7a4f850087cce28eb7688d70892e0b59f4d39f7e38528ea142f44418a0ca4041b86ccb37865c0829ff77c47d305a87c9e4bc5d3939f07fb90f5a06cc89457e3af3230892e33fd62c6dc74a671250f623fc9a8a392a7e7e2f70c2c0b8a279292e9128563dd2af099a750c974788de105cb886f9308ddf84d5faaf392008c439f67bd673b139c9e6970feb4d405d0d3e1b30c01fd456f3caf61be50c5d9d544e5a8e8d82fab47f9240eb3ce639e9c7b1542b2eef3cbdb16c412ee272cc784d7705c2ea8983b563c7298d6eb67c4b648b33fe3c2721cf6dda43984b6bab14a59b80677efcf0d6a4b216d05a291af6da8b68f268ac7c25ff4482325ee93af1c778eb3c8fe8b6047bf600b911528e7a95b43c8d19996e23311a450fd3753f7af3599bfb8219f038e344d5e9734337c7d40803ced55e75fba2b798b1ba6957becac297c78882657d215791baaaa65dd674d86a0a43ddee3844dbf19c1dbd0d86bdff8cd6759878db67f24e8f3914a188b5821636c02ef3086b8db85557450a752322151ebc95e45e903fdb8a21974e9fa9336fb50c85379204424422ff373f32adaf3208807253a0532eac453ea12fa9754b8f862dcd75d7d76e6adc567a6cc176e275830eb7bbb89fce15cd6a7af165057b8e3d31b770871faeb8831dbf0310bfba33404663375ae474e12c42f2eee4e679a39a8496d1ba59644ab47bb807813d4fd3793a0ab5d7c2c2922c1ecdd7a1345c22778ee71a6dff30c409dca92f3a4ba33a2bfb68dfc3d692b7554d3a9081efd4ab31a9ac1fae3e02893abb58ef30d018afbe4a66bd30a7c78ff4f86f2e044e67ecab3d1a6cb40ad5e51e84f9c1a2dfa352b9904465ba1bd293592a8d463b9117f45f75f4d0ca6a083442d352b46bc8f63b8201f7b44f10958d2f1ad57565fded06d17bf5cfd4dd494e3591ed21941de42693bd9e68776930b00b6d67499029d0abcc93b99dd21e829e6e06f743a8d2a3ddb7dd6ba025e171e376739d024bd1d29afb7d3e449b3c74c8c4068a82b69efbf765b0e3f13a6eb6bea3d15d1c114edaebf45f1ab92b24da8fc6399f9043334007301d7e4a504d9a50879ab4a2cf33917b016977c8664304f1759eeb4524183a1e0d01119c7d3529bd32bf58f594c57ea277521d384d9d1a2a02c1f94f351c703c2a2d9a83c46054d3e463d54fcabc390b186bc68cbd742af9eddd3361f57c3aa37c93f41fe8aa0b8ef671137457561b316c53fe6897d560e266cf69083a952d127678652db40e3ff2a7860a198874ccc411e176f35607a94747987194402794b48e54e173f02b6e03f9dceec3956c88ee6a71acd7ac535acccdc97aed0790b5a621640b9404c46d12d882a87ff92be8d99de5d0730cb299c73bbb7e13266de7f05691619dd4da18ffea5c55292cea0eb004eae876f57cb2d9bedb118fc9c080e36b67b2bb0c59d020ce676848058ec2c735fd925622bfb776a701077618b2a81589b92530673558d15bef90514aa0a67750c57298bc2cedaddaf1c368b44ef9bee8db89771cc27f476df5afde35aebf0bc0c0fe54dd29aa094e9d6b578c1a8fb24523209e4f7f065618bbb5d495519eb13164ae621e186f156ba0a14dbffb91462cd432c23e298cb630a15feaf80e415ebc2398146bb6987aaeff753beaa1248b0e789ea79b1d969d40b7c775e2a7143ff2a9c1957ec5118d88f39d91a339bf417fafd766f37fe6b4f75b0fb67e1e84151c1635d5fe0df8b0e52a361448ef666bdb95992084a13fc8e11131e3101373b86c4c61367a1d294d91d77dea471011a16ea35360df262dbe462525a2b99a6c4d76240484da8ff73e26c6ab101ba96c79a5a09eb73794a32dea45035248eb4ca492c7fdc06cdcfd1dd8e67146f045980b2834b6ac0672eb917e370ed5b78f3aed1d0395b59bf75145800d86f21176b6f0283f0b4fa2777a31a3033f3b8a1d95911bbdeb87e153707cf40400daedd070acb343002c9748d6a2d4c49535133d9d0999490c806059548f782af09406694a6b8c56a65d74c0897dde844f40f723ac3df6d5055b1bc517847b7318bcf21c4b91d3e7c8a940895408ff9b67f5e7be6a2b947e176e3c54624d836064494cab31fa8d8143e9e43eff9f36ef44bf8815b3784c5289f0272de9876153a5710ba4c8010d4dbf5162e92123297f9b1356cfff7c121a7b00b33af2fa87c1122c326e418eb282b9094847a1cfc0cf45a53b0382095f7514aa6ad0", 0x1000}, {&(0x7f0000000240)}], 0x8, 0x7, 0xffffffff, 0x17)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r9, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x61, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r10, 0x4400ae8f, &(0x7f0000000380)={"0d78979038728ac34e605fdaf0834b15989a2e035c2cbd8818d93504457c83594d580ff3d7d59e704ac99ab5a66d65c8ed87d229e38300625b9824ea189b775e6798340a56dd4235cfcb59ccb775b8fb3d09c110674fb47bf8f5d74ae8e8bc790f93f6a975b5b88c382ac10aad39c1f4ef05f03f4ef11e71ea072eb065aa3051e72d51b2a32d8be382bc3e2d016d92938dffb7db8bd4960983b678178d65432e471741c18befef4d195c305b968f8482d77446c877f31345c56a363f68ab0f97189b8d226f8dc16c146f422c54e64a8ab9a1df29a78dcf121265389cce4d4c028863ded6424ed85f2459e731e083d21ee2373537066727f43494e9805109e79fcdbd2e9d77a2f7ddef0e0051e6abf26917b02ae54f1ca28d0c9d04cff1494f2af18fab499e90782983aa25163e709463038b4cc1ed3542f78211845de7f6c4d9c5b0ae984e13daf98cc0ef4786c8ffddb2b5d41a55167a04bf9ec4ac36258703c6172a2d615e771b29cb4c20a3ed978e47e1124038ab6a867c02858748389464bd642c47acbafb46d72a63257615c643db696e597dcb3d93ca45ea8b65f2b541cf1df8adee87d153e6cefc19db36329e4c9546b60de927516dc790a465869f5398d6b2d058194b922147ed46b49c47feab9c18ac3c9806fac19134d159e7872d31c10f0a9fb4af905494b80e45736d5c8641260bd81d9041b8c28acec9c0465dc8adab47b2089395e74e0d8208d880ee502877155da9102ffe6449302fe7d502ac83521918642ecce911a2d09c1469988dae8c55a4f9a30768fa29be948f228c1ae97e758023c7640fa2bb39e3b3d431c19e3ecea4d02bd69c5ac9a22e7e800d5549450d8ce0dac8641f78b42f813a1f9df41b865a1ee690f55ed0919c2746e4e757d4e916d71bb54f17b72cf5ae0182eb908d0fcaac1d57defb157cc1ee742ddb1073c437bf010c5e2412a1001eedf34a902e5ffca303ca49bd18e50298af4131433ebb6bc575607c2fd23dde277a8e59891600c1778b35994ff852f0e4ee2e2cfd4fbbdac77c89b6ffbe363eec7a142ce89d9adf35bd3346ccac467488a1b474c803b2fbc76aaa9de81d205e4d431ed10e76233ac64e59001e8e762d176f998add4ae7a31f15259f41919e167a718ea38cadf9a7e776413121ae701de817f2fb6b85cfa47c59c7604f2b0a4166ae05c34f2184dca817fbf9f9220c42ca52a1eff03bb6709cae1ae59cacb04e21e897bd802f952a2f6de66568ee69fe7eac2cae483eba16d2486a3b1a750e02318a4a703319c21f58ce9ec6d3759f22ba87c7339928dc22a5a6a918ce439b44c0cb27e3b02ac9dbb1c3c1aa22d048c78821b30a74be8fbe74bf2c9595debbd29926f72243837766d64cf26202b71a76738b37f285d0c2bbbdbd6260fd756e68b728c9979a57cc87175b46cea08b2428f42d4a"})

3.292081936s ago: executing program 3 (id=1169):
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000040)=""/37)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000000c0), &(0x7f00000005c0)={'syz', 0x3}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000180fffffffd0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a1720eef87d2ac62bdef31000000069c3552a2d9c7356fadec9fe4693cb9156ed22d815b2c765f1a6406b48c61bfe6f4cc5c8455a54295347d1d0e38ca197be866fd36fe1cfcf8b5e6c31d18fd07e0bb66d3d2920670a2e23cbcc954b957a9dfd0349243c2b2da51e2031b0b2b0f179dc8c0209cf16a4092245255616b2360f8a7b61ca063f80915703adf6ef339c92a4f1a99a9398b86e643310c2fd149691f44a985cb6c3cf13e6d9c1b0ec8ece32266c22c8bf10df44fcb85590e7f088ffd4b9644f0f56fba823d7383ddb8b60840863b98aa332182537f9080b778e64ccbdf7dc0939b3014488efad4102b87b594edda1"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a090000000000007f44ee08b1b7113a6f0ecbb1d4000000020000000900010073797a30000000000900030073797a32000000001400000f000000"], 0x54}}, 0x0)
r7 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x1}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f659a", 0x13a, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r5, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x142)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x60000}, 0x20)
creat(0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x3)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
epoll_create1(0x0)

3.258407289s ago: executing program 0 (id=1170):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
unshare(0x28000600)
socket$nl_route(0x10, 0x3, 0x0)
syz_clone3(&(0x7f0000000580)={0x40100, 0x0, 0x0, 0x0, {0x26}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='sys_exit\x00', r7}, 0x10)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
fstatfs(r8, &(0x7f0000000340)=""/244)
sendfile(r6, r5, &(0x7f00000000c0)=0x8e, 0x180000504)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a3000"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)

3.198205853s ago: executing program 1 (id=1171):
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r6 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
tkill(r6, 0xb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, 0x0)
connect$can_j1939(r7, 0x0, 0x0)
sendmsg$nl_route(r0, 0x0, 0x4000)

3.130721768s ago: executing program 4 (id=1172):
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000040)=""/37)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000000c0), &(0x7f00000005c0)={'syz', 0x3}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000180fffffffd0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a1720eef87d2ac62bdef31000000069c3552a2d9c7356fadec9fe4693cb9156ed22d815b2c765f1a6406b48c61bfe6f4cc5c8455a54295347d1d0e38ca197be866fd36fe1cfcf8b5e6c31d18fd07e0bb66d3d2920670a2e23cbcc954b957a9dfd0349243c2b2da51e2031b0b2b0f179dc8c0209cf16a4092245255616b2360f8a7b61ca063f80915703adf6ef339c92a4f1a99a9398b86e643310c2fd149691f44a985cb6c3cf13e6d9c1b0ec8ece32266c22c8bf10df44fcb85590e7f088ffd4b9644f0f56fba823d7383ddb8b60840863b98aa332182537f9080b778e64ccbdf7dc0939b3014488efad4102b87b594edda1"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a090000000000007f44ee08b1b7113a6f0ecbb1d4000000020000000900010073797a30000000000900030073797a32000000001400000f000000"], 0x54}}, 0x0)
r7 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x1}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f659a", 0x13a, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r5, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x142)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x60000}, 0x20)
creat(0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x3)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
epoll_create1(0x0)

1.533027423s ago: executing program 1 (id=1173):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0x1}, 0x6)
write$bt_hci(r3, 0x0, 0x2d)

97.068317ms ago: executing program 3 (id=1174):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x60000, 0x0)
ioctl$TUNGETVNETLE(r2, 0x800454dd, &(0x7f0000000300))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_KEY(r4, &(0x7f0000000180)={0x0, 0x22, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090000000000feffffff0a00000008000300", @ANYRES32=r5, @ANYBLOB="140050808bab09000200000005000200010200000a0006000802110008010000"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000001c0))
openat$kvm(0x0, 0x0, 0x0, 0x0)
dup(r6)
request_key(&(0x7f0000000040)='cifs.idmap\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000200)='/dev/snd/timer\x00', 0xfffffffffffffffe)
syz_open_procfs(0x0, &(0x7f0000000100)='gid_map\x00')
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

93.568987ms ago: executing program 2 (id=1175):
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x8}, [@ldst={0x6, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000100)="ad733642561534f1", 0x8)
listen(r4, 0x3)
newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x6000)
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000340)={r0, 0x0, r5}, 0xc)
accept(r4, &(0x7f0000000040)=@qipcrtr, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c900"], 0x16)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0xc, &(0x7f00000005c0)=ANY=[@ANYRES32=r3, @ANYBLOB="27c73e4c6162f1e37a85e7bb96a0562ae4a03c4ada63c3799a12e4e5ced4b743a091bcc8044ae8419fb1f2725f75b934f90f1c3c236331ac18c92e868d0f2c4f64ca5ac9a5c8b1a8966ff5d89a39a61fb47f3c35bd88d727118344278cfa341971f194ade5b5e872cadf140eb8ffb96661", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095", @ANYRES8=r6], 0x0, 0x4000018, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00'}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 4 (id=1176):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x60000, 0x0)
ioctl$TUNGETVNETLE(r2, 0x800454dd, &(0x7f0000000300))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_KEY(r4, &(0x7f0000000180)={0x0, 0x22, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090000000000feffffff0a00000008000300", @ANYRES32=r5, @ANYBLOB="140050808bab09000200000005000200010200000a0006000802110008010000"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
ioctl$SOUND_MIXER_READ_RECSRC(r7, 0x80044dff, &(0x7f00000001c0))
openat$kvm(0x0, 0x0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x30}}, 0x0)

kernel console output (not intermixed with test programs):

16][ T7371] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  205.390264][ T5902] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  205.673839][  T971] libceph: connect (1)[c::]:6789 error -101
[  205.680114][ T5902] usb 5-1: Using ep0 maxpacket: 16
[  205.689143][ T5902] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  205.713033][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  205.730831][ T5902] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  205.891987][ T7377] ceph: No mds server is up or the cluster is laggy
[  206.561566][ T5903] libceph: connect (1)[c::]:6789 error -101
[  206.567665][ T5903] libceph: mon0 (1)[c::]:6789 connect error
[  206.597525][ T5902] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  206.619242][ T5902] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  206.643834][ T5896] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  206.698731][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.746105][ T5896] usb 4-1: USB disconnect, device number 5
[  206.803325][ T5902] usb 5-1: Product: syz
[  206.807555][ T5902] usb 5-1: Manufacturer: syz
[  206.822872][ T5902] usb 5-1: SerialNumber: syz
[  207.150475][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  208.253261][ T7402] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  208.764293][ T5902] usb 5-1: 0:2 : does not exist
[  209.302830][ T5868] libceph: connect (1)[c::]:6789 error -101
[  209.320233][ T5868] libceph: mon0 (1)[c::]:6789 connect error
[  209.332041][ T7419] ceph: No mds server is up or the cluster is laggy
[  209.482664][ T7416] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7416 comm=syz.3.320
[  209.710293][ T5903] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  209.744248][ T5896] IPVS: starting estimator thread 0...
