last executing test programs:

4m14.21012023s ago: executing program 0 (id=2371):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000009880)=ANY=[@ANYBLOB="a40000000001050500000500000000000a4000003c0002802c00018014000300ff01000000000000000000000000000114000400ff020000ff88000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000000000000000000000000114000400200100000000000000000000000000010800074000000000100006800c000380060002004e220000"], 0xa4}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)

4m14.07801709s ago: executing program 0 (id=2372):
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x7f)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000007c0)={0x40000000000ff80, 0x0, &(0x7f0000000700)={&(0x7f0000000380)=ANY=[@ANYBLOB="020f000015000000000000000000000005000500000000000a00001000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000020000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018a6f1c7b100997436e3eb35b994e57a104bea3bc5973c33b64d06af1e5620f882da733421e604e640f9db2eda0bea6e7b9ff3f31fc1b289d695a6bd111a66634a10ff41b86e323c4368e233656d5f634904095646c0cc1f1c5cf5bedf8369cc6b44"], 0xa8}}, 0x40080)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r7=>0x0})
ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f00000002c0)={@private1, @local, @local, 0x5, 0xb, 0x5, 0x100, 0x4, 0x0, r7})
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000002c0)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, @private0, 0x0, 0x6, 0x0, 0x0, 0x6, 0x42, r7})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000001240)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e0, 0x1b0, 0xc8, 0x8, 0x0, 0x5803, 0x310, 0x2e8, 0x2e8, 0x310, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x190, 0x1b0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67442c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2}}, @common=@inet=@socket1={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@remote, @mcast2, [], [], 'macvtap0\x00', 'syzkaller1\x00'}, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x700, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x440)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800080081"], 0x44}, 0x1, 0x0, 0x0, 0x24048004}, 0x4000)

4m12.910061768s ago: executing program 0 (id=2377):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
io_uring_setup(0x1b86, &(0x7f0000000040)={0x0, 0xbb81, 0x1, 0x2, 0x4})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300), &(0x7f00000004c0), 0x1000, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000001000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x10)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000300)={0xfff, {{0x2, 0x4e21, @empty}}, 0x0, 0x2, [{{0x2, 0x4e23, @private=0xa010102}}, {{0x2, 0x4e24, @remote}}]}, 0x190)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, 0x0, &(0x7f00000001c0)=0x28)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x94, r1, 0x5, 0x70bd2c, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_TAIL={0x58, 0xf, [@challenge={0x10, 0x1, 0x89}, @prep={0x83, 0x25, {{0x0, 0x1}, 0x14, 0xf7, @device_a, 0xffffffff, @value=@broadcast, 0x3, 0xfffffffe, @device_a, 0x3ff}}, @ssid={0x0, 0x6, @default_ap_ssid}, @erp={0x2a, 0x1, {0x0, 0x1, 0x1}}, @challenge={0x10, 0x1, 0x58}, @chsw_timing={0x68, 0x4, {0x8, 0x5}}, @chsw_timing={0x68, 0x4, {0x3ff, 0x6}}, @gcr_ga={0xbd, 0x6, @broadcast}, @cf={0x4, 0x6, {0x4, 0x0, 0x2, 0x400}}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1af}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x94}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)

4m10.0290376s ago: executing program 0 (id=2384):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0)
mount$bind(0x0, &(0x7f0000000080)='./file0/../file0/file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0x8)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0xf249, 0x1})

4m9.452675019s ago: executing program 0 (id=2385):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0500000004000000ff7f00000c00000000000000", @ANYRES32, @ANYBLOB="000984c80a903f815275186d0000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00\x00\x00\x00'], 0x50)

4m7.453586303s ago: executing program 0 (id=2390):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mount$binder(0x0, 0x0, 0x0, 0x80000, &(0x7f00000003c0)=ANY=[@ANYBLOB])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
lsetxattr$security_ima(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100), &(0x7f0000000380)=@v2={0x3, 0x2, 0xfe, 0xe79f, 0x1, 'J'}, 0xa, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000070000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)

4m6.726098857s ago: executing program 32 (id=2390):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mount$binder(0x0, 0x0, 0x0, 0x80000, &(0x7f00000003c0)=ANY=[@ANYBLOB])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
lsetxattr$security_ima(&(0x7f0000000480)='./file0\x00', &(0x7f0000000100), &(0x7f0000000380)=@v2={0x3, 0x2, 0xfe, 0xe79f, 0x1, 'J'}, 0xa, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000070000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)

30.056132538s ago: executing program 2 (id=2969):
eventfd2(0x0, 0x800)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
execveat$binfmt(0xffffffffffffff9c, 0x0, &(0x7f00000004c0), 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xc)
pipe(&(0x7f00000007c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x1)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendto$unix(r4, &(0x7f00000004c0), 0x0, 0xd1, 0x0, 0x0)
recvfrom$unix(r5, 0x0, 0x0, 0x10102, 0x0, 0x0)
splice(r2, 0x0, r3, 0x0, 0xfffd, 0x0)

24.954044765s ago: executing program 1 (id=2983):
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc298, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff}}}}}]}}]}}, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x40071, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001, 0xfffffffa, "b4bc323ef77d1f000071849800000000dfff00"}})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6(0xa, 0x3, 0xff)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = dup(r3)
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40011)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a527", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={r5, 0x7, 0x104, 0xfffffffe})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x4810}, 0xc010)

20.408459171s ago: executing program 1 (id=2992):
sched_setscheduler(0x0, 0x1, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
capset(&(0x7f0000000040)={0x20071026}, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r0, 0xfff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8, 0x9, 0x20}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