[  209.860043][ T7426] IPVS: using max 31 ests per chain, 74400 per kthread
[  209.940054][ T5903] usb 2-1: Using ep0 maxpacket: 32
[  209.954828][ T5903] usb 2-1: config 0 interface 0 has no altsetting 0
[  209.973428][ T5903] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  209.990444][ T5903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.001537][ T5903] usb 2-1: Product: syz
[  210.006544][ T5903] usb 2-1: Manufacturer: syz
[  210.013461][ T5903] usb 2-1: SerialNumber: syz
[  210.023321][ T5903] usb 2-1: config 0 descriptor??
[  210.056478][ T5903] gs_usb 2-1:0.0: Required endpoints not found
[  210.130408][ T7432] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  210.170026][  T971] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  210.214042][ T5902] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1)
[  210.601090][ T7431] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  210.650577][ T5902] usb 5-1: USB disconnect, device number 6
[  210.745659][  T971] usb 3-1: Using ep0 maxpacket: 16
[  210.776205][  T971] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  210.799999][  T971] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  210.812000][  T971] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  210.923918][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  210.963286][  T971] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  210.974602][  T971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.007162][  T971] usb 3-1: Product: syz
[  211.060660][  T971] usb 3-1: Manufacturer: syz
[  211.073280][  T971] usb 3-1: SerialNumber: syz
[  211.856530][ T7445] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7445 comm=syz.4.328
[  212.558399][  T971] usb 3-1: 0:2 : does not exist
[  213.082874][ T5902] usb 2-1: USB disconnect, device number 4
[  213.209492][  T971] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  213.284800][  T971] usb 3-1: USB disconnect, device number 5
[  214.009668][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  214.355345][ T7474] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7474 comm=syz.4.333
[  214.367454][ T5903] libceph: connect (1)[c::]:6789 error -101
[  214.501387][ T7471] ceph: No mds server is up or the cluster is laggy
[  215.030100][ T5903] libceph: mon0 (1)[c::]:6789 connect error
[  216.887228][ T7493] netlink: 12 bytes leftover after parsing attributes in process `syz.2.338'.
[  216.926808][ T7492] Process accounting resumed
[  217.847899][ T7502] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  218.792191][ T7509] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  220.398098][ T7519] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  220.462369][ T7519] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  220.477950][ T7519] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  220.488624][ T7519] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  220.539607][ T7519] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  220.638329][ T7527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.349'.
[  220.835131][  T971] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  222.049967][  T971] usb 2-1: Using ep0 maxpacket: 16
[  222.074937][  T971] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  222.084157][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout
[  222.319925][ T7540] Zero length message leads to an empty skb
[  222.899929][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout
[  222.906006][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout
[  222.912077][ T5130] Bluetooth: hci1: command 0x0c1a tx timeout
[  222.918087][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  223.070091][  T971] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  223.083731][  T971] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  223.831555][  T971] usb 2-1: string descriptor 0 read error: -71
[  223.875941][  T971] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  223.942510][  T971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.022275][  T971] usb 2-1: can't set config #1, error -71
[  224.039998][  T971] usb 2-1: USB disconnect, device number 5
[  224.150094][ T7554] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  224.636735][ T7560] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7560 comm=syz.0.357
[  224.732199][ T5868] libceph: connect (1)[c::]:6789 error -101
[  224.900964][ T5868] libceph: mon0 (1)[c::]:6789 connect error
[  224.982549][ T7561] ceph: No mds server is up or the cluster is laggy
[  225.206769][ T5896] libceph: connect (1)[c::]:6789 error -101
[  225.376800][ T7575] ceph: No mds server is up or the cluster is laggy
[  225.449230][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[  225.692333][ T5130] Bluetooth: hci1: command 0x0c1a tx timeout
[  226.375277][ T7588] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  226.526385][ T7588] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  226.558222][ T7588] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  226.570191][ T7588] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  226.598236][ T7588] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  227.143106][ T7603] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  227.152811][ T7603] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  227.298134][ T5834] Bluetooth: hci1: ACL packet too small
[  227.304527][ T7609] netlink: 'syz.0.366': attribute type 1 has an invalid length.
[  227.377410][ T7609] 8021q: adding VLAN 0 to HW filter on device bond3
[  227.510507][ T5868] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  227.659936][ T5868] usb 4-1: Using ep0 maxpacket: 16
[  227.689996][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout
[  227.702699][ T5868] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  227.749061][ T5868] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  227.770836][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  227.792914][ T5868] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  227.814843][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.831836][ T5868] usb 4-1: Product: syz
[  227.842362][ T5868] usb 4-1: Manufacturer: syz
[  227.852609][ T5868] usb 4-1: SerialNumber: syz
[  228.580200][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout
[  228.586290][ T5130] Bluetooth: hci1: command 0x0c1a tx timeout
[  228.843111][ T5130] Bluetooth: hci3: command 0x0c1a tx timeout
[  228.849198][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  229.078823][ T5868] usb 4-1: 0:2 : does not exist
[  229.548991][ T5896] libceph: connect (1)[c::]:6789 error -101
[  229.708443][ T7633] ceph: No mds server is up or the cluster is laggy
[  230.505169][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[  230.537369][ T5868] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  230.600192][ T5868] usb 4-1: USB disconnect, device number 6
[  231.020989][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  231.845500][ T7648] syz.2.375: attempt to access beyond end of device
[  231.845500][ T7648] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0
[  232.035762][ T7659] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  232.330126][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  234.205205][ T7671] ceph: No mds server is up or the cluster is laggy
[  234.212298][ T5868] libceph: connect (1)[c::]:6789 error -101
[  234.239983][ T5868] libceph: mon0 (1)[c::]:6789 connect error
[  236.829957][  T971] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  237.656980][  T971] usb 3-1: Using ep0 maxpacket: 16
[  237.706246][  T971] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  237.716923][  T971] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  237.733234][  T971] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  237.746444][  T971] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  237.756154][  T971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.923105][  T971] usb 3-1: Product: syz
[  237.933872][  T971] usb 3-1: Manufacturer: syz
[  237.938492][  T971] usb 3-1: SerialNumber: syz
[  238.183429][ T7710] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  239.091459][  T971] usb 3-1: 0:2 : does not exist
[  239.391305][ T7723] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  240.230126][ T7730] ceph: No mds server is up or the cluster is laggy
[  240.237978][ T7729] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7729 comm=syz.4.391
[  240.266238][   T51] libceph: connect (1)[c::]:6789 error -101
[  240.273272][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  240.755152][  T971] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  240.877809][  T971] usb 3-1: USB disconnect, device number 6
[  241.608966][ T7745] Process accounting resumed
[  241.710551][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  242.044898][  T971] libceph: connect (1)[c::]:6789 error -101
[  242.070033][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  242.116157][ T7760] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7760 comm=syz.4.396
[  242.436455][  T971] libceph: connect (1)[c::]:6789 error -101
[  242.443218][ T7746] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  242.449544][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  242.457751][ T7746] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  242.464110][ T7746] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  242.470578][ T7746] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  242.499083][ T7746] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  242.507220][ T7764] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  242.632065][ T7756] ceph: No mds server is up or the cluster is laggy
[  243.770154][ T5130] Bluetooth: hci0: command 0x0c1a tx timeout
[  244.354644][ T7781] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7781 comm=syz.2.402
[  244.510152][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout
[  244.516275][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout
[  244.522406][ T5820] Bluetooth: hci1: command 0x0c1a tx timeout
[  244.580152][ T5827] Bluetooth: hci4: command 0x0405 tx timeout
[  245.433870][ T7787] ceph: No mds server is up or the cluster is laggy
[  245.442103][ T5868] libceph: connect (1)[c::]:6789 error -101
[  245.468583][ T5868] libceph: mon0 (1)[c::]:6789 connect error
[  245.890018][ T5869] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  246.642350][ T7801] Process accounting resumed
[  246.650093][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  246.841447][   T29] audit: type=1400 audit(1740821557.318:232): avc:  denied  { ioctl } for  pid=7797 comm="syz.1.405" path="socket:[21602]" dev="sockfs" ino=21602 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  246.881530][ T5869] usb 3-1: Using ep0 maxpacket: 16
[  247.229937][   T29] audit: type=1400 audit(1740821557.328:233): avc:  denied  { bind } for  pid=7797 comm="syz.1.405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  247.269684][   T29] audit: type=1400 audit(1740821557.328:234): avc:  denied  { name_bind } for  pid=7797 comm="syz.1.405" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  247.290635][ T5869] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  247.310135][ T5869] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  247.337437][   T29] audit: type=1400 audit(1740821557.328:235): avc:  denied  { node_bind } for  pid=7797 comm="syz.1.405" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  247.337565][ T5869] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  247.532126][ T5869] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  247.545765][   T29] audit: type=1400 audit(1740821557.338:236): avc:  denied  { write } for  pid=7797 comm="syz.1.405" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  247.569899][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.571000][   T29] audit: type=1400 audit(1740821557.338:237): avc:  denied  { name_connect } for  pid=7797 comm="syz.1.405" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  247.602738][ T5869] usb 3-1: Product: syz
[  247.612200][ T5869] usb 3-1: Manufacturer: syz
[  247.616823][ T5869] usb 3-1: SerialNumber: syz
[  248.868847][ T7822] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  249.310687][ T7824] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  251.240649][ T7839] syz.1.416: attempt to access beyond end of device
[  251.240649][ T7839] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  251.405259][ T5869] usb 3-1: 0:2 : does not exist
[  251.428924][ T5869] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  252.518275][ T5869] usb 3-1: USB disconnect, device number 7
[  252.626248][ T7852] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7852 comm=syz.0.417
[  253.021677][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  253.239237][ T7865] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  255.152426][ T7887] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  255.995205][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  256.003246][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  258.015848][ T7908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7908 comm=syz.2.431
[  258.176600][ T7909] ceph: No mds server is up or the cluster is laggy
[  258.183816][ T5869] libceph: connect (1)[c::]:6789 error -101
[  258.210909][ T5869] libceph: mon0 (1)[c::]:6789 connect error
[  258.221676][ T7901] syz.1.429: attempt to access beyond end of device
[  258.221676][ T7901] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  259.201510][ T7924] netlink: 12 bytes leftover after parsing attributes in process `syz.2.434'.
[  259.290808][   T29] audit: type=1401 audit(1740821569.568:238): op=fscreate invalid_context="}"
[  259.993768][ T7926] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  260.030549][ T7926] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  260.492199][   T29] audit: type=1401 audit(1740821571.028:239): op=fscreate invalid_context="}"
[  260.538894][ T7926] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  260.994686][ T7926] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  261.060098][ T7926] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  261.387940][ T7937] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  261.510586][ T5867] libceph: connect (1)[c::]:6789 error -101
[  261.553431][ T5867] libceph: mon0 (1)[c::]:6789 connect error
[  261.737469][ T7941] ceph: No mds server is up or the cluster is laggy
[  262.054005][ T5130] Bluetooth: hci0: command 0x0c1a tx timeout
[  262.153644][ T5130] Bluetooth: hci1: command 0x0c1a tx timeout
[  262.570047][ T5820] Bluetooth: hci2: command 0x0c1a tx timeout
[  263.050003][ T5820] Bluetooth: hci3: command 0x0c1a tx timeout
[  263.540163][ T5827] Bluetooth: hci4: command 0x0405 tx timeout
[  265.661209][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  267.461683][ T7983] Process accounting resumed
[  267.545550][ T7979] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  267.848209][ T5130] Bluetooth: hci4: ACL packet too small
[  268.180769][ T7995] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  270.986918][ T8006] Process accounting resumed
[  271.190039][ T5869] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  271.510700][ T5869] usb 1-1: Using ep0 maxpacket: 32
[  271.517701][ T5869] usb 1-1: config 0 interface 0 has no altsetting 0
[  271.542842][ T5869] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  271.560794][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.576595][ T5869] usb 1-1: Product: syz
[  271.590988][ T5869] usb 1-1: Manufacturer: syz
[  271.595712][ T5869] usb 1-1: SerialNumber: syz
[  272.541934][ T5869] usb 1-1: config 0 descriptor??
[  272.556877][ T5869] usb 1-1: can't set config #0, error -71
[  272.589139][ T5869] usb 1-1: USB disconnect, device number 6
[  273.927961][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  274.321338][ T8032] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  274.846250][ T8043] syz.0.463: attempt to access beyond end of device
[  274.846250][ T8043] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[  275.271904][ T8053] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  275.465271][ T8056] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  276.259915][ T5130] Bluetooth: hci3: ACL packet too small
[  276.266650][ T8070] netlink: 'syz.1.469': attribute type 1 has an invalid length.
[  276.443490][ T8070] 8021q: adding VLAN 0 to HW filter on device bond1
[  277.191951][ T8071] netlink: 4 bytes leftover after parsing attributes in process `syz.3.468'.
[  277.300248][ T5130] Bluetooth: hci1: ACL packet too small
[  277.315913][ T8087] netlink: 'syz.0.471': attribute type 1 has an invalid length.
[  277.449391][ T8087] 8021q: adding VLAN 0 to HW filter on device bond4
[  278.744029][ T5130] Bluetooth: hci1: command 0x0c1a tx timeout
[  279.724172][ T5130] Bluetooth: hci3: command 0x0c1a tx timeout
[  280.083363][ T8104] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  281.915764][ T8122] Process accounting resumed
[  282.427071][ T8129] syz.4.482: attempt to access beyond end of device
[  282.427071][ T8129] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0
[  285.765190][ T8163] No control pipe specified
[  285.976404][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  287.097165][ T8175] netlink: 12 bytes leftover after parsing attributes in process `syz.3.489'.
[  290.470948][ T8204] syz.0.497: attempt to access beyond end of device
[  290.470948][ T8204] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[  292.227733][ T8223] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  292.729244][ T8213] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  294.311886][ T5903] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  294.789938][ T5903] usb 1-1: Using ep0 maxpacket: 32
[  294.802441][ T5903] usb 1-1: config 0 interface 0 has no altsetting 0
[  294.841588][ T5903] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  294.899928][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.907957][ T5903] usb 1-1: Product: syz
[  294.913259][ T8245] No control pipe specified
[  295.536795][ T5903] usb 1-1: Manufacturer: syz
[  295.671900][ T5903] usb 1-1: SerialNumber: syz
[  295.971800][ T5903] usb 1-1: config 0 descriptor??
[  296.027211][ T5903] usb 1-1: can't set config #0, error -71
[  296.129720][ T5903] usb 1-1: USB disconnect, device number 7
[  297.045027][ T8260] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  297.060463][ T8260] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  297.092099][ T8260] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  297.098854][ T8260] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  297.107316][ T8260] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  298.329943][ T5130] Bluetooth: hci0: command 0x0c1a tx timeout
[  298.656304][ T8287] ceph: No mds server is up or the cluster is laggy
[  298.748559][ T8291] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8291 comm=syz.1.515
[  298.835933][ T5903] libceph: connect (1)[c::]:6789 error -101
[  298.847569][ T5867] libceph: connect (1)[c::]:6789 error -101
[  298.871250][ T5903] libceph: mon0 (1)[c::]:6789 connect error
[  298.892130][ T5867] libceph: mon0 (1)[c::]:6789 connect error
[  299.131067][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  299.138552][ T5130] Bluetooth: hci3: command 0x0c1a tx timeout
[  299.157814][ T5820] Bluetooth: hci1: command 0x0c1a tx timeout
[  299.191012][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout
[  299.214899][ T5867] libceph: connect (1)[c::]:6789 error -101
[  299.308097][ T5867] libceph: mon0 (1)[c::]:6789 connect error
[  299.452821][ T8290] ceph: No mds server is up or the cluster is laggy
[  301.216084][ T8290] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8290 comm=syz.4.516
[  303.994491][ T8334] ceph: No mds server is up or the cluster is laggy
[  304.009932][    T9] libceph: connect (1)[c::]:6789 error -101
[  304.167668][ T8338] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8338 comm=syz.2.524
[  304.259513][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  304.413894][ T5827] Bluetooth: hci1: ACL packet too small
[  304.420495][ T8346] netlink: 'syz.0.528': attribute type 1 has an invalid length.
[  306.402191][ T5827] Bluetooth: hci4: command 0x0405 tx timeout
[  307.239394][ T8371] syz.0.534: attempt to access beyond end of device
[  307.239394][ T8371] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[  310.932922][ T8410] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  311.792438][ T8403] netlink: 'syz.1.542': attribute type 1 has an invalid length.
[  312.363993][ T8421] ceph: No mds server is up or the cluster is laggy
[  312.576175][ T5869] libceph: connect (1)[c::]:6789 error -101
[  312.593413][ T5869] libceph: mon0 (1)[c::]:6789 connect error
[  314.630675][    T9] libceph: connect (1)[c::]:6789 error -101
[  314.636996][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  314.829635][ T8456] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8456 comm=syz.0.550
[  314.844354][    T9] libceph: connect (1)[c::]:6789 error -101
[  314.852258][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  314.862619][ T8453] ceph: No mds server is up or the cluster is laggy
[  314.931273][ T8459] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  314.943779][    T9] libceph: connect (1)[c::]:6789 error -101
[  314.982019][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  315.207821][ T8453] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8453 comm=syz.4.552
[  315.255586][ T8446] ceph: No mds server is up or the cluster is laggy
[  315.993492][ T8464] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8464 comm=syz.3.553
[  317.197759][ T8472] syz.3.555: attempt to access beyond end of device
[  317.197759][ T8472] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[  317.281041][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  317.287349][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  317.664296][ T8485] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  318.498650][ T8488] syz.1.557: attempt to access beyond end of device
[  318.498650][ T8488] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  320.720505][ T8511] netlink: 'syz.1.561': attribute type 1 has an invalid length.
[  320.935536][ T8521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.562'.
[  321.053722][  T971] libceph: connect (1)[c::]:6789 error -101
[  321.060942][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  321.453582][ T8520] ceph: No mds server is up or the cluster is laggy
[  321.719732][ T8520] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8520 comm=syz.4.564
[  322.987004][ T8538] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  323.410400][ T5902] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  324.637877][ T5902] usb 1-1: Using ep0 maxpacket: 32
[  324.670154][ T5902] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  324.678869][ T5902] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  325.026043][ T8546] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8546 comm=syz.3.570
[  325.046883][ T8548] ceph: No mds server is up or the cluster is laggy
[  325.066796][  T971] libceph: connect (1)[c::]:6789 error -101
[  325.088633][ T5902] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  325.102133][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  325.138452][ T5902] usb 1-1: string descriptor 0 read error: -71
[  325.212578][ T5902] usb 1-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  325.256910][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.967860][ T5902] usb 1-1: config 0 descriptor??
[  325.980525][ T5902] usb 1-1: can't set config #0, error -71
[  326.086545][ T5902] usb 1-1: USB disconnect, device number 8
[  327.809233][ T8569] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8569 comm=syz.4.576
[  327.952776][ T8570] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  328.854366][ T8584] netlink: 'syz.4.578': attribute type 1 has an invalid length.
[  329.120387][    T9] libceph: connect (1)[c::]:6789 error -101
[  329.130778][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  329.931417][ T8588] ceph: No mds server is up or the cluster is laggy
[  330.208098][ T8588] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8588 comm=syz.3.577
[  330.411029][ T5867] libceph: connect (1)[c::]:6789 error -101
[  330.502233][ T8602] ceph: No mds server is up or the cluster is laggy
[  330.610035][ T5867] libceph: mon0 (1)[c::]:6789 connect error
[  330.681151][ T8606] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8606 comm=syz.2.581
[  332.320494][ T8623] netlink: 48 bytes leftover after parsing attributes in process `syz.0.588'.
[  335.200567][   T51] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  335.450610][   T51] usb 3-1: Using ep0 maxpacket: 16
[  335.496068][   T51] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  335.729986][   T51] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  336.073216][   T51] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  336.086142][   T51] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  336.121439][ T8655] Process accounting resumed
[  336.286748][   T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.294945][   T51] usb 3-1: Product: syz
[  336.299237][   T51] usb 3-1: Manufacturer: syz
[  336.507992][   T51] usb 3-1: SerialNumber: syz
[  336.924411][   T29] audit: type=1401 audit(1740821647.468:240): op=fscreate invalid_context="}"
[  337.406260][ T8670] netlink: 48 bytes leftover after parsing attributes in process `syz.4.600'.
[  340.653253][   T51] usb 3-1: 0:2 : does not exist
[  340.682543][   T51] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  340.927807][   T51] usb 3-1: USB disconnect, device number 8
[  342.216770][ T8704] Process accounting resumed
[  343.485019][ T8722] netlink: 48 bytes leftover after parsing attributes in process `syz.4.611'.
[  343.764150][   T29] audit: type=1401 audit(1740821654.298:241): op=fscreate invalid_context="}"
[  344.449265][   T29] audit: type=1401 audit(1740821654.998:242): op=fscreate invalid_context="}"
[  346.138639][ T8734] Process accounting resumed
[  351.209693][ T8774] netlink: 48 bytes leftover after parsing attributes in process `syz.4.623'.
[  351.556497][   T29] audit: type=1401 audit(1740821662.108:243): op=fscreate invalid_context="}"
[  352.264299][ T8782] Process accounting resumed
[  352.627217][ T8790] netlink: 4 bytes leftover after parsing attributes in process `syz.0.620'.
[  353.882228][ T8799] Process accounting resumed
[  354.422718][ T8812] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  356.845951][ T8827] netlink: 48 bytes leftover after parsing attributes in process `syz.0.634'.
[  357.012673][ T5902] libceph: connect (1)[c::]:6789 error -101
[  357.024064][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  357.120345][ T8834] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8834 comm=syz.3.635
[  357.133254][ T8831] ceph: No mds server is up or the cluster is laggy
[  357.980161][ T8840] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  358.370511][   T29] audit: type=1401 audit(1740821668.918:244): op=fscreate invalid_context="}"
[  358.873536][ T8844] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  358.969073][ T8852] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  360.652752][ T8856] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8856 comm=syz.0.641
[  360.829561][ T8857] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  362.799960][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  363.208453][ T8886] netlink: 8 bytes leftover after parsing attributes in process `syz.1.647'.
[  365.273295][   T29] audit: type=1401 audit(1740821675.818:245): op=fscreate invalid_context="}"
[  365.833436][   T29] audit: type=1401 audit(1740821676.358:246): op=fscreate invalid_context="}"
[  366.599636][ T5902] libceph: connect (1)[c::]:6789 error -101
[  367.096768][ T8923] ceph: No mds server is up or the cluster is laggy
[  367.556235][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  369.435898][ T8942] netlink: 8 bytes leftover after parsing attributes in process `syz.3.660'.
[  371.171511][ T8945] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  371.352666][ T8955] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  371.589953][ T5902] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  371.680614][   T29] audit: type=1401 audit(1740821682.228:247): op=fscreate invalid_context="}"
[  372.253250][ T5827] Bluetooth: hci4: command 0x0405 tx timeout
[  372.339912][ T5902] usb 5-1: Using ep0 maxpacket: 16
[  372.368802][ T5902] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  372.410139][ T5902] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  372.448619][ T5902] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  372.497077][ T5902] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  372.558599][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.598759][ T5902] usb 5-1: Product: syz
[  372.608787][ T5902] usb 5-1: Manufacturer: syz
[  372.625144][ T5902] usb 5-1: SerialNumber: syz
[  373.639492][ T8983] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  375.154928][ T5902] usb 5-1: 0:2 : does not exist
[  376.344400][ T8996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.673'.
[  376.985867][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888053364800: rx timeout, send abort
[  376.995647][    C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff888053364800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  377.529601][ T5902] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1)
[  377.742149][ T5902] usb 5-1: USB disconnect, device number 7
[  377.946381][ T9014] netlink: 4 bytes leftover after parsing attributes in process `syz.2.675'.
[  378.560033][   T29] audit: type=1401 audit(1740821688.458:248): op=fscreate invalid_context="}"
[  378.662574][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  378.669029][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  378.751986][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  379.183003][ T9020] syz.4.679: attempt to access beyond end of device
[  379.183003][ T9020] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0
[  379.363111][ T9025] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  381.525453][ T9049] Process accounting resumed
[  384.487768][ T9067] ceph: No mds server is up or the cluster is laggy
[  384.880245][    T9] libceph: connect (1)[c::]:6789 error -101
[  384.886296][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  386.159818][   T29] audit: type=1401 audit(1740821696.408:249): op=fscreate invalid_context="}"
[  386.873570][ T9094] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  387.335945][ T9098] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9098 comm=syz.1.696
[  388.527167][   T25] libceph: connect (1)[c::]:6789 error -101
[  388.698812][ T9107] ceph: No mds server is up or the cluster is laggy
[  388.708300][ T5896] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  388.801075][ T9109] Process accounting resumed
[  388.865369][   T25] libceph: mon0 (1)[c::]:6789 connect error
[  389.040301][ T5896] usb 1-1: Using ep0 maxpacket: 16
[  389.497301][ T5896] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  390.272457][ T5896] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  390.336406][ T5896] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  390.371811][ T5896] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  390.400135][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.408154][ T5896] usb 1-1: Product: syz
[  390.432081][ T5896] usb 1-1: Manufacturer: syz
[  390.458170][ T5896] usb 1-1: SerialNumber: syz
[  390.706396][ T9133] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9133 comm=syz.1.703
[  390.855247][ T9131] ceph: No mds server is up or the cluster is laggy
[  390.862984][ T5867] libceph: connect (1)[c::]:6789 error -101
[  390.869016][ T5867] libceph: mon0 (1)[c::]:6789 connect error
[  390.875672][ T5896] usb 1-1: 0:2 : does not exist
[  390.914411][ T5896] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1)
[  390.949375][ T5896] usb 1-1: USB disconnect, device number 9
[  391.651377][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  393.050009][ T5903] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  393.906193][ T9158] Process accounting resumed
[  393.981904][ T5903] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  394.111845][ T5903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.128055][ T5903] usb 2-1: Product: syz
[  394.148187][ T5903] usb 2-1: Manufacturer: syz
[  394.159494][ T5903] usb 2-1: SerialNumber: syz
[  394.311065][ T5903] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  394.967643][ T5902] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  395.389510][ T5867] usb 2-1: USB disconnect, device number 6
[  396.623820][ T5902] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  396.640336][ T5902] ath9k_htc: Failed to initialize the device
[  396.653158][ T5867] usb 2-1: ath9k_htc: USB layer deinitialized
[  396.899952][ T5903] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  397.132601][ T9182] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  397.829923][ T5903] usb 1-1: Using ep0 maxpacket: 16
[  397.857128][ T5903] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  397.932701][ T5903] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  397.971657][ T5903] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  398.000382][ T5903] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  398.040021][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.048041][ T5903] usb 1-1: Product: syz
[  398.069431][ T5903] usb 1-1: Manufacturer: syz
[  398.091445][ T5903] usb 1-1: SerialNumber: syz
[  398.226091][ T9186] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  398.792246][ T5896] libceph: connect (1)[c::]:6789 error -101
[  398.801280][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[  398.874978][ T9194] ceph: No mds server is up or the cluster is laggy
[  399.013389][ T9200] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9200 comm=syz.4.721
[  400.169271][ T5896] libceph: connect (1)[c::]:6789 error -101
[  400.215894][ T9215] ceph: No mds server is up or the cluster is laggy
[  400.934836][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[  400.954325][ T5903] usb 1-1: 0:2 : does not exist
[  401.025419][   T29] audit: type=1400 audit(1740821711.558:250): avc:  denied  { read append } for  pid=9212 comm="syz.2.725" name="event0" dev="devtmpfs" ino=918 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  401.027228][ T8989] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  401.087879][ T9210] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  401.116231][   T29] audit: type=1400 audit(1740821711.558:251): avc:  denied  { open } for  pid=9212 comm="syz.2.725" path="/dev/input/event0" dev="devtmpfs" ino=918 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  401.184420][   T29] audit: type=1400 audit(1740821711.558:252): avc:  denied  { append } for  pid=9212 comm="syz.2.725" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  401.245655][   T29] audit: type=1400 audit(1740821711.558:253): avc:  denied  { open } for  pid=9212 comm="syz.2.725" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  401.251527][ T5896] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  401.270291][ T8989] usb 4-1: Using ep0 maxpacket: 32
[  401.291609][ T5903] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1)
[  401.299553][ T8989] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  401.320923][ T8989] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  401.338067][ T5903] usb 1-1: USB disconnect, device number 10
[  401.364329][ T8989] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  401.396972][ T8989] usb 4-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  401.420585][ T8989] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.439134][ T8989] usb 4-1: Product: syz
[  401.445710][ T8989] usb 4-1: Manufacturer: syz
[  401.827075][ T9233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.726'.