19.590241273s ago: executing program 1 (id=2995):
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc298, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff}}}}}]}}]}}, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x40071, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000380)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001, 0xfffffffa, "b4bc323ef77d1f000071849800000000dfff00"}})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet6(0xa, 0x3, 0xff)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
dup(r5)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={r6, 0x7, 0x104, 0xfffffffe})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x4810}, 0xc010)

17.474409601s ago: executing program 1 (id=3000):
lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', &(0x7f0000000700), &(0x7f0000000040)=@v3={0x3000000, [{0x8, 0x8000}, {0x2, 0x2}], 0xee00}, 0x18, 0x1)
r0 = socket$caif_seqpacket(0x25, 0x5, 0x3)
setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, 0xffffffffffffffff, 0x3d)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32=0x1, @ANYBLOB="03000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000006ef2885a92523adf5bc6f5b4504f71f1f73d7f000000e33d2b2df85c901e83"], 0x50)
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)

16.208778519s ago: executing program 1 (id=3001):
lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', &(0x7f0000000700), &(0x7f0000000040)=@v1={0x1000000, [{0x7ff, 0x8}]}, 0xc, 0x1)
r0 = socket$caif_seqpacket(0x25, 0x5, 0x3)
setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, 0xffffffffffffffff, 0x3d)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0x9, 0x0, &(0x7f00000000c0))
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58)
r3 = memfd_create(&(0x7f0000000180)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaaSc\xf3]WhI\xf4\x89\x85!mPl\x90\xa5\x93\x19\f\x9a\xae\xd5a\x9bU5\x1a\x86\x9d)5y\xef\x90\xea5\x81\xfeO;\xd4zh?\xbdW\xe0\x84\xe6\x9d\xcb\xcd\xb6\xad3\x7fWY\x02\xa2\x8baG\x00\x0e\x8e/\xc1\xaf\xd0\xbcH9\x04\x00\x00\x00z\x16\xdf\xf3hLpLaA\x89n]>,^M\x82\x8e\xe40\x97_\x809y)Z\xeb\x9d\xbawv\xe9\xc0\x16\xdc\xf5\xcb\xdb\x96\xd6\xba@\xa7\x1bl\xca\xe0\x1e3\x81\xc6S\x86\xf7\xf0\xba\x1b\x14N\xa2\x04\xdb\xb5X\xe4y\xef\xe8\xdb\xd5r\x11\xfb\xe4v\xef\x06\xbb\x00\x96CR\xe0~5\x16=:A2\x9c\b\xd9\xa0CB\r\xe9\xb8$\xfe\x8d\xb1Gg\xa9\xac<\xbf\x10]\b9\xd9\x89\xaf\xa6\xd1\x10\x1fq\xba\x06_NW\xdb67Xv(\xa8\xce\x1b\xe6\xbd\x947\x8f)8\xe5\xb3\xac;\x7f+\xf67\xea\x1ei\x92w-)\xa1B/M\x0e7:9\xdb~V\xb7\xd5\x13^v\x14\xe6O\xea\x00\x87\x8dkG\xdf%\xebe\x83\xb97\x01| \xb3\xd8W\xe8o\x17\x97\xd9\x14o\x92\xb9\x9a\x8c\xd7\xcf\xa2\x11\xc3\xa5\xb3\xd2\xdeQ\xa7\x05\x7f\x99Lq(\xcd\\\xa2y\x14or\x1efn\xf2\x97\x96c\xda7\t,', 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)
ftruncate(r3, 0x200000)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000c4b20710200e01015a00000000010902"], 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58)
r4 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r4, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
unshare(0x28000600)
syz_io_uring_setup(0x3c5f, 0x0, 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000036571a20cd0c8000fe67010203010902120001000000000904"], 0x0)
connect$pptp(0xffffffffffffffff, &(0x7f0000000700)={0x18, 0x2, {0x0, @multicast1}}, 0x1e)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100b2dbd7000fcdbdf250b00000008003c000100000005"], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20040001)
ioctl$SG_IO(r5, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", &(0x7f0000002240)=""/4103, 0x0, 0x30520cf7f25f0c64, 0x0, 0x0})
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xa, 0x5, &(0x7f0000000dc0)=ANY=[@ANYRES16=0x0], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40e00, 0x54, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680500000082762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$rxrpc(0x21, 0x2, 0xa)
socket(0x10, 0x3, 0x0)

14.240940476s ago: executing program 1 (id=3007):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00001700000000001c0037800b0001006970768a616e08000c0002"], 0x44}, 0x1, 0x0, 0x0, 0x4008010}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x442, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
write$cgroup_devices(r6, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r6], 0x9)
sendto$inet(r6, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x1, 0x2)
syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x2c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x4, 0x15}]}, @nested={0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0d00000003000000040000000700000011000000", @ANYRES32], 0x50)
socket$alg(0x26, 0x5, 0x0)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

12.877533934s ago: executing program 4 (id=3009):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="44000000100001040000000000", @ANYRES32=r2, @ANYBLOB="00001700000000001c0037800b0001006970768a616e08000c0002"], 0x44}, 0x1, 0x0, 0x0, 0x4008010}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = fsopen(&(0x7f0000000080)='nfsd\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x442, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
write$cgroup_devices(r5, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r5], 0x9)
sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x1, 0x2)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

11.360908049s ago: executing program 2 (id=2975):
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000004180)=[{{0x0, 0x0, &(0x7f00000021c0)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r2 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r2)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'gretap0\x00', <r4=>0x0})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="386905b5e5fb01e7ef83facf75ec6a3077d56f7230e27fb54c08f5", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0xf0b, 0x1, 0x4, {0x60, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff1, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x3}}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)
syz_usb_connect(0x0, 0x41, &(0x7f0000002dc0)={{0x12, 0x1, 0x0, 0xa5, 0x2b, 0xfb, 0x8, 0x421, 0x798f, 0x8654, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2f, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0xfe, 0x17, 0x0, [@cdc_ncm={{0x5}, {0x5}, {0xd}, {0x6}}]}}]}}]}}, 0x0)

9.789762197s ago: executing program 3 (id=3014):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000000c0)={0x1, 0x1, 0x6}, 0xc)
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
socket(0x9, 0x7, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
connect$rose(0xffffffffffffffff, &(0x7f0000000200)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
connect$rose(0xffffffffffffffff, &(0x7f0000000180)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, [@bcast, @null, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x40)

9.173820091s ago: executing program 4 (id=3015):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
getpgrp(0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000400)=""/102400, 0x19000)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000c40000000032800048008000240000000120800014000000000140004"], 0xa4}, 0x1, 0x0, 0x0, 0x40000000}, 0x0)

8.234650287s ago: executing program 3 (id=3017):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a080, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0x4}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x57, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat(0xffffffffffffff9c, 0x0, 0x4, 0x80)
getdents64(r5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000040)={0x9, 0x200, 0x5, 0x4}, 0x8)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet6(r6, &(0x7f0000000480)={&(0x7f0000000040)={0xa, 0x4e20, 0xfffffffc, @remote, 0x2}, 0x1c, 0x0}, 0x20008814)
syz_emit_ethernet(0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa0800458600280064000007069078ac1414bbac1414bb4e224e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002f80190026565d8a817d8a8fee7"], 0x0)
r7 = dup(r0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x28011, r7, 0x31ee3000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

7.520049686s ago: executing program 2 (id=3019):
lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', &(0x7f0000000700), &(0x7f0000000040)=@v3={0x3000000, [{0x8, 0x8000}, {0x2, 0x2}], 0xee00}, 0x18, 0x1)
r0 = socket$caif_seqpacket(0x25, 0x5, 0x3)
setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, 0xffffffffffffffff, 0x3d)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32=0x1, @ANYBLOB="03000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000006ef2885a92523adf5bc6f5b4504f71f1f73d7f000000e33d2b2df85c901e83"], 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000200000000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400", @ANYRES32=r4], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
accept$unix(r5, &(0x7f0000000300), &(0x7f0000000380)=0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001800010000000000fddbdf251d01040008", @ANYRES32, @ANYBLOB='\b\x00\t\x00', @ANYRES32], 0x24}}, 0x0)
r8 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r8, 0x84, 0x85, &(0x7f0000001080)=""/4120, &(0x7f0000001040)=0x1018)
creat(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0xf21963aaf523cb02)

6.672444291s ago: executing program 3 (id=3020):
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc298, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff}}}}}]}}]}}, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x40071, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000380)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001, 0xfffffffa, "b4bc323ef77d1f000071849800000000dfff00"}})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet6(0xa, 0x3, 0xff)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
dup(r5)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a527", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={r6, 0x7, 0x104, 0xfffffffe})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x4810}, 0xc010)

6.210156559s ago: executing program 4 (id=3021):
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000004180)=[{{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000001dc0)=""/69, 0x45}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r2 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r2)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'gretap0\x00', <r4=>0x0})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18}, 0x94)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0xf0b, 0x1, 0x4, {0x60, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff1, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x3}}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)

5.043371719s ago: executing program 2 (id=3022):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x8)
ioctl$SIOCAX25DELFWD(r0, 0x89eb, &(0x7f0000000000)={@default, @bcast})
r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x183203, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020, 0x0, 0x0, <r3=>0x0}, 0x2020)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0xf0, 0x1c, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a, 0x0, r3}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0xfff, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}}, 0xf0}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x4e, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$kcm(0x11, 0x3, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r10)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
r12 = socket(0x400000000010, 0x3, 0x0)
r13 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x34, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r14, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$sock_attach_bpf(r9, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r9, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r11, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb00"/38, 0x26}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0x300}], 0x2}, 0x5)
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000140)={0x0, 0x0, <r15=>0x0, 0x0, 0x0, 0x3, &(0x7f0000000100)=[0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000180)={r15, 0x7, 0x7, 0xfffffd44, 0x3, [], [0xda, 0x0, 0x5, 0x9], [0xfffffffc, 0x1, 0x645f, 0x7], [0xff, 0x8, 0x2, 0x7]})
quotactl_fd$Q_GETNEXTQUOTA(r1, 0xffffffff80000902, r3, &(0x7f0000000080))

4.948964618s ago: executing program 5 (id=3023):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00"/14], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xbf21, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10000000}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x102}}}, &(0x7f0000000200)='syzkaller\x00', 0x3, 0xdb, &(0x7f0000000380)=""/219, 0x41000}, 0x94)

4.87664322s ago: executing program 4 (id=3024):
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpgid(0x0)
ptrace$getregs(0xc, r0, 0x9, &(0x7f0000000480)=""/75)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001380))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, 0x0, 0x40000014)
r3 = socket(0x1, 0x803, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="8d2206000000ff002800128009000100766c616e00000000180002800c0002001f0000001f00000006000100fe0f000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x1a, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffe}, @initr0={0x18, 0x0, 0x0, 0x0, 0x35e, 0x0, 0x0, 0x0, 0x1}, @tail_call], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)

4.393768386s ago: executing program 3 (id=3025):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="44000000100001040000000000", @ANYRES32=r2, @ANYBLOB="00001700000000001c0037800b0001006970768a616e08000c0002"], 0x44}, 0x1, 0x0, 0x0, 0x4008010}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = fsopen(&(0x7f0000000080)='nfsd\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x442, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
write$cgroup_devices(r5, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r5], 0x9)
sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x1, 0x2)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