[  402.356803][ T5896] usb 3-1: Using ep0 maxpacket: 16
[  402.400878][ T5896] usb 3-1: config 55 has an invalid interface number: 39 but max is 2
[  402.403671][ T8989] usb 4-1: SerialNumber: syz
[  402.415728][ T8989] usb 4-1: config 0 descriptor??
[  402.430007][ T5896] usb 3-1: config 55 has an invalid interface number: 86 but max is 2
[  402.438985][ T5896] usb 3-1: config 55 contains an unexpected descriptor of type 0x1, skipping
[  402.447956][ T5896] usb 3-1: config 55 has an invalid interface number: 16 but max is 2
[  402.469276][ T5896] usb 3-1: config 55 contains an unexpected descriptor of type 0x2, skipping
[  402.566138][ T5896] usb 3-1: config 55 has no interface number 0
[  402.572530][ T5896] usb 3-1: config 55 has no interface number 1
[  402.578718][ T5896] usb 3-1: config 55 has no interface number 2
[  402.585169][ T5896] usb 3-1: config 55 interface 39 altsetting 252 endpoint 0xA has invalid maxpacket 512, setting to 64
[  402.596446][ T5896] usb 3-1: config 55 interface 86 altsetting 8 has a duplicate endpoint with address 0x7, skipping
[  402.607375][ T5896] usb 3-1: config 55 interface 86 altsetting 8 has a duplicate endpoint with address 0xC, skipping
[  402.619974][ T5867] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  402.650314][ T5896] usb 3-1: config 55 interface 16 altsetting 9 endpoint 0x6 has an invalid bInterval 113, changing to 7
[  402.682082][ T5896] usb 3-1: config 55 interface 16 altsetting 9 has a duplicate endpoint with address 0xF, skipping
[  402.780523][ T6096] udevd[6096]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  402.800340][   T29] audit: type=1400 audit(1740821713.248:254): avc:  denied  { create } for  pid=9206 comm="syz.3.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  402.832090][ T9239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.872577][ T5896] usb 3-1: config 55 interface 16 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  402.874162][ T9239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.899355][ T5896] usb 3-1: config 55 interface 16 altsetting 9 endpoint 0x3 has an invalid bInterval 64, changing to 10
[  402.909928][   T29] audit: type=1400 audit(1740821713.258:255): avc:  denied  { bind } for  pid=9206 comm="syz.3.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  402.912898][ T5867] usb 5-1: Using ep0 maxpacket: 32
[  402.935490][ T5896] usb 3-1: config 55 interface 16 altsetting 9 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  402.946999][ T5896] usb 3-1: config 55 interface 16 altsetting 9 has a duplicate endpoint with address 0x9, skipping
[  403.011173][ T9241] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  403.514482][   T29] audit: type=1400 audit(1740821713.258:256): avc:  denied  { connect } for  pid=9206 comm="syz.3.722" lport=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  403.624749][ T9208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.635393][ T5896] usb 3-1: config 55 interface 16 altsetting 9 has a duplicate endpoint with address 0x4, skipping
[  403.649572][ T5867] usb 5-1: config 0 interface 0 has no altsetting 0
[  403.670868][ T5896] usb 3-1: config 55 interface 16 altsetting 9 has a duplicate endpoint with address 0x2, skipping
[  403.673796][ T9245] FAULT_INJECTION: forcing a failure.
[  403.673796][ T9245] name failslab, interval 1, probability 0, space 0, times 1
[  403.683361][ T5867] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  403.699181][ T9245] CPU: 0 UID: 0 PID: 9245 Comm: syz.1.731 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[  403.699211][ T9245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  403.699222][ T9245] Call Trace:
[  403.699228][ T9245]  <TASK>
[  403.699237][ T9245]  dump_stack_lvl+0x16c/0x1f0
[  403.699264][ T9245]  should_fail_ex+0x50a/0x650
[  403.699290][ T9245]  ? fs_reclaim_acquire+0xae/0x150
[  403.699317][ T9245]  should_failslab+0xc2/0x120
[  403.699338][ T9245]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  403.699357][ T9245]  ? getname_flags.part.0+0x4c/0x550
[  403.699384][ T9245]  getname_flags.part.0+0x4c/0x550
[  403.699405][ T9245]  ? __might_fault+0x13b/0x190
[  403.699427][ T9245]  getname+0x8d/0xe0
[  403.699451][ T9245]  do_sys_openat2+0x104/0x1e0
[  403.699472][ T9245]  ? __pfx_do_sys_openat2+0x10/0x10
[  403.699492][ T9245]  ? __might_fault+0xe3/0x190
[  403.699513][ T9245]  ? __might_fault+0xe3/0x190
[  403.699539][ T9245]  __do_sys_openat2+0x1c1/0x2d0
[  403.699560][ T9245]  ? __pfx___do_sys_openat2+0x10/0x10
[  403.699580][ T9245]  ? ksys_write+0x1ba/0x250
[  403.699614][ T9245]  do_syscall_64+0xcd/0x250
[  403.699638][ T9245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.699662][ T9245] RIP: 0033:0x7f242358d169
[  403.699679][ T9245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.699699][ T9245] RSP: 002b:00007f2424302038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5
[  403.699716][ T9245] RAX: ffffffffffffffda RBX: 00007f24237a5fa0 RCX: 00007f242358d169
[  403.699728][ T9245] RDX: 0000400000000080 RSI: 00004000000000c0 RDI: ffffffffffffff9c
[  403.699740][ T9245] RBP: 00007f2424302090 R08: 0000000000000000 R09: 0000000000000000
[  403.699751][ T9245] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  403.699761][ T9245] R13: 0000000000000000 R14: 00007f24237a5fa0 R15: 00007ffc34b580a8
[  403.699784][ T9245]  </TASK>
[  403.960065][ T5896] usb 3-1: config 55 interface 16 altsetting 9 has a duplicate endpoint with address 0x2, skipping
[  403.971142][ T5896] usb 3-1: config 55 interface 16 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  403.982404][ T5896] usb 3-1: config 55 interface 16 altsetting 9 has a duplicate endpoint with address 0x1, skipping
[  403.993162][ T5896] usb 3-1: config 55 interface 39 has no altsetting 0
[  404.036489][ T9243] netlink: 16 bytes leftover after parsing attributes in process `syz.0.730'.
[  404.046493][ T5896] usb 3-1: config 55 interface 86 has no altsetting 0
[  404.451470][ T8989] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  404.699363][ T9208] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  404.707233][ T5896] usb 3-1: config 55 interface 16 has no altsetting 0
[  404.820067][ T5896] usb 3-1: string descriptor 0 read error: -71
[  404.839289][ T5903] usb 4-1: USB disconnect, device number 7
[  404.855740][ T5896] usb 3-1: New USB device found, idVendor=19d2, idProduct=ffb9, bcdDevice=e0.e2
[  404.909934][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.011720][ T8989] usb 2-1: Using ep0 maxpacket: 32
[  405.028695][ T5896] usb 3-1: can't set config #55, error -71
[  405.120392][ T8989] usb 2-1: config 0 interface 0 has no altsetting 0
[  405.146580][ T5896] usb 3-1: USB disconnect, device number 9
[  405.149124][ T8989] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  405.169983][   T29] audit: type=1400 audit(1740821715.608:257): avc:  denied  { create } for  pid=9242 comm="syz.0.730" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  405.282122][ T8989] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.670457][ T8989] usb 2-1: Product: syz
[  405.675438][ T8989] usb 2-1: Manufacturer: syz
[  405.680322][ T8989] usb 2-1: SerialNumber: syz
[  405.694589][ T8989] usb 2-1: config 0 descriptor??
[  405.701115][ T8989] gs_usb 2-1:0.0: Required endpoints not found
[  405.740483][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.748644][ T5867] usb 5-1: Product: syz
[  405.753326][ T5867] usb 5-1: Manufacturer: syz
[  405.758315][ T5867] usb 5-1: SerialNumber: syz
[  405.767057][ T5867] usb 5-1: config 0 descriptor??
[  406.429443][ T5867] usb 5-1: can't set config #0, error -71
[  406.478219][   T29] audit: type=1400 audit(1740821717.028:258): avc:  denied  { ioctl } for  pid=9264 comm="syz.4.736" path="socket:[29632]" dev="sockfs" ino=29632 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  406.504843][ T5867] usb 5-1: USB disconnect, device number 8
[  406.561082][ T9268] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  406.799941][ T8989] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  407.102945][    T9] usb 2-1: USB disconnect, device number 7
[  407.238679][ T9272] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  408.131417][ T8989] usb 4-1: Using ep0 maxpacket: 16
[  408.160839][ T8989] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  408.789482][ T8989] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  408.819911][ T8989] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  408.864479][ T8989] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  408.878611][ T8989] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.888958][ T8989] usb 4-1: Product: syz
[  408.898404][ T8989] usb 4-1: Manufacturer: syz
[  408.903253][ T8989] usb 4-1: SerialNumber: syz
[  409.053527][ T9293] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  409.621916][ T9294] netlink: 12 bytes leftover after parsing attributes in process `syz.0.743'.
[  409.817759][   T29] audit: type=1400 audit(1740821720.368:259): avc:  denied  { bind } for  pid=9292 comm="syz.0.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  409.840289][ T8989] usb 4-1: 0:2 : does not exist
[  409.850568][    T9] libceph: connect (1)[c::]:6789 error -101
[  409.861283][ T9303] ceph: No mds server is up or the cluster is laggy
[  409.864542][ T9294] sctp: [Deprecated]: syz.0.743 (pid 9294) Use of int in maxseg socket option.
[  409.864542][ T9294] Use struct sctp_assoc_value instead
[  409.930485][ T9308] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9308 comm=syz.2.744
[  409.943801][ T8989] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  409.951527][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  409.985543][ T8989] usb 4-1: USB disconnect, device number 8
[  410.190006][    T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  410.240802][ T9312] FAULT_INJECTION: forcing a failure.
[  410.240802][ T9312] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  410.254116][ T9312] CPU: 0 UID: 0 PID: 9312 Comm: syz.4.747 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[  410.254140][ T9312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  410.254151][ T9312] Call Trace:
[  410.254157][ T9312]  <TASK>
[  410.254164][ T9312]  dump_stack_lvl+0x16c/0x1f0
[  410.254193][ T9312]  should_fail_ex+0x50a/0x650
[  410.254225][ T9312]  _copy_to_user+0x32/0xd0
[  410.254246][ T9312]  simple_read_from_buffer+0xd0/0x160
[  410.254277][ T9312]  proc_fail_nth_read+0x198/0x270
[  410.254304][ T9312]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  410.254332][ T9312]  ? rw_verify_area+0xcf/0x680
[  410.254357][ T9312]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  410.254383][ T9312]  vfs_read+0x1df/0xbf0
[  410.254410][ T9312]  ? __fget_files+0x1fc/0x3a0
[  410.254429][ T9312]  ? __pfx___mutex_lock+0x10/0x10
[  410.254452][ T9312]  ? __pfx_vfs_read+0x10/0x10
[  410.254487][ T9312]  ? __fget_files+0x206/0x3a0
[  410.254514][ T9312]  ksys_read+0x12b/0x250
[  410.254540][ T9312]  ? __pfx_ksys_read+0x10/0x10
[  410.254575][ T9312]  do_syscall_64+0xcd/0x250
[  410.254600][ T9312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.254626][ T9312] RIP: 0033:0x7f1f7a58bb7c
[  410.254642][ T9312] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  410.254660][ T9312] RSP: 002b:00007f1f7b35a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  410.254678][ T9312] RAX: ffffffffffffffda RBX: 00007f1f7a7a6160 RCX: 00007f1f7a58bb7c
[  410.254690][ T9312] RDX: 000000000000000f RSI: 00007f1f7b35a0a0 RDI: 0000000000000006
[  410.254702][ T9312] RBP: 00007f1f7b35a090 R08: 0000000000000000 R09: 0000000000000000
[  410.254713][ T9312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.254724][ T9312] R13: 0000000000000000 R14: 00007f1f7a7a6160 R15: 00007ffe8292c518
[  410.254749][ T9312]  </TASK>
[  410.256403][   T29] audit: type=1400 audit(1740821720.788:260): avc:  denied  { create } for  pid=9309 comm="syz.4.747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  410.462677][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout
[  410.534705][   T29] audit: type=1400 audit(1740821720.788:261): avc:  denied  { write } for  pid=9309 comm="syz.4.747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  410.561817][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  410.621410][    T9] usb 2-1: Using ep0 maxpacket: 32
[  410.653392][    T9] usb 2-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  410.664808][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  410.747631][    T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  410.759352][    T9] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  410.768812][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.777046][    T9] usb 2-1: Product: syz
[  410.781491][    T9] usb 2-1: Manufacturer: syz
[  410.786305][ T9317] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9317 comm=syz.0.748
[  410.837707][    T9] usb 2-1: SerialNumber: syz
[  411.263804][    T9] usb 2-1: config 0 descriptor??