3.598155676s ago: executing program 2 (id=3026):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000000c0)={0x1, 0x1, 0x6}, 0xc)
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
socket(0x9, 0x7, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, 0x0, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
connect$rose(0xffffffffffffffff, &(0x7f0000000200)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
connect$rose(0xffffffffffffffff, &(0x7f0000000180)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, [@bcast, @null, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x40)

3.46929448s ago: executing program 2 (id=3027):
sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, 0x0, 0x4004000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, r0, 0x0, 0x61000006, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r1)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb70300008a000000b704000000000000850000003300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r4, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
keyctl$revoke(0x3, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)

3.297709272s ago: executing program 3 (id=3028):
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000004180)=[{{0x0, 0x0, &(0x7f00000021c0)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r2 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r2)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'gretap0\x00', <r4=>0x0})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="386905b5e5fb01e7ef83facf75ec6a3077d56f7230e27fb54c08f5", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0xf0b, 0x1, 0x4, {0x60, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff1, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x3}}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)
syz_usb_connect(0x0, 0x41, &(0x7f0000002dc0)={{0x12, 0x1, 0x0, 0xa5, 0x2b, 0xfb, 0x8, 0x421, 0x798f, 0x8654, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2f, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0xfe, 0x17, 0x0, [@cdc_ncm={{0x5}, {0x5}, {0xd}, {0x6}}]}}]}}]}}, 0x0)

3.287182018s ago: executing program 5 (id=3029):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x38}}, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1019000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x10, 0x13, @l2={'ib', 0x3a, 'dvmrp0\x00'}}}, ["", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb70300008a000000b704000000000000850000003300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r4, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
keyctl$revoke(0x3, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)

2.217731873s ago: executing program 5 (id=3030):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000200000400000000ffffff0f02000000000000000000000002000000000000000100000000000001"], 0x0, 0x4e}, 0x20)

1.889451044s ago: executing program 5 (id=3031):
lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', &(0x7f0000000700), &(0x7f0000000040)=@v3={0x3000000, [{0x8, 0x8000}, {0x2, 0x2}], 0xee00}, 0x18, 0x1)
r0 = socket$caif_seqpacket(0x25, 0x5, 0x3)
setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, 0xffffffffffffffff, 0x3d)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32=0x1, @ANYBLOB="03000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000006ef2885a92523adf5bc6f5b4504f71f1f73d7f000000e33d2b2df85c901e83"], 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000200000000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400", @ANYRES32=r4], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
accept$unix(r5, &(0x7f0000000300), &(0x7f0000000380)=0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001800010000000000fddbdf251d01040008", @ANYRES32, @ANYBLOB='\b\x00\t\x00', @ANYRES32], 0x24}}, 0x0)
r8 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r8, 0x84, 0x85, &(0x7f0000001080)=""/4120, &(0x7f0000001040)=0x1018)
creat(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0xf21963aaf523cb02)

890.98796ms ago: executing program 4 (id=3032):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x38}}, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1019000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x10, 0x13, @l2={'ib', 0x3a, 'dvmrp0\x00'}}}, ["", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000fbffffff850000005000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bca2000000000000a6020000f8ffffffb70300008a000000b704000000000000850000003300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r4, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
keyctl$revoke(0x3, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
preadv(r5, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0)

889.168157ms ago: executing program 5 (id=3033):
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000004180)=[{{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000001dc0)=""/69, 0x45}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r2 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r2)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'gretap0\x00', <r4=>0x0})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18}, 0x94)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0xf0b, 0x1, 0x4, {0x60, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff1, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x3}}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4)

694.138467ms ago: executing program 3 (id=3034):
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc298, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff}}}}}]}}]}}, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x40071, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000380)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001, 0xfffffffa, "b4bc323ef77d1f000071849800000000dfff00"}})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet6(0xa, 0x3, 0xff)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
dup(r5)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a527", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={r6, 0x7, 0x104, 0xfffffffe})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x4810}, 0xc010)

37.506497ms ago: executing program 4 (id=3035):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
r3 = syz_open_dev$cec(&(0x7f0000000340), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41)
ioctl$CEC_DQEVENT(r3, 0xc0506107, 0x0)
ioctl$IOC_PR_PREEMPT(r3, 0x40046109, &(0x7f0000000040)={0xd0})

0s ago: executing program 5 (id=3036):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = socket(0xf, 0x3, 0x0)
fsync(r1) (async, rerun: 64)
connect$inet(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) (async)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
ptrace$setopts(0x4206, r2, 0x100000000, 0x100020)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
syz_open_procfs(0x0, 0x0) (async, rerun: 32)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 32)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r6 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0xe20, 0x0, @mcast2}, 0x1c) (async)
sendto$inet6(r6, 0x0, 0x0, 0xc001, 0x0, 0x0)
setsockopt$inet6_mtu(r6, 0x29, 0x17, &(0x7f0000000640)=0x2, 0x4) (async)
setsockopt$inet6_udp_int(r6, 0x88, 0x1, &(0x7f0000000080), 0x4) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r7}, 0x10) (async)
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$FUSE_ATTR(r8, &(0x7f0000005340)={0x78, 0x0, 0x0, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, 0x0, 0x0, 0xb, 0x8, 0x1000000}}}, 0x78) (async, rerun: 32)
ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) (async, rerun: 32)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r5}, &(0x7f0000000040), &(0x7f0000000080)=r7}, 0x20)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="0a00000017000000ff01000500000000000000002e6d6ccfaf86d277650183b20bd81a71e0c7d743c0018c981eec5c017acd47efd5b49dc5084281f2c3feef6ffbcdcf4722c11f", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)

kernel console output (not intermixed with test programs):

tap: entered promiscuous mode
[ 1035.395843][T15509] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1035.428036][T15509] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1035.461658][  T442] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.518572][  T442] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.580205][  T442] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.614581][T15753] netlink: 'syz.4.2436': attribute type 3 has an invalid length.
[ 1035.630032][  T442] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1035.800345][ T1076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1035.866248][ T1076] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1035.939420][ T1076] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1035.960258][ T1076] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1036.682457][ T3093] usb 3-1: USB disconnect, device number 55
[ 1036.688442][   T30] audit: type=1400 audit(1766661740.617:1222): avc:  denied  { mounton } for  pid=15509 comm="syz-executor" path="/root/syzkaller.yOPBHO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1036.723041][   T30] audit: type=1400 audit(1766661740.617:1223): avc:  denied  { mounton } for  pid=15509 comm="syz-executor" path="/root/syzkaller.yOPBHO/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=48928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 1037.150904][   T30] audit: type=1400 audit(1766661741.038:1224): avc:  denied  { mounton } for  pid=15509 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 1037.219682][T15768] NILFS (nullb0): couldn't find nilfs on the device
[ 1037.301310][   T30] audit: type=1400 audit(1766661741.038:1225): avc:  denied  { mounton } for  pid=15509 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 1037.547198][   T30] audit: type=1400 audit(1766661741.422:1226): avc:  denied  { read } for  pid=15770 comm="syz.2.2442" dev="nsfs" ino=4026532894 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1037.816711][   T30] audit: type=1400 audit(1766661741.422:1227): avc:  denied  { open } for  pid=15770 comm="syz.2.2442" path="net:[4026532894]" dev="nsfs" ino=4026532894 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1038.585935][ T3503] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1038.968897][T15790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2444'.
[ 1038.978111][T15790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2444'.
[ 1040.861065][   T30] audit: type=1326 audit(1766661744.518:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15803 comm="syz.5.2450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e1f8f749 code=0x7ffc0000
[ 1041.545288][   T30] audit: type=1326 audit(1766661744.518:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15803 comm="syz.5.2450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e1f8f749 code=0x7ffc0000
[ 1041.581235][   T30] audit: type=1326 audit(1766661744.518:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15803 comm="syz.5.2450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fd3e1f8f749 code=0x7ffc0000
[ 1041.690098][   T30] audit: type=1326 audit(1766661744.630:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15803 comm="syz.5.2450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3e1f8f749 code=0x7ffc0000
[ 1041.789295][T15816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2439'.
[ 1041.820996][T15816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2439'.
[ 1042.430794][T15825] pim6reg: entered allmulticast mode
[ 1042.507408][ T6242] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1042.926398][ T6242] usb 3-1: Using ep0 maxpacket: 16
[ 1042.954811][ T6242] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1042.976676][ T6242] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1043.007863][ T6242] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1043.049540][ T6242] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1043.079721][ T6242] usb 3-1: SerialNumber: syz
[ 1043.505624][ T6242] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[ 1043.691230][ T6242] cdc_acm 3-1:1.0: This needs exactly 3 endpoints
[ 1043.910638][ T6242] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22
[ 1043.924627][ T6242] usb 3-1: USB disconnect, device number 56
[ 1044.369131][T15848] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2460'.
[ 1044.475878][  T850] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1044.656433][  T850] usb 6-1: Using ep0 maxpacket: 8
[ 1044.691907][  T850] usb 6-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1044.710026][  T850] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1045.261935][ T2967] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1045.284743][T15856] NILFS (nullb0): couldn't find nilfs on the device
[ 1045.328704][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 1045.328716][   T30] audit: type=1400 audit(1766661748.699:1240): avc:  denied  { bind } for  pid=15855 comm="syz.4.2462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1045.400369][T15860] ip6tnl0: Caught tx_queue_len zero misconfig
[ 1045.601259][  T850] usb 6-1: Product: syz
[ 1045.607897][  T850] usb 6-1: Manufacturer: syz
[ 1045.614684][  T850] usb 6-1: SerialNumber: syz
[ 1046.048429][   T30] audit: type=1400 audit(1766661748.727:1241): avc:  denied  { map } for  pid=15855 comm="syz.4.2462" path="socket:[47875]" dev="sockfs" ino=47875 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1046.075888][   T30] audit: type=1400 audit(1766661748.727:1242): avc:  denied  { read write accept } for  pid=15855 comm="syz.4.2462" path="socket:[47875]" dev="sockfs" ino=47875 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1046.121988][  T850] usb 6-1: config 0 descriptor??
[ 1046.165044][  T850] cdc_phonet 6-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1046.349290][ T6242] usb 6-1: USB disconnect, device number 2
[ 1050.701858][T15913] netlink: 'syz.4.2475': attribute type 1 has an invalid length.
[ 1050.795585][T15913] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2475'.
[ 1050.808771][T15909] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2474'.
[ 1050.876653][T15915] mac80211_hwsim hwsim56 
4