[  411.322087][   T29] audit: type=1400 audit(1740821721.878:262): avc:  denied  { bind } for  pid=9318 comm="syz.2.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  411.442752][   T29] audit: type=1400 audit(1740821721.878:263): avc:  denied  { listen } for  pid=9318 comm="syz.2.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  411.467559][   T29] audit: type=1400 audit(1740821721.898:264): avc:  denied  { accept } for  pid=9318 comm="syz.2.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  411.687784][ T9300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  411.895706][ T9330] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  411.940756][ T9300] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  411.962328][ T9300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  411.976890][ T9300] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.314068][   T29] audit: type=1400 audit(1740821722.808:265): avc:  denied  { create } for  pid=9299 comm="syz.1.745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  412.314394][ T8989] usb 2-1: USB disconnect, device number 8
[  412.359086][   T29] audit: type=1400 audit(1740821722.858:266): avc:  denied  { ioctl } for  pid=9299 comm="syz.1.745" path="socket:[31899]" dev="sockfs" ino=31899 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  412.423627][   T29] audit: type=1400 audit(1740821722.978:267): avc:  denied  { mounton } for  pid=9335 comm="syz.4.753" path="/proc/642/task" dev="proc" ino=31337 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  412.446057][    C1] vkms_vblank_simulate: vblank timer overrun
[  412.950035][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  416.643532][ T9378] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  417.232992][ T9381] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9381 comm=syz.1.762
[  417.782124][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout
[  418.204470][ T9384] Process accounting resumed
[  418.304927][   T29] audit: type=1400 audit(1740821728.748:268): avc:  denied  { read } for  pid=9400 comm="syz.1.767" lport=50562 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  418.911132][ T9405] netlink: 12 bytes leftover after parsing attributes in process `syz.3.766'.
[  418.930014][   T29] audit: type=1400 audit(1740821728.848:269): avc:  denied  { create } for  pid=9400 comm="syz.1.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  418.956942][   T29] audit: type=1400 audit(1740821728.848:270): avc:  denied  { create } for  pid=9400 comm="syz.1.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  419.101068][   T29] audit: type=1400 audit(1740821728.858:271): avc:  denied  { setopt } for  pid=9400 comm="syz.1.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  419.121139][   T29] audit: type=1400 audit(1740821728.858:272): avc:  denied  { connect } for  pid=9400 comm="syz.1.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  419.157321][   T29] audit: type=1400 audit(1740821728.858:273): avc:  denied  { write } for  pid=9400 comm="syz.1.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  419.699954][    T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  419.856799][    T9] usb 2-1: Using ep0 maxpacket: 32
[  419.887792][    T9] usb 2-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  419.922831][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  419.979336][    T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  420.009080][    T9] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  420.077614][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.112747][    T9] usb 2-1: Product: syz
[  420.116942][    T9] usb 2-1: Manufacturer: syz
[  420.122050][    T9] usb 2-1: SerialNumber: syz
[  420.137472][    T9] usb 2-1: config 0 descriptor??
[  420.250478][   T29] audit: type=1326 audit(1740821730.808:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9429 comm="syz.0.773" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe919f8d169 code=0x0
[  420.385048][ T9434] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  420.397069][ T9435] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  420.542836][   T29] audit: type=1400 audit(1740821730.868:275): avc:  denied  { ioctl } for  pid=9429 comm="syz.0.773" path="socket:[32207]" dev="sockfs" ino=32207 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  420.623327][ T9437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.627399][   T29] audit: type=1400 audit(1740821730.878:276): avc:  denied  { create } for  pid=9429 comm="syz.0.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  420.675338][ T9437] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.725813][ T9411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.765681][ T9411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.225253][ T5866] usb 2-1: USB disconnect, device number 9
[  421.291471][ T9439] syz.4.774: attempt to access beyond end of device
[  421.291471][ T9439] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0
[  421.315151][ T9447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.775'.
[  421.587609][ T5903] libceph: connect (1)[c::]:6789 error -101
[  421.601123][ T5903] libceph: mon0 (1)[c::]:6789 connect error
[  421.623808][ T9453] ceph: No mds server is up or the cluster is laggy
[  421.630317][   T29] audit: type=1400 audit(1740821732.188:277): avc:  denied  { ioctl } for  pid=9452 comm="syz.3.778" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  421.729877][ T9458] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9458 comm=syz.0.776
[  421.761174][ T9457] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  422.170992][ T5903] libceph: connect (1)[c::]:6789 error -101
[  422.220541][ T5903] libceph: mon0 (1)[c::]:6789 connect error
[  422.307161][ T9479] netlink: 8 bytes leftover after parsing attributes in process `syz.2.779'.
[  422.380841][ T9478] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9478 comm=syz.1.780
[  422.712201][ T9482] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0
[  422.912974][ T9473] ceph: No mds server is up or the cluster is laggy
[  424.081340][ T9496] netlink: 4 bytes leftover after parsing attributes in process `syz.0.781'.
[  425.448680][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  425.448710][   T29] audit: type=1400 audit(1740821735.998:283): avc:  denied  { create } for  pid=9485 comm="syz.1.782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  425.692323][ T9512] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  426.620060][   T29] audit: type=1400 audit(1740821736.228:284): avc:  denied  { connect } for  pid=9485 comm="syz.1.782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  426.649555][ T9513] ceph: No mds server is up or the cluster is laggy
[  426.664029][ T5866] libceph: connect (1)[c::]:6789 error -101
[  426.670268][ T5866] libceph: mon0 (1)[c::]:6789 connect error
[  426.687967][ T9511] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9511 comm=syz.2.785
[  426.910682][   T29] audit: type=1400 audit(1740821736.228:285): avc:  denied  { write } for  pid=9485 comm="syz.1.782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  427.294724][    T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  427.460271][   T29] audit: type=1400 audit(1740821738.018:286): avc:  denied  { write } for  pid=9533 comm="syz.1.791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  427.590933][    T9] usb 5-1: Using ep0 maxpacket: 32
[  427.816448][    T9] usb 5-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  427.838670][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  427.909432][    T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  427.960962][    T9] usb 5-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  427.989984][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.009941][    T9] usb 5-1: Product: syz
[  428.024332][    T9] usb 5-1: Manufacturer: syz
[  428.028954][    T9] usb 5-1: SerialNumber: syz
[  428.061323][    T9] usb 5-1: config 0 descriptor??
[  428.370689][ T9529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.413650][ T9529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.463594][ T9529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.503397][ T9529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  429.540272][ T5866] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  429.635272][    T9] usb 5-1: USB disconnect, device number 9
[  429.799904][ T5866] usb 2-1: Using ep0 maxpacket: 32
[  429.819979][ T5866] usb 2-1: config 0 interface 0 has no altsetting 0
[  429.831484][ T5866] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  429.860476][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.868494][ T5866] usb 2-1: Product: syz
[  429.957224][ T5866] usb 2-1: Manufacturer: syz
[  429.969950][ T5866] usb 2-1: SerialNumber: syz
[  429.978132][ T5866] usb 2-1: config 0 descriptor??
[  430.651397][ T5866] gs_usb 2-1:0.0: Required endpoints not found
[  431.032678][ T9562] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9562 comm=syz.0.796
[  433.546326][ T9592] syz.2.804: attempt to access beyond end of device
[  433.546326][ T9592] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0
[  433.688489][ T9583] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  433.755717][ T8989] usb 2-1: USB disconnect, device number 10
[  433.947414][ T9589] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  434.343877][ T5827] Bluetooth: hci4: command 0x0405 tx timeout
[  435.964501][ T9612] FAULT_INJECTION: forcing a failure.
[  435.964501][ T9612] name failslab, interval 1, probability 0, space 0, times 0
[  436.021913][ T9612] CPU: 1 UID: 0 PID: 9612 Comm: syz.1.807 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[  436.021948][ T9612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  436.021958][ T9612] Call Trace:
[  436.021963][ T9612]  <TASK>
[  436.021970][ T9612]  dump_stack_lvl+0x16c/0x1f0
[  436.021997][ T9612]  should_fail_ex+0x50a/0x650
[  436.022023][ T9612]  ? fs_reclaim_acquire+0xae/0x150
[  436.022050][ T9612]  should_failslab+0xc2/0x120
[  436.022071][ T9612]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  436.022091][ T9612]  ? __alloc_skb+0x2b1/0x380
[  436.022117][ T9612]  __alloc_skb+0x2b1/0x380
[  436.022139][ T9612]  ? __pfx___alloc_skb+0x10/0x10
[  436.022165][ T9612]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  436.022193][ T9612]  netlink_alloc_large_skb+0x69/0x130
[  436.022217][ T9612]  netlink_sendmsg+0x689/0xd70
[  436.022244][ T9612]  ? __pfx_netlink_sendmsg+0x10/0x10
[  436.022277][ T9612]  ____sys_sendmsg+0xaaf/0xc90
[  436.022297][ T9612]  ? copy_msghdr_from_user+0x10b/0x160
[  436.022320][ T9612]  ? __pfx_____sys_sendmsg+0x10/0x10
[  436.022348][ T9612]  ___sys_sendmsg+0x135/0x1e0
[  436.022374][ T9612]  ? __pfx____sys_sendmsg+0x10/0x10
[  436.022408][ T9612]  ? __pfx_lock_release+0x10/0x10
[  436.022433][ T9612]  ? trace_lock_acquire+0x14e/0x1f0
[  436.022461][ T9612]  ? __fget_files+0x206/0x3a0
[  436.022486][ T9612]  __sys_sendmsg+0x16e/0x220
[  436.022510][ T9612]  ? __pfx___sys_sendmsg+0x10/0x10
[  436.022550][ T9612]  do_syscall_64+0xcd/0x250
[  436.022575][ T9612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.022600][ T9612] RIP: 0033:0x7f242358d169
[  436.022615][ T9612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.022631][ T9612] RSP: 002b:00007f2424302038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  436.022648][ T9612] RAX: ffffffffffffffda RBX: 00007f24237a5fa0 RCX: 00007f242358d169
[  436.022661][ T9612] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000004
[  436.022672][ T9612] RBP: 00007f2424302090 R08: 0000000000000000 R09: 0000000000000000
[  436.022683][ T9612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  436.022694][ T9612] R13: 0000000000000000 R14: 00007f24237a5fa0 R15: 00007ffc34b580a8
[  436.022718][ T9612]  </TASK>
[  436.264076][   T29] audit: type=1400 audit(1740821746.818:287): avc:  denied  { bind } for  pid=9611 comm="syz.1.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  436.309473][   T29] audit: type=1400 audit(1740821746.858:288): avc:  denied  { setopt } for  pid=9611 comm="syz.1.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  437.238048][ T9625] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9625 comm=syz.2.809
[  437.817261][ T9626] ceph: No mds server is up or the cluster is laggy
[  437.824538][    T9] libceph: connect (1)[c::]:6789 error -101
[  437.832305][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  438.179206][ T9646] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9646 comm=syz.0.812
[  438.373358][ T9635] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  438.380203][ T9635] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  438.412062][ T9635] vhci_hcd vhci_hcd.0: Device attached
[  438.450014][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  439.469974][ T5902] vhci_hcd: vhci_device speed not set
[  439.530852][ T5902] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  439.669068][ T5866] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  439.691991][ T9636] vhci_hcd: connection closed
[  439.737188][ T9638] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  439.841102][   T11] vhci_hcd: stop threads
[  439.970140][   T11] vhci_hcd: release socket
[  440.040295][ T5866] usb 3-1: Using ep0 maxpacket: 32
[  440.060724][   T11] vhci_hcd: disconnect device
[  440.110870][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  440.118659][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  440.129143][ T5866] usb 3-1: config 0 interface 0 has no altsetting 0
[  440.181965][    T9] usb 4-1: device not accepting address 9, error -71
[  440.188643][ T5866] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  440.188672][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.188692][ T5866] usb 3-1: Product: syz
[  440.188708][ T5866] usb 3-1: Manufacturer: syz
[  440.222861][ T5866] usb 3-1: SerialNumber: syz
[  440.843037][ T5866] usb 3-1: config 0 descriptor??
[  440.860006][ T5866] gs_usb 3-1:0.0: Required endpoints not found
[  441.567175][   T29] audit: type=1400 audit(1740821752.118:289): avc:  denied  { create } for  pid=9672 comm="syz.1.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  441.588062][ T9673] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  441.678962][   T29] audit: type=1401 audit(1740821752.228:290): op=fscreate invalid_context="}"
[  441.772406][   T29] audit: type=1400 audit(1740821752.268:291): avc:  denied  { setopt } for  pid=9672 comm="syz.1.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  443.236048][    T9] usb 3-1: USB disconnect, device number 10
[  443.975086][   T29] audit: type=1400 audit(1740821753.838:292): avc:  denied  { create } for  pid=9686 comm="syz.4.823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  444.035537][   T29] audit: type=1400 audit(1740821754.448:293): avc:  denied  { connect } for  pid=9686 comm="syz.4.823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  444.135994][   T29] audit: type=1400 audit(1740821754.628:294): avc:  denied  { bind } for  pid=9672 comm="syz.1.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  444.174661][   T29] audit: type=1400 audit(1740821754.638:295): avc:  denied  { name_bind } for  pid=9672 comm="syz.1.820" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  444.491464][   T51] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  444.976241][ T5902] vhci_hcd: vhci_device speed not set
[  445.010105][   T51] usb 1-1: Using ep0 maxpacket: 16
[  445.042334][   T51] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  445.062010][   T51] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  445.535948][ T9709] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9709 comm=syz.4.827
[  445.556679][ T9176] libceph: connect (1)[c::]:6789 error -101
[  445.590056][ T9176] libceph: mon0 (1)[c::]:6789 connect error
[  445.596092][   T51] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  445.810197][ T9705] ceph: No mds server is up or the cluster is laggy
[  445.824821][   T51] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  445.836969][   T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.151128][ T5866] libceph: connect (1)[c::]:6789 error -101
[  446.164144][ T5866] libceph: mon0 (1)[c::]:6789 connect error
[  446.206797][   T51] usb 1-1: Product: syz
[  446.224431][   T51] usb 1-1: Manufacturer: syz
[  446.806409][ T5866] libceph: connect (1)[c::]:6789 error -101
[  446.812859][ T5866] libceph: mon0 (1)[c::]:6789 connect error
[  446.818864][   T51] usb 1-1: SerialNumber: syz
[  447.492666][ T9729] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9729 comm=syz.4.830
[  447.619646][ T9727] ceph: No mds server is up or the cluster is laggy
[  447.651041][  T971] libceph: connect (1)[c::]:6789 error -101
[  447.708709][ T9731] syz.1.831: attempt to access beyond end of device
[  447.708709][ T9731] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  447.767140][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  448.004455][   T51] usb 1-1: 0:2 : does not exist
[  449.380009][   T29] audit: type=1401 audit(1740821759.428:296): op=fscreate invalid_context="}"
[  449.653105][   T51] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1)
[  449.674845][   T29] audit: type=1400 audit(1740821760.228:297): avc:  denied  { read } for  pid=9747 comm="syz.2.834" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  449.865324][   T51] usb 1-1: USB disconnect, device number 11
[  449.878834][   T29] audit: type=1400 audit(1740821760.228:298): avc:  denied  { open } for  pid=9747 comm="syz.2.834" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  450.442570][   T29] audit: type=1400 audit(1740821760.228:299): avc:  denied  { ioctl } for  pid=9747 comm="syz.2.834" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  450.494956][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  450.740314][ T9767] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  452.000475][   T29] audit: type=1401 audit(1740821762.548:300): op=fscreate invalid_context="}"
[  453.495236][ T9791] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9791 comm=syz.4.843
[  453.607155][ T9789] ceph: No mds server is up or the cluster is laggy
[  453.618186][   T51] libceph: connect (1)[c::]:6789 error -101
[  453.626970][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  454.203169][   T29] audit: type=1401 audit(1740821764.748:301): op=fscreate invalid_context="}"
[  455.101341][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.846'.