: renamed from wlan1 (while UP)
[ 1050.895107][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1051.273481][T14644] udevd[14644]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1051.834851][   T30] audit: type=1400 audit(1766661754.779:1243): avc:  denied  { accept } for  pid=15920 comm="syz.3.2476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1051.927011][T15942] syzkaller1: entered promiscuous mode
[ 1051.982074][T15942] syzkaller1: entered allmulticast mode
[ 1054.586821][T15974] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2480'.
[ 1054.638015][T15974] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2480'.
[ 1057.046950][ T4097] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1057.923236][   T30] audit: type=1400 audit(1766661760.476:1244): avc:  denied  { append } for  pid=16011 comm="syz.1.2490" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1059.049861][   T30] audit: type=1326 audit(1766661761.533:1245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16022 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1059.099314][T16030] loop7: detected capacity change from 0 to 7
[ 1059.507195][    C1] blk_print_req_error: 5 callbacks suppressed
[ 1059.507214][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.522877][    C1] buffer_io_error: 5 callbacks suppressed
[ 1059.522891][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.640812][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.650421][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.659950][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.669523][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.681949][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.691541][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.757293][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.766950][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.776913][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.786539][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.794551][T16030] ldm_validate_partition_table(): Disk read failed.
[ 1059.802349][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.811941][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.820813][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.830400][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.838889][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.848476][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.860279][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1059.869875][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1059.877899][T16030] Dev loop7: unable to read RDB block 0
[ 1059.887147][T16030]  loop7: unable to read partition table
[ 1059.892990][T16030] loop7: partition table beyond EOD, truncated
[ 1059.899167][T16030] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%�֐�ȵ4FLQk݊5) failed (rc=-5)
[ 1059.983945][   T30] audit: type=1326 audit(1766661761.533:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16022 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1060.007586][   T30] audit: type=1326 audit(1766661761.542:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16022 comm="syz.2.2489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1060.196051][T16043] loop2: detected capacity change from 0 to 7
[ 1060.208897][T16043] Dev loop2: unable to read RDB block 7
[ 1060.228392][T16043]  loop2: unable to read partition table
[ 1060.234977][T16043] loop2: partition table beyond EOD, truncated
[ 1060.245788][T16043] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1060.364950][T16045] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2496'.
[ 1061.485548][T10638] IPVS: starting estimator thread 0...
[ 1061.516047][ T5981] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1061.602563][T16055] IPVS: using max 46 ests per chain, 110400 per kthread
[ 1061.676980][ T5981] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1061.706365][ T5981] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1061.719884][ T5981] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1061.740028][ T5981] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1061.778734][ T5981] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1061.793128][ T5981] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1061.855943][ T5981] usb 6-1: config 0 descriptor??
[ 1062.343812][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.354204][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.368491][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.395184][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.445643][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.459609][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.493334][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.517857][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.637852][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.645259][ T5981] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[ 1062.758330][T16065] fuse: Unknown parameter 'v
1Ns�5��7������R+��VR^N�$n�7���A)��jh5'
[ 1063.206655][ T6284] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1063.631075][ T5981] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1064.413772][ T5981] usb 6-1: USB disconnect, device number 3
[ 1064.873589][T10638] usb 3-1: new full-speed USB device number 57 using dummy_hcd
[ 1065.034222][T16082] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2506'.
[ 1065.043387][T10638] usb 3-1: device descriptor read/64, error -71
[ 1065.447440][T10638] usb 3-1: new full-speed USB device number 58 using dummy_hcd
[ 1066.069541][T10638] usb 3-1: device descriptor read/64, error -71
[ 1066.107776][T16099] loop2: detected capacity change from 0 to 7
[ 1066.116801][T14644] Dev loop2: unable to read RDB block 7
[ 1066.130598][T14644]  loop2: unable to read partition table
[ 1066.143796][T14644] loop2: partition table beyond EOD, truncated
[ 1066.158379][T16099] Dev loop2: unable to read RDB block 7
[ 1066.165170][T16099]  loop2: unable to read partition table
[ 1066.267901][T10638] usb usb3-port1: attempt power cycle
[ 1066.273719][T16099] loop2: partition table beyond EOD, truncated
[ 1066.544503][T16099] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1066.558008][T15929] Set syz1 is full, maxelem 65536 reached
[ 1066.959364][T10638] usb 3-1: new full-speed USB device number 59 using dummy_hcd
[ 1066.990553][T10638] usb 3-1: device descriptor read/8, error -71
[ 1067.189726][T16117] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2516'.
[ 1067.199152][T16117] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2516'.
[ 1067.682923][T16115] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[ 1067.726759][T10638] usb 3-1: new full-speed USB device number 60 using dummy_hcd
[ 1067.742026][T16115] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1068.664590][T10638] usb 3-1: device not accepting address 60, error -71
[ 1068.676628][T10638] usb usb3-port1: unable to enumerate USB device
[ 1069.340852][ T5981] usb 2-1: new full-speed USB device number 63 using dummy_hcd
[ 1069.618935][ T5011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1069.770287][ T5981] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1069.800800][ T5981] usb 2-1: not running at top speed; connect to a high speed hub
[ 1069.882026][ T5981] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1069.897236][ T5981] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1069.906267][ T5981] usb 2-1: config 1 has no interface number 1
[ 1069.914342][ T5981] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1069.936181][ T5981] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1069.950816][ T5981] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1069.970707][ T5981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1069.979107][ T5981] usb 2-1: Product: syz
[ 1070.180579][T16149] sit0: entered promiscuous mode
[ 1070.335604][T16149] netlink: 'syz.5.2525': attribute type 1 has an invalid length.
[ 1070.354878][T16149] netlink: 1 bytes leftover after parsing attributes in process `syz.5.2525'.
[ 1070.413087][T16154] mkiss: ax0: crc mode is auto.
[ 1070.432932][ T5981] usb 2-1: Manufacturer: syz
[ 1070.437620][ T5981] usb 2-1: SerialNumber: syz
[ 1071.078309][T16135] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2521'.
[ 1071.133374][T16135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1071.141996][T16135] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1071.176186][ T5981] hub 2-1:1.0: Invalid hub with more than one config or interface
[ 1071.195163][ T5981] hub 2-1:1.0: probe with driver hub failed with error -22
[ 1071.211799][T10470] usb 4-1: new full-speed USB device number 63 using dummy_hcd
[ 1071.227556][ T5981] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1071.271218][ T5981] usb 2-1: USB disconnect, device number 63
[ 1071.321750][T14473] udevd[14473]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1071.435367][T16166] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2531'.
[ 1071.685319][T10470] usb 4-1: device descriptor read/64, error -71
[ 1072.093854][   T30] audit: type=1400 audit(1766661773.740:1248): avc:  denied  { block_suspend } for  pid=16155 comm="syz.5.2528" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1072.257032][T10470] usb 4-1: new full-speed USB device number 64 using dummy_hcd
[ 1072.962595][T10470] usb 4-1: device descriptor read/64, error -71
[ 1073.084939][T16184] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2535'.
[ 1073.510637][T10470] usb usb4-port1: attempt power cycle
[ 1074.953538][T10470] usb 4-1: new full-speed USB device number 65 using dummy_hcd
[ 1075.265474][T10470] usb 4-1: device not accepting address 65, error -71
[ 1075.521181][ T6284] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1075.526895][T16204] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2543'.
[ 1077.048569][T10638] usb 3-1: new full-speed USB device number 61 using dummy_hcd
[ 1077.527882][T10638] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1077.544786][T10638] usb 3-1: not running at top speed; connect to a high speed hub
[ 1077.673275][T16225] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2540'.
[ 1077.701157][T10638] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1077.711255][T10638] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1077.943644][T10638] usb 3-1: config 1 has no interface number 1
[ 1077.963253][T10638] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1077.993691][T10638] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1078.021353][T10638] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1078.037818][T10638] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1078.046181][T10638] usb 3-1: Product: syz
[ 1078.050426][T10638] usb 3-1: Manufacturer: syz
[ 1078.108676][T10638] usb 3-1: SerialNumber: syz
[ 1078.355842][T16209] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2545'.
[ 1078.388440][T16209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1078.397071][T16209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1078.410625][T10638] hub 3-1:1.0: Invalid hub with more than one config or interface
[ 1078.443088][T10638] hub 3-1:1.0: probe with driver hub failed with error -22
[ 1078.464977][T10638] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1078.497587][T10638] usb 3-1: USB disconnect, device number 61
[ 1079.381347][ T5936] usb 4-1: new full-speed USB device number 67 using dummy_hcd
[ 1079.521976][T14849] udevd[14849]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1079.582578][ T5936] usb 4-1: device descriptor read/64, error -71
[ 1079.586890][T16246] loop2: detected capacity change from 0 to 7
[ 1079.606580][T14444] Dev loop2: unable to read RDB block 7
[ 1079.612711][T14444]  loop2: unable to read partition table
[ 1079.619509][T14444] loop2: partition table beyond EOD, truncated
[ 1079.630048][T16246] Dev loop2: unable to read RDB block 7
[ 1079.635643][T16246]  loop2: unable to read partition table
[ 1079.653503][T16246] loop2: partition table beyond EOD, truncated
[ 1079.674297][T16246] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1079.706004][ T5187] Dev loop2: unable to read RDB block 7
[ 1079.716303][ T5187]  loop2: unable to read partition table
[ 1079.723373][ T5187] loop2: partition table beyond EOD, truncated
[ 1080.654232][ T5936] usb 4-1: new full-speed USB device number 68 using dummy_hcd
[ 1081.688721][ T5936] usb 4-1: device descriptor read/64, error -71
[ 1081.698766][ T5011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1081.806891][ T5936] usb usb4-port1: attempt power cycle
[ 1087.500467][T16322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2573'.
[ 1087.845027][T16069] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1089.649353][   T30] audit: type=1400 audit(1766661790.156:1249): avc:  denied  { map } for  pid=16342 comm="syz.1.2580" path="socket:[50893]" dev="sockfs" ino=50893 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1090.276184][   T30] audit: type=1400 audit(1766661790.745:1250): avc:  denied  { ioctl } for  pid=16355 comm="syz.5.2584" path="socket:[49808]" dev="sockfs" ino=49808 ioctlcmd=0x6615 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1090.789663][T16367] loop7: detected capacity change from 0 to 7
[ 1090.831328][    C0] blk_print_req_error: 5 callbacks suppressed
[ 1090.831346][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1090.847040][    C0] buffer_io_error: 5 callbacks suppressed
[ 1090.847053][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1090.862047][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1090.871623][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1090.881005][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1090.890593][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1090.900175][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1090.909775][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1090.920428][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1090.929996][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1090.938340][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1090.947892][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1090.957711][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1090.967311][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1090.975226][T16367] ldm_validate_partition_table(): Disk read failed.
[ 1090.984092][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1090.993665][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1091.001958][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1091.011585][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1091.020817][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1091.030398][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1091.039148][T16367] Dev loop7: unable to read RDB block 0
[ 1091.047098][T16367]  loop7: unable to read partition table
[ 1091.052902][T16367] loop7: partition table beyond EOD, truncated
[ 1091.059138][T16367] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%�֐�ȵ4FLQk݊5) failed (rc=-5)
[ 1091.071818][T16353] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1091.353914][T16372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2586'.
[ 1091.362915][T16372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2586'.
[ 1092.262970][T16383] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1093.836555][T16398] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2593'.
[ 1093.873723][   T30] audit: type=1400 audit(1766661794.113:1251): avc:  denied  { accept } for  pid=16397 comm="syz.4.2593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1094.005698][ T5011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1094.025850][    C0] hrtimer: interrupt took 1002216 ns
[ 1094.027045][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1094.078249][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1094.975781][T16418] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1095.021430][T16418] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1095.036848][T16418] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1096.010972][T16437] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2601'.