[  455.643979][ T9814] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0
[  455.690047][  T971] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  455.840186][  T971] usb 3-1: Using ep0 maxpacket: 16
[  455.849061][  T971] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  455.926215][  T971] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  456.172435][ T9820] ceph: No mds server is up or the cluster is laggy
[  456.179677][   T51] libceph: connect (1)[c::]:6789 error -101
[  456.191385][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  456.531289][ T9824] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9824 comm=syz.4.850
[  456.572089][   T51] libceph: connect (1)[c::]:6789 error -101
[  456.578199][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  456.608848][  T971] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  456.631060][  T971] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  456.645315][  T971] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.665483][  T971] usb 3-1: Product: syz
[  456.673821][  T971] usb 3-1: Manufacturer: syz
[  456.688187][  T971] usb 3-1: SerialNumber: syz
[  458.267248][ T9843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.854'.
[  458.337180][ T9844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.855'.
[  458.934218][ T5834] Bluetooth: hci4: command 0x0405 tx timeout
[  459.257408][  T971] usb 3-1: 0:2 : does not exist
[  459.951632][  T971] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  460.000308][  T971] usb 3-1: USB disconnect, device number 11
[  460.336120][ T9864] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  460.970790][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  461.452641][ T9874] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9874 comm=syz.2.861
[  461.770641][ T9872] ceph: No mds server is up or the cluster is laggy
[  461.783116][   T51] libceph: connect (1)[c::]:6789 error -101
[  461.846277][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  462.120166][   T51] libceph: connect (1)[c::]:6789 error -101
[  462.175507][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  462.377322][ T9883] netlink: 8 bytes leftover after parsing attributes in process `syz.2.864'.
[  462.400054][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  462.693529][    T9] usb 5-1: Using ep0 maxpacket: 32
[  462.996047][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  463.007370][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  463.024185][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  463.033562][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.046014][    T9] usb 5-1: config 0 descriptor??
[  463.066154][    T9] hub 5-1:0.0: USB hub found
[  463.927153][ T9903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.865'.
[  464.582205][    T9] hub 5-1:0.0: 1 port detected
[  464.909975][   T51] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  465.850122][   T29] audit: type=1401 audit(1740821775.758:302): op=fscreate invalid_context="}"
[  465.879971][   T51] usb 4-1: Using ep0 maxpacket: 16
[  465.897424][   T51] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  465.916166][    T9] hub 5-1:0.0: hub_ext_port_status failed (err = -71)
[  465.917436][   T51] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  465.925109][  T971] usb 5-1: USB disconnect, device number 10
[  465.979900][   T51] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  466.050977][   T51] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  466.084992][   T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.106393][   T51] usb 4-1: Product: syz
[  466.129373][   T51] usb 4-1: Manufacturer: syz
[  466.149003][   T51] usb 4-1: SerialNumber: syz
[  466.595617][ T9936] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9936 comm=syz.4.875
[  467.016685][ T9933] ceph: No mds server is up or the cluster is laggy
[  467.023891][ T5869] libceph: connect (1)[c::]:6789 error -101
[  467.035455][ T5869] libceph: mon0 (1)[c::]:6789 connect error
[  467.258133][   T29] audit: type=1400 audit(1740821777.798:303): avc:  denied  { mount } for  pid=9937 comm="syz.2.876" name="/" dev="9p" ino=1694025360095192279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  467.486115][   T51] usb 4-1: 0:2 : does not exist
[  469.293306][   T51] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  469.347674][   T51] usb 4-1: USB disconnect, device number 11
[  469.371314][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout
[  469.423238][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  471.663484][ T9987] netlink: 12 bytes leftover after parsing attributes in process `syz.1.884'.
[  472.561414][   T29] audit: type=1401 audit(1740821783.108:304): op=fscreate invalid_context="}"
[  473.115387][ T9998] netlink: 24 bytes leftover after parsing attributes in process `syz.3.886'.
[  474.269291][T10003] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10003 comm=syz.4.889
[  474.348956][ T8989] libceph: connect (1)[c::]:6789 error -101
[  474.373864][ T8989] libceph: mon0 (1)[c::]:6789 connect error
[  474.476153][T10004] ceph: No mds server is up or the cluster is laggy
[  474.555926][   T51] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  474.639136][T10017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.890'.
[  474.775909][   T51] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  474.994378][   T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.117058][   T51] usb 4-1: config 0 descriptor??
[  476.344940][T10030] syz.1.895: attempt to access beyond end of device
[  476.344940][T10030] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  476.932756][   T51] usb 4-1: can't set config #0, error -71
[  476.948981][   T51] usb 4-1: USB disconnect, device number 12
[  477.534876][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout
[  477.696712][T10052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.899'.
[  480.091929][   T29] audit: type=1401 audit(1740821790.318:305): op=fscreate invalid_context="}"
[  480.460115][ T8989] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  480.658495][ T8989] usb 5-1: Using ep0 maxpacket: 32
[  480.672167][ T8989] usb 5-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  480.692184][ T8989] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  480.718132][ T8989] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  480.794461][ T8989] usb 5-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  481.502962][ T8989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.512580][ T8989] usb 5-1: Product: syz
[  481.517035][ T8989] usb 5-1: Manufacturer: syz
[  481.521840][ T8989] usb 5-1: SerialNumber: syz
[  481.528228][ T8989] usb 5-1: config 0 descriptor??
[  481.608834][T10088] No control pipe specified
[  482.512157][T10073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  482.526029][T10093] syz.2.908: attempt to access beyond end of device
[  482.526029][T10093] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0
[  482.615475][T10073] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  483.195799][ T8989] usb 5-1: USB disconnect, device number 11
[  483.765451][T10115] netlink: 24 bytes leftover after parsing attributes in process `syz.2.911'.
[  485.789060][   T29] audit: type=1401 audit(1740821796.338:306): op=fscreate invalid_context="}"
[  486.979595][   T29] audit: type=1400 audit(1740821797.528:307): avc:  denied  { compute_member } for  pid=10152 comm="syz.4.922" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  487.290249][ T5827] Bluetooth: hci4: command 0x0405 tx timeout
[  487.710813][   T29] audit: type=1401 audit(1740821797.618:308): op=fscreate invalid_context="}"
[  487.853604][   T51] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  488.031248][   T51] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  488.079979][   T51] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  488.090613][   T51] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  488.099715][   T51] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  488.111116][   T51] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  488.123632][   T51] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  488.145661][   T51] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  488.169404][   T51] usb 5-1: Product: syz
[  488.200025][   T51] usb 5-1: Manufacturer: syz
[  488.209416][   T51] cdc_wdm 5-1:1.0: skipping garbage
[  488.215320][   T51] cdc_wdm 5-1:1.0: skipping garbage
[  488.231977][   T51] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  488.243783][   T51] cdc_wdm 5-1:1.0: Unknown control protocol
[  489.272610][ T9176] usb 5-1: USB disconnect, device number 12
[  490.566256][   T29] audit: type=1400 audit(1740821801.108:309): avc:  denied  { read } for  pid=10180 comm="syz.4.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  490.686824][   T51] libceph: connect (1)[c::]:6789 error -101
[  490.709210][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  491.127896][   T51] libceph: connect (1)[c::]:6789 error -101
[  491.318775][T10190] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10190 comm=syz.0.928
[  491.339717][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  491.487998][T10186] ceph: No mds server is up or the cluster is laggy
[  491.870860][   T29] audit: type=1401 audit(1740821802.408:310): op=fscreate invalid_context="}"
[  494.756269][T10230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10230 comm=syz.4.938
[  494.934972][T10229] ceph: No mds server is up or the cluster is laggy
[  494.942081][ T5869] libceph: connect (1)[c::]:6789 error -101
[  494.948140][ T5869] libceph: mon0 (1)[c::]:6789 connect error
[  500.091392][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  501.122284][T10300] Process accounting resumed
[  501.545991][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  501.552632][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  501.632922][T10312] netlink: 16 bytes leftover after parsing attributes in process `syz.2.958'.
[  504.013833][T10336] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  504.512758][T10327] netlink: 16 bytes leftover after parsing attributes in process `syz.3.959'.
[  505.679973][ T5866] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  505.850206][ T5866] usb 2-1: Using ep0 maxpacket: 32
[  505.919381][ T5866] usb 2-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  506.320391][ T5866] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  506.332633][ T5866] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  506.815013][ T5866] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  506.830112][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.840394][ T5866] usb 2-1: Product: syz
[  506.849726][ T5866] usb 2-1: Manufacturer: syz
[  506.856502][ T5866] usb 2-1: SerialNumber: syz
[  506.863645][ T5866] usb 2-1: config 0 descriptor??
[  507.058435][   T29] audit: type=1400 audit(1740821817.508:311): avc:  denied  { read write } for  pid=10356 comm="syz.4.969" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  507.331375][T10345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.383854][T10345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.401769][   T29] audit: type=1400 audit(1740821817.508:312): avc:  denied  { open } for  pid=10356 comm="syz.4.969" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  507.517019][T10345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.757104][T10345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  508.659898][ T5827] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  509.136556][T10367] Process accounting resumed
[  509.171811][  T971] usb 2-1: USB disconnect, device number 11
[  510.066214][T10374] netlink: 16 bytes leftover after parsing attributes in process `syz.0.972'.
[  510.780111][ T5902] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  511.063980][ T5902] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  511.094835][ T5902] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  511.148071][ T5902] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  511.169030][ T5902] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  511.189988][ T5902] usb 5-1: SerialNumber: syz
[  511.213736][ T5902] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  511.241587][ T5902] usb-storage 5-1:1.0: USB Mass Storage device detected
[  511.270762][ T5902] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  511.288240][ T5902] scsi host1: usb-storage 5-1:1.0
[  511.374742][   T51] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  511.531722][   T51] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  511.560540][   T51] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  511.581668][   T51] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  511.595881][   T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  511.618199][   T51] usb 1-1: SerialNumber: syz
[  511.632543][   T51] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  511.649471][   T51] usb-storage 1-1:1.0: USB Mass Storage device detected
[  511.668321][   T51] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  511.687936][   T51] scsi host2: usb-storage 1-1:1.0
[  512.109949][ T5869] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  512.287546][ T5869] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  512.395106][ T5869] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  512.539765][ T5869] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  512.645095][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  512.662051][ T5869] usb 2-1: SerialNumber: syz
[  512.678797][ T5869] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  512.687706][ T5869] usb-storage 2-1:1.0: USB Mass Storage device detected
[  512.708720][ T5869] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  512.727477][ T5869] scsi host3: usb-storage 2-1:1.0
[  512.844914][   T51] usb 5-1: USB disconnect, device number 13
[  513.013740][ T5902] usb 1-1: USB disconnect, device number 12
[  513.070093][ T5869] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  513.219964][ T5869] usb 4-1: Using ep0 maxpacket: 32
[  513.226614][ T5869] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  513.236155][ T5869] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  513.246435][ T5869] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  513.257162][ T5869] usb 4-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  513.266319][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.274422][ T5869] usb 4-1: Product: syz
[  513.278618][ T5869] usb 4-1: Manufacturer: syz
[  513.283432][ T5869] usb 4-1: SerialNumber: syz
[  513.290319][ T5869] usb 4-1: config 0 descriptor??
[  513.721579][T10426] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  513.761272][T10421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.791284][T10421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  513.817100][T10421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  513.831598][T10421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.305158][ T5869] usb 4-1: USB disconnect, device number 13
[  514.962574][ T8989] usb 2-1: USB disconnect, device number 12
[  515.499197][T10443] Process accounting resumed
[  516.096345][T10454] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  516.737952][  T971] libceph: connect (1)[c::]:6789 error -101
[  516.820850][T10462] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10462 comm=syz.4.993
[  517.034984][T10457] ceph: No mds server is up or the cluster is laggy
[  517.059030][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  517.478813][ T5902] libceph: connect (1)[c::]:6789 error -101
[  517.485305][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  518.754734][T10476] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  518.889951][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  520.524469][T10491] Process accounting resumed
[  520.922471][ T5130] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  522.133565][T10506] Process accounting resumed
[  522.383374][T10517] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1006'.
[  523.218125][T10511] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1007'.
[  525.613561][T10539] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  526.666176][T10550] Process accounting resumed
[  526.720817][T10554] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1015'.
[  529.149146][T10577] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1024'.
[  529.431406][T10572] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  529.504373][T10579] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  529.722374][T10585] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  529.776919][ T5827] Bluetooth: hci4: command 0x0405 tx timeout
[  530.233526][T10589] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  530.356147][   T29] audit: type=1401 audit(1740821840.888:313): op=fscreate invalid_context="}"
[  532.129262][T10624] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1031'.