[ 1096.035325][ T5936] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1096.263053][ T5936] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[ 1096.286990][ T5936] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1096.773023][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1096.782486][ T5936] usb 2-1: config 0 descriptor??
[ 1096.803822][ T5936] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1096.898778][T16437] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1096.939254][T16437] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1096.964310][T16437] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1098.828083][   T30] audit: type=1400 audit(1766661798.743:1252): avc:  denied  { set_context_mgr } for  pid=16462 comm="syz.3.2608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1098.886404][ T5981] usb 2-1: USB disconnect, device number 64
[ 1098.954530][ T5815] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1098.975936][   T30] audit: type=1400 audit(1766661798.893:1253): avc:  denied  { listen } for  pid=16466 comm="syz.5.2609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1098.997097][T16467] netlink: 'syz.5.2609': attribute type 10 has an invalid length.
[ 1099.026216][T16467] netdevsim netdevsim5 netdevsim0: left allmulticast mode
[ 1099.078433][T16467] team0: Port device netdevsim0 added
[ 1099.141738][T16467] kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[ 1100.087305][ T4097] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1100.406317][T16484] netlink: 'syz.4.2612': attribute type 33 has an invalid length.
[ 1100.427445][T16484] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2612'.
[ 1101.032431][T16482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2613'.
[ 1101.240527][ T5815] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1101.423823][T16487] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2612'.
[ 1103.401167][ T5815] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1104.066312][T16516] input: syz0 as /devices/virtual/input/input47
[ 1104.446670][T16520] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1105.638934][T16514] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1105.668979][T16476] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1106.234601][T16530] 9p: Bad value for 'rfdno'
[ 1107.961204][T16540] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[ 1109.311245][T16549] netlink: 'syz.1.2631': attribute type 33 has an invalid length.
[ 1109.797715][T16549] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2631'.
[ 1110.772374][T16549] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2631'.
[ 1111.783769][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1112.089459][T16578] netlink: 'syz.4.2639': attribute type 33 has an invalid length.
[ 1113.055089][T16578] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2639'.
[ 1113.469751][   T30] audit: type=1400 audit(1766661812.437:1254): avc:  denied  { nlmsg_write } for  pid=16584 comm="syz.1.2641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[ 1114.942322][T16593] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2643'.
[ 1116.493173][   T30] audit: type=1326 audit(1766661815.272:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1116.561319][ T5944] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1117.106305][   T30] audit: type=1326 audit(1766661815.272:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1117.149667][   T30] audit: type=1326 audit(1766661815.272:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1117.176328][   T30] audit: type=1326 audit(1766661815.403:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1117.202367][   T30] audit: type=1326 audit(1766661815.403:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1117.280158][ T5944] usb 2-1: config 0 has no interfaces?
[ 1117.285676][ T5944] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1117.297700][   T30] audit: type=1326 audit(1766661815.777:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1117.321247][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1117.335545][ T5944] usb 2-1: config 0 descriptor??
[ 1117.371108][   T30] audit: type=1326 audit(1766661815.777:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1117.405868][   T30] audit: type=1326 audit(1766661815.777:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1117.480723][   T30] audit: type=1326 audit(1766661815.777:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16603 comm="syz.3.2647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1119.247249][T16499] usb 2-1: USB disconnect, device number 65
[ 1119.262635][T16626] comedi comedi3: comedi_config --init_data is deprecated
[ 1119.271695][   T30] kauditd_printk_skb: 41 callbacks suppressed
[ 1119.271708][   T30] audit: type=1400 audit(1766661817.872:1305): avc:  denied  { write } for  pid=16625 comm="syz.5.2651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1121.120294][T16647] netlink: 212328 bytes leftover after parsing attributes in process `syz.1.2658'.
[ 1121.149528][T16647] netlink: Unknown conntrack attr (type=2304, max=9)
[ 1121.486987][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1122.161110][T16658] netlink: 'syz.3.2662': attribute type 3 has an invalid length.
[ 1123.424973][T16669] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2667'.
[ 1123.499510][   T10] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1123.693657][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 184, changing to 11
[ 1123.713518][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 16497, setting to 1024
[ 1123.924745][T16682] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1124.190265][   T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1124.200478][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1124.211799][   T10] usb 5-1: config 0 descriptor??
[ 1124.475013][   T10] ath6kl: Failed to submit usb control message: -71
[ 1124.481802][   T10] ath6kl: unable to send the bmi data to the device: -71
[ 1124.492941][   T10] ath6kl: Unable to send get target info: -71
[ 1124.501373][   T10] ath6kl: Failed to init ath6kl core: -71
[ 1124.508151][   T10] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1124.529761][   T10] usb 5-1: USB disconnect, device number 70
[ 1124.551158][T16691] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2672'.
[ 1124.560091][T16691] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2672'.
[ 1126.301558][   T30] audit: type=1326 audit(1766661823.943:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1126.540524][   T30] audit: type=1326 audit(1766661823.943:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1126.558721][T16707] netlink: 'syz.2.2677': attribute type 3 has an invalid length.
[ 1126.803155][   T30] audit: type=1326 audit(1766661823.943:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1127.183051][   T30] audit: type=1326 audit(1766661824.027:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1128.176604][ T4236] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1128.192641][   T30] audit: type=1326 audit(1766661824.027:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1128.221562][   T30] audit: type=1326 audit(1766661824.027:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1128.246268][   T30] audit: type=1326 audit(1766661824.429:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1128.438592][   T30] audit: type=1326 audit(1766661824.429:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1128.519607][   T30] audit: type=1326 audit(1766661824.429:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1128.598567][   T30] audit: type=1326 audit(1766661824.429:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16696 comm="syz.2.2674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b238f749 code=0x7ffc0000
[ 1128.694558][T16725] bridge0: entered promiscuous mode
[ 1128.704408][T16725] macsec1: entered promiscuous mode
[ 1129.617077][T16731] 8021q: adding VLAN 0 to HW filter on device batadv4
[ 1129.624906][T16731] batadv4: entered promiscuous mode
[ 1129.666451][T16731] batadv4: entered allmulticast mode
[ 1129.683907][T16731] team0: Port device batadv4 added
[ 1129.825621][T16733] loop2: detected capacity change from 0 to 7
[ 1129.880020][T16733] Dev loop2: unable to read RDB block 7
[ 