[  533.751559][T10633] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10633 comm=syz.4.1034
[  533.803159][T10641] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10641 comm=syz.0.1033
[  533.874489][T10636] ceph: No mds server is up or the cluster is laggy
[  533.886264][  T971] libceph: connect (1)[c::]:6789 error -101
[  533.896320][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  533.900980][ T5867] libceph: connect (1)[c::]:6789 error -101
[  533.917816][ T5867] libceph: mon0 (1)[c::]:6789 connect error
[  533.989219][T10632] ceph: No mds server is up or the cluster is laggy
[  534.017038][T10646] autofs: Bad value for 'fd'
[  534.826515][ T5866] libceph: connect (1)[c::]:6789 error -101
[  534.860313][ T5866] libceph: mon0 (1)[c::]:6789 connect error
[  535.489397][T10656] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  535.515132][ T8989] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  536.041092][ T8989] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  536.058129][ T8989] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  536.079164][ T8989] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  536.205610][ T8989] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  536.220532][ T8989] usb 4-1: SerialNumber: syz
[  536.360486][   T29] audit: type=1401 audit(1740821846.868:314): op=fscreate invalid_context="}"
[  536.845666][ T5902] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  536.868160][ T8989] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  537.176668][ T8989] usb-storage 4-1:1.0: USB Mass Storage device detected
[  537.197687][ T5902] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  537.358693][ T5902] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  537.385612][ T8989] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  537.408315][ T5902] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  537.419966][ T5902] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  537.431277][ T8989] scsi host1: usb-storage 4-1:1.0
[  537.442295][ T5902] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  537.458623][ T5902] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  537.467897][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  537.480099][ T5902] usb 2-1: Product: syz
[  537.487500][ T5902] usb 2-1: Manufacturer: syz
[  537.497251][ T5902] cdc_wdm 2-1:1.0: skipping garbage
[  537.503592][ T5902] cdc_wdm 2-1:1.0: skipping garbage
[  537.512879][ T5902] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  537.538266][ T5902] cdc_wdm 2-1:1.0: Unknown control protocol
[  539.518795][ T5902] usb 2-1: USB disconnect, device number 13
[  539.730887][ T5867] usb 4-1: USB disconnect, device number 14
[  539.753913][T10696] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1047'.
[  539.783415][T10696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1047'.
[  540.257697][T10708] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10708 comm=syz.0.1049
[  540.337045][    T9] libceph: connect (1)[c::]:6789 error -101
[  540.340026][   T29] audit: type=1400 audit(1740821850.668:315): avc:  denied  { read write } for  pid=10695 comm="syz.1.1047" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  540.367184][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.441267][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  540.452520][   T29] audit: type=1400 audit(1740821850.668:316): avc:  denied  { open } for  pid=10695 comm="syz.1.1047" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  540.619379][T10704] ceph: No mds server is up or the cluster is laggy
[  540.720418][    T9] libceph: connect (1)[c::]:6789 error -101
[  540.741019][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  542.395973][   T29] audit: type=1401 audit(1740821852.948:317): op=fscreate invalid_context="}"
[  542.458171][   T29] audit: type=1400 audit(1740821853.008:318): avc:  denied  { read write } for  pid=10726 comm="syz.1.1053" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  542.488359][T10727] autofs: Bad value for 'fd'
[  542.613368][   T29] audit: type=1400 audit(1740821853.008:319): avc:  denied  { open } for  pid=10726 comm="syz.1.1053" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  543.269213][   T29] audit: type=1400 audit(1740821853.008:320): avc:  denied  { ioctl } for  pid=10726 comm="syz.1.1053" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  544.228477][T10737] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10737 comm=syz.3.1055
[  545.293256][ T5130] Bluetooth: hci2: command 0x0c1a tx timeout
[  545.370142][ T5866] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  545.800387][ T5866] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  545.835147][ T5866] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  545.877200][ T5866] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  545.890009][T10750] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1059'.
[  545.948196][ T5866] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  546.296280][ T5866] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  546.297345][T10759] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1061'.
[  546.324112][T10759] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1061'.
[  546.331015][ T5866] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  546.463362][ T5866] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  546.481844][ T5866] usb 4-1: Product: syz
[  546.486123][ T5866] usb 4-1: Manufacturer: syz
[  547.000550][ T5866] cdc_wdm 4-1:1.0: skipping garbage
[  547.033145][ T5866] cdc_wdm 4-1:1.0: skipping garbage
[  547.230960][ T5866] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  547.236903][ T5866] cdc_wdm 4-1:1.0: Unknown control protocol
[  547.246152][ T5866] usb 4-1: USB disconnect, device number 15
[  547.371493][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout
[  547.440553][   T29] audit: type=1401 audit(1740821857.888:321): op=fscreate invalid_context="}"
[  547.773852][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout
[  548.205588][   T29] audit: type=1400 audit(1740821858.758:322): avc:  denied  { map } for  pid=10781 comm="syz.4.1066" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  548.310262][ T5867] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  548.383796][   T29] audit: type=1400 audit(1740821858.758:323): avc:  denied  { execute } for  pid=10781 comm="syz.4.1066" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  548.620010][ T5867] usb 4-1: Using ep0 maxpacket: 16
[  548.642350][ T5867] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  548.659477][ T5867] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  549.062494][T10793] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10793 comm=syz.2.1067
[  549.264496][ T5867] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  549.338446][ T5867] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  549.362297][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.400449][ T5867] usb 4-1: Product: syz
[  549.404652][ T5867] usb 4-1: Manufacturer: syz
[  549.409235][ T5867] usb 4-1: SerialNumber: syz
[  549.661575][T10799] autofs: Bad value for 'fd'
[  551.339316][ T5867] usb 4-1: 0:2 : does not exist
[  551.446064][   T29] audit: type=1401 audit(1740821861.988:324): op=fscreate invalid_context="}"
[  552.034701][T10821] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1074'.
[  552.260014][T10821] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1074'.
[  552.447189][ T5867] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  553.018122][ T5867] usb 4-1: USB disconnect, device number 16
[  554.212447][ T5130] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  554.661901][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  555.714417][T10851] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10851 comm=syz.2.1079
[  557.893395][   T29] audit: type=1401 audit(1740821868.098:325): op=fscreate invalid_context="}"
[  557.900185][ T5130] Bluetooth: hci0: command 0x0c1a tx timeout
[  559.348253][ T5827] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  559.754240][T10888] autofs: Unknown parameter '0x0000000000000000'
[  560.264493][T10898] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1091'.
[  561.176927][T10903] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10903 comm=syz.0.1089
[  562.080456][T10910] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10910 comm=syz.3.1093
[  562.730892][T10917] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1096'.
[  562.990874][T10921] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1095'.
[  563.001463][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  563.007764][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  563.289972][ T5130] Bluetooth: hci4: command 0x0405 tx timeout
[  563.480228][ T5902] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  563.854266][ T5902] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  563.949990][ T5902] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  563.979921][ T5902] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  563.998323][T10929] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1098'.
[  564.150194][ T5902] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  564.610561][ T5902] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  564.637143][ T5902] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  564.661091][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  564.678606][ T5902] usb 4-1: Product: syz
[  564.688747][ T5902] usb 4-1: Manufacturer: syz
[  564.706365][ T5902] cdc_wdm 4-1:1.0: skipping garbage
[  564.715851][ T5902] cdc_wdm 4-1:1.0: skipping garbage
[  564.730999][ T5902] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  564.749957][ T5902] cdc_wdm 4-1:1.0: Unknown control protocol
[  565.612870][T10946] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1103'.
[  566.388699][   T51] usb 4-1: USB disconnect, device number 17
[  567.032668][T10807] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  567.101405][T10956] Process accounting resumed
[  567.344936][T10807] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  567.615590][T10807] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.859194][T10807] usb 1-1: config 0 descriptor??
[  568.293865][T10974] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10974 comm=syz.3.1108
[  568.501840][   T51] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  568.547466][T10973] ceph: No mds server is up or the cluster is laggy
[  568.634827][ T5896] libceph: connect (1)[c::]:6789 error -101
[  568.653792][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[  568.790232][   T51] usb 2-1: Using ep0 maxpacket: 16
[  568.808488][   T51] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  568.832965][   T51] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  568.861030][   T51] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  568.895644][   T51] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  568.931169][   T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.983413][   T51] usb 2-1: Product: syz
[  569.000156][   T51] usb 2-1: Manufacturer: syz
[  569.015244][   T51] usb 2-1: SerialNumber: syz
[  569.051165][T10979] autofs: Unknown parameter '0x0000000000000000'
[  569.289982][ T5827] Bluetooth: hci2: command 0x0c1a tx timeout
[  569.886507][T10807] usb 1-1: Cannot read MAC address
[  569.946496][T10807] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  569.971612][T10807] usb 1-1: USB disconnect, device number 13
[  570.964292][   T51] usb 2-1: 0:2 : does not exist
[  571.108811][T10989] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1111'.
[  571.680144][ T5827] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  572.336591][   T51] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1)
[  572.510186][   T51] usb 2-1: USB disconnect, device number 14
[  572.696055][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  576.528941][T11048] autofs: Unknown parameter '0x0000000000000000'
[  576.748621][T11050] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1126'.
[  577.530088][ T5866] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  577.730044][ T5866] usb 2-1: Using ep0 maxpacket: 16
[  577.760560][ T5866] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  577.790305][ T5866] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  577.822998][ T5866] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  577.842243][T10807] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  577.854121][ T5866] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  577.863711][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.881836][ T5866] usb 2-1: Product: syz
[  577.897433][ T5866] usb 2-1: Manufacturer: syz
[  577.902365][ T5866] usb 2-1: SerialNumber: syz
[  578.028985][T10807] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  578.088492][T10807] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  578.168132][T10807] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  578.180950][T10807] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  578.200227][T10807] usb 3-1: SerialNumber: syz
[  578.302468][T10807] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  578.313631][T10807] usb-storage 3-1:1.0: USB Mass Storage device detected
[  578.348627][T10807] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  578.408409][T10807] scsi host1: usb-storage 3-1:1.0
[  578.547204][   T51] usb 3-1: USB disconnect, device number 12
[  578.589047][ T5866] usb 2-1: 0:2 : does not exist
[  579.484752][   T29] audit: type=1400 audit(1740821890.038:326): avc:  denied  { append } for  pid=11070 comm="syz.0.1132" name="dlm-monitor" dev="devtmpfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  580.372956][ T5866] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1)
[  580.416655][ T5866] usb 2-1: USB disconnect, device number 15
[  580.820502][T11094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11094 comm=syz.1.1136
[  580.922028][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  582.002482][T11100] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1138'.
[  582.259935][ T5130] Bluetooth: hci2: command 0x0c1a tx timeout
[  582.401431][T11105] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1139'.
[  582.972403][T11115] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1141'.
[  584.503579][T11126] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1142'.
[  585.047388][T11131] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1146'.
[  585.140176][   T51] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  585.401465][   T51] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  585.424647][   T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.461852][   T51] usb 1-1: config 0 descriptor??
[  585.786476][ T5868] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  585.939949][ T5868] usb 2-1: Using ep0 maxpacket: 16
[  585.955123][ T5868] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  585.978801][ T5868] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  586.007817][ T5868] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  586.039040][ T5868] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  586.065135][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.073777][ T5868] usb 2-1: Product: syz
[  586.078183][ T5868] usb 2-1: Manufacturer: syz
[  586.083210][ T5868] usb 2-1: SerialNumber: syz
[  586.420071][ T5902] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  586.590193][ T5902] usb 5-1: Using ep0 maxpacket: 32
[  586.605071][ T5902] usb 5-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  586.618335][ T5902] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  586.657460][ T5902] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 2
[  586.696789][ T5868] usb 2-1: 0:2 : does not exist
[  586.709783][T11145] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1149'.
[  586.755049][   T51] usb 1-1: Cannot read MAC address
[  586.761099][   T51] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  586.858809][ T5902] usb 5-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.40
[  586.871691][   T51] usb 1-1: USB disconnect, device number 14
[  587.200069][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.237572][ T5902] usb 5-1: Product: syz
[  587.250382][ T5902] usb 5-1: Manufacturer: syz
[  587.255196][ T5902] usb 5-1: SerialNumber: syz
[  587.280838][ T5902] usb 5-1: config 0 descriptor??
[  587.627730][T11153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1150'.
[  588.357840][T11142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  588.411389][ T5868] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1)
[  588.423472][T11142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  588.477145][ T5868] usb 2-1: USB disconnect, device number 16
[  588.478589][T11142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  588.821204][T11165] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1153'.
[  589.340118][T11142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  589.400670][T11162] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1154'.
[  589.794577][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  589.823760][  T971] usb 5-1: USB disconnect, device number 14
[  590.142323][T11176] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1155'.
[  590.480368][ T5866] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  590.645214][ T5866] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  590.652696][ T5868] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  590.689936][ T5866] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.753779][ T5866] usb 5-1: config 0 descriptor??
[  591.205187][ T5868] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  591.214713][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.237650][ T5868] usb 2-1: config 0 descriptor??
[  591.846334][T11191] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1158'.
[  591.882625][ T5868] usb 2-1: Cannot read MAC address
[  591.887891][ T5868] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  592.459641][T11189] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1159'.
[  592.838142][ T5868] usb 2-1: USB disconnect, device number 17
[  593.040841][ T5866] usb 5-1: Cannot read MAC address
[  593.161085][T11197] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1160'.
[  593.820221][ T5866] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  593.968447][ T5866] usb 5-1: USB disconnect, device number 15
[  594.500043][    T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  594.650456][    T9] usb 4-1: Using ep0 maxpacket: 16
[  594.667230][    T9] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  594.748554][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  594.789926][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  594.904770][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  594.926922][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.940728][T11213] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  595.052960][    T9] usb 4-1: Product: syz
[  595.057233][    T9] usb 4-1: Manufacturer: syz
[  595.062402][    T9] usb 4-1: SerialNumber: syz
[  595.393998][T11216] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1166'.
[  596.495757][    T9] usb 4-1: 0:2 : does not exist
[  596.676455][T11223] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3256431472 (26051451776 ns) > initial count (24997152112 ns). Using initial count to start timer.
[  597.051910][T11225] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11225 comm=syz.0.1167
[  597.634461][    T9] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  597.715474][    T9] usb 4-1: USB disconnect, device number 18
[  598.652073][T11240] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  598.672806][T11244] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1169'.
[  598.842334][ T9255] udevd[9255]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  599.250648][T11247] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1172'.
[  600.610236][ T5866] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  600.618458][   T51] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  601.139371][T11262] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1176'.
[  601.148561][   T51] usb 5-1: device not accepting address 16, error -71
[  601.802542][ T5130] ==================================================================
[  601.810633][ T5130] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x22a/0x240
[  601.819505][ T5130] Read of size 8 at addr ffff8880529b7580 by task kworker/u9:1/5130
[  601.827474][ T5130] 
[  601.829789][ T5130] CPU: 1 UID: 0 PID: 5130 Comm: kworker/u9:1 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[  601.829805][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  601.829814][ T5130] Workqueue: hci2 hci_rx_work
[  601.829836][ T5130] Call Trace:
[  601.829842][ T5130]  <TASK>
[  601.829850][ T5130]  dump_stack_lvl+0x116/0x1f0
[  601.829876][ T5130]  print_report+0xc3/0x670
[  601.829898][ T5130]  ? __virt_addr_valid+0x5e/0x590
[  601.829917][ T5130]  ? __phys_addr+0xc6/0x150
[  601.829933][ T5130]  kasan_report+0xd9/0x110
[  601.829949][ T5130]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  601.829979][ T5130]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  601.830008][ T5130]  l2cap_sock_new_connection_cb+0x22a/0x240
[  601.830027][ T5130]  l2cap_connect_cfm+0x85f/0xf10
[  601.830041][ T5130]  ? local_clock_noinstr+0xe0/0xe0
[  601.830054][ T5130]  ? _raw_spin_unlock_irq+0x1/0x50
[  601.830065][ T5130]  ? rcu_preempt_deferred_qs_irqrestore+0x502/0xbd0
[  601.830083][ T5130]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  601.830097][ T5130]  ? rcu_is_watching+0x12/0xc0
[  601.830109][ T5130]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  601.830124][ T5130]  le_conn_complete_evt+0x168d/0x1da0
[  601.830146][ T5130]  ? __pfx_lock_release+0x10/0x10
[  601.830171][ T5130]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  601.830201][ T5130]  hci_le_conn_complete_evt+0x23c/0x370
[  601.830225][ T5130]  hci_le_meta_evt+0x2e2/0x5d0
[  601.830241][ T5130]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  601.830257][ T5130]  hci_event_packet+0x666/0x1180
[  601.830272][ T5130]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  601.830288][ T5130]  ? __pfx_hci_event_packet+0x10/0x10
[  601.830304][ T5130]  ? kcov_remote_start+0x3df/0x6e0
[  601.830322][ T5130]  hci_rx_work+0x2c5/0x16b0
[  601.830338][ T5130]  ? process_one_work+0x921/0x1ba0
[  601.830353][ T5130]  process_one_work+0x9c5/0x1ba0
[  601.830369][ T5130]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  601.830384][ T5130]  ? __pfx_process_one_work+0x10/0x10
[  601.830400][ T5130]  ? assign_work+0x1a0/0x250
[  601.830414][ T5130]  worker_thread+0x6c8/0xf00
[  601.830431][ T5130]  ? __kthread_parkme+0x148/0x220
[  601.830442][ T5130]  ? __pfx_worker_thread+0x10/0x10
[  601.830456][ T5130]  kthread+0x3af/0x750
[  601.830468][ T5130]  ? __pfx_kthread+0x10/0x10
[  601.830481][ T5130]  ? lock_acquire+0x2f/0xb0
[  601.830496][ T5130]  ? __pfx_kthread+0x10/0x10
[  601.830508][ T5130]  ret_from_fork+0x45/0x80
[  601.830523][ T5130]  ? __pfx_kthread+0x10/0x10
[  601.830535][ T5130]  ret_from_fork_asm+0x1a/0x30
[  601.830551][ T5130]  </TASK>
[  601.830556][ T5130] 
[  602.074022][ T5130] Allocated by task 5130:
[  602.078329][ T5130]  kasan_save_stack+0x33/0x60
[  602.082988][ T5130]  kasan_save_track+0x14/0x30
[  602.087647][ T5130]  __kasan_kmalloc+0xaa/0xb0
[  602.092220][ T5130]  __kmalloc_noprof+0x21c/0x510
[  602.097045][ T5130]  sk_prot_alloc+0x1a8/0x2a0
[  602.101609][ T5130]  sk_alloc+0x36/0xc20
[  602.105656][ T5130]  bt_sock_alloc+0x3b/0x3a0
[  602.110137][ T5130]  l2cap_sock_alloc.constprop.0+0x33/0x1d0
[  602.115927][ T5130]  l2cap_sock_new_connection_cb+0x101/0x240
[  602.121800][ T5130]  l2cap_connect_cfm+0x85f/0xf10
[  602.126723][ T5130]  le_conn_complete_evt+0x168d/0x1da0
[  602.132087][ T5130]  hci_le_conn_complete_evt+0x23c/0x370
[  602.137611][ T5130]  hci_le_meta_evt+0x2e2/0x5d0
[  602.142354][ T5130]  hci_event_packet+0x666/0x1180
[  602.147267][ T5130]  hci_rx_work+0x2c5/0x16b0
[  602.151748][ T5130]  process_one_work+0x9c5/0x1ba0
[  602.156661][ T5130]  worker_thread+0x6c8/0xf00
[  602.161228][ T5130]  kthread+0x3af/0x750
[  602.165272][ T5130]  ret_from_fork+0x45/0x80
[  602.169664][ T5130]  ret_from_fork_asm+0x1a/0x30
[  602.174412][ T5130] 
[  602.176721][ T5130] Freed by task 11264:
[  602.180769][ T5130]  kasan_save_stack+0x33/0x60
[  602.185419][ T5130]  kasan_save_track+0x14/0x30
[  602.190071][ T5130]  kasan_save_free_info+0x3b/0x60
[  602.195072][ T5130]  __kasan_slab_free+0x51/0x70
[  602.199809][ T5130]  kfree+0x2c4/0x4d0
[  602.203683][ T5130]  __sk_destruct+0x5ef/0x6f0
[  602.208251][ T5130]  sk_destruct+0xc2/0xf0
[  602.212469][ T5130]  __sk_free+0xf4/0x3e0
[  602.216601][ T5130]  sk_free+0x6a/0x90
[  602.220473][ T5130]  l2cap_sock_kill+0x171/0x2d0
[  602.225209][ T5130]  l2cap_sock_cleanup_listen+0x3d/0x2a0
[  602.230724][ T5130]  l2cap_sock_release+0x5c/0x210
[  602.235633][ T5130]  __sock_release+0xb0/0x270
[  602.240199][ T5130]  sock_close+0x1c/0x30
[  602.244331][ T5130]  __fput+0x3ff/0xb70
[  602.248286][ T5130]  task_work_run+0x14e/0x250
[  602.252852][ T5130]  get_signal+0x1d3/0x26c0
[  602.257248][ T5130]  arch_do_signal_or_restart+0x90/0x7e0
[  602.262782][ T5130]  syscall_exit_to_user_mode+0x150/0x2a0
[  602.268391][ T5130]  do_syscall_64+0xda/0x250
[  602.272873][ T5130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  602.278745][ T5130] 
[  602.281041][ T5130] The buggy address belongs to the object at ffff8880529b7000
[  602.281041][ T5130]  which belongs to the cache kmalloc-2k of size 2048
[  602.295066][ T5130] The buggy address is located 1408 bytes inside of
[  602.295066][ T5130]  freed 2048-byte region [ffff8880529b7000, ffff8880529b7800)
[  602.309016][ T5130] 
[  602.311314][ T5130] The buggy address belongs to the physical page:
[  602.317711][ T5130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x529b0
[  602.326444][ T5130] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  602.334913][ T5130] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  602.342432][ T5130] page_type: f5(slab)
[  602.346391][ T5130] raw: 00fff00000000040 ffff88801b042000 dead000000000100 dead000000000122
[  602.354951][ T5130] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  602.363509][ T5130] head: 00fff00000000040 ffff88801b042000 dead000000000100 dead000000000122
[  602.372153][ T5130] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  602.380795][ T5130] head: 00fff00000000003 ffffea00014a6c01 ffffffffffffffff 0000000000000000
[  602.389448][ T5130] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  602.398085][ T5130] page dumped because: kasan: bad access detected
[  602.404466][ T5130] page_owner tracks the page as allocated
[  602.410164][ T5130] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5814, tgid 5814 (syz-executor), ts 61091184961, free_ts 61061194532
[  602.431491][ T5130]  post_alloc_hook+0x181/0x1b0
[  602.436239][ T5130]  get_page_from_freelist+0xfce/0x2f80
[  602.441670][ T5130]  __alloc_frozen_pages_noprof+0x221/0x2470
[  602.447536][ T5130]  alloc_pages_mpol+0x1fc/0x540
[  602.452359][ T5130]  new_slab+0x23d/0x330
[  602.456493][ T5130]  ___slab_alloc+0xc5d/0x1720
[  602.461149][ T5130]  __slab_alloc.constprop.0+0x56/0xb0
[  602.466501][ T5130]  __kmalloc_node_noprof+0x2f0/0x510
[  602.471757][ T5130]  qdisc_alloc+0xbb/0xc50
[  602.476060][ T5130]  qdisc_create_dflt+0x73/0x430
[  602.480893][ T5130]  dev_activate+0x63a/0x12b0
[  602.485458][ T5130]  __dev_open+0x3e4/0x540
[  602.489771][ T5130]  __dev_change_flags+0x561/0x720
[  602.494775][ T5130]  dev_change_flags+0x8f/0x160
[  602.499517][ T5130]  do_setlink.constprop.0+0x699/0x3f80
[  602.504952][ T5130]  rtnl_newlink+0x1306/0x1d60
[  602.509605][ T5130] page last free pid 5817 tgid 5817 stack trace:
[  602.515911][ T5130]  free_frozen_pages+0x6db/0xfb0
[  602.520821][ T5130]  __put_partials+0x14c/0x170
[  602.525480][ T5130]  qlist_free_all+0x4e/0x120
[  602.530060][ T5130]  kasan_quarantine_reduce+0x195/0x1e0
[  602.535502][ T5130]  __kasan_slab_alloc+0x69/0x90
[  602.540324][ T5130]  __kmalloc_cache_noprof+0x243/0x410
[  602.545681][ T5130]  ref_tracker_alloc+0x17c/0x5b0
[  602.550601][ T5130]  netdev_queue_update_kobjects+0x24c/0x5b0
[  602.556472][ T5130]  netdev_register_kobject+0x28c/0x3a0
[  602.561907][ T5130]  register_netdevice+0x147b/0x1eb0
[  602.567085][ T5130]  team_newlink+0x92/0x160
[  602.571489][ T5130]  rtnl_newlink+0xb95/0x1d60
[  602.576064][ T5130]  rtnetlink_rcv_msg+0x95b/0xea0
[  602.580979][ T5130]  netlink_rcv_skb+0x16b/0x440
[  602.585719][ T5130]  netlink_unicast+0x53c/0x7f0
[  602.590458][ T5130]  netlink_sendmsg+0x8b8/0xd70
[  602.595197][ T5130] 
[  602.597492][ T5130] Memory state around the buggy address:
[  602.603092][ T5130]  ffff8880529b7480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  602.611125][ T5130]  ffff8880529b7500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  602.619176][ T5130] >ffff8880529b7580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  602.627219][ T5130]                    ^
[  602.631268][ T5130]  ffff8880529b7600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  602.639301][ T5130]  ffff8880529b7680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  602.647330][ T5130] ==================================================================
[  602.660583][ T5130] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  602.667778][ T5130] CPU: 1 UID: 0 PID: 5130 Comm: kworker/u9:1 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[  602.678612][ T5130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  602.688653][ T5130] Workqueue: hci2 hci_rx_work
[  602.693329][ T5130] Call Trace:
[  602.696587][ T5130]  <TASK>
[  602.699502][ T5130]  dump_stack_lvl+0x3d/0x1f0
[  602.704081][ T5130]  panic+0x71d/0x800
[  602.707960][ T5130]  ? __pfx_panic+0x10/0x10
[  602.712367][ T5130]  ? preempt_schedule_thunk+0x1a/0x30
[  602.717728][ T5130]  ? preempt_schedule_common+0x44/0xc0
[  602.723178][ T5130]  check_panic_on_warn+0xab/0xb0
[  602.728105][ T5130]  end_report+0x117/0x180
[  602.732432][ T5130]  kasan_report+0xe9/0x110
[  602.736834][ T5130]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  602.742896][ T5130]  ? l2cap_sock_new_connection_cb+0x22a/0x240
[  602.748959][ T5130]  l2cap_sock_new_connection_cb+0x22a/0x240
[  602.754853][ T5130]  l2cap_connect_cfm+0x85f/0xf10
[  602.759789][ T5130]  ? local_clock_noinstr+0xe0/0xe0
[  602.764889][ T5130]  ? _raw_spin_unlock_irq+0x1/0x50
[  602.769985][ T5130]  ? rcu_preempt_deferred_qs_irqrestore+0x502/0xbd0
[  602.776567][ T5130]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  602.782013][ T5130]  ? rcu_is_watching+0x12/0xc0
[  602.786760][ T5130]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  602.792206][ T5130]  le_conn_complete_evt+0x168d/0x1da0
[  602.797569][ T5130]  ? __pfx_lock_release+0x10/0x10
[  602.802583][ T5130]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  602.808295][ T5130]  hci_le_conn_complete_evt+0x23c/0x370
[  602.813834][ T5130]  hci_le_meta_evt+0x2e2/0x5d0
[  602.818588][ T5130]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  602.824646][ T5130]  hci_event_packet+0x666/0x1180
[  602.829572][ T5130]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  602.834850][ T5130]  ? __pfx_hci_event_packet+0x10/0x10
[  602.840216][ T5130]  ? kcov_remote_start+0x3df/0x6e0
[  602.845333][ T5130]  hci_rx_work+0x2c5/0x16b0
[  602.849872][ T5130]  ? process_one_work+0x921/0x1ba0
[  602.854975][ T5130]  process_one_work+0x9c5/0x1ba0
[  602.859904][ T5130]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  602.865527][ T5130]  ? __pfx_process_one_work+0x10/0x10
[  602.870913][ T5130]  ? assign_work+0x1a0/0x250
[  602.875488][ T5130]  worker_thread+0x6c8/0xf00
[  602.880069][ T5130]  ? __kthread_parkme+0x148/0x220
[  602.885075][ T5130]  ? __pfx_worker_thread+0x10/0x10
[  602.890172][ T5130]  kthread+0x3af/0x750
[  602.894225][ T5130]  ? __pfx_kthread+0x10/0x10
[  602.898803][ T5130]  ? lock_acquire+0x2f/0xb0
[  602.903293][ T5130]  ? __pfx_kthread+0x10/0x10
[  602.907869][ T5130]  ret_from_fork+0x45/0x80
[  602.912277][ T5130]  ? __pfx_kthread+0x10/0x10
[  602.916851][ T5130]  ret_from_fork_asm+0x1a/0x30
[  602.921605][ T5130]  </TASK>
[  602.924792][ T5130] Kernel Offset: disabled
[  602.929090][ T5130] Rebooting in 86400 seconds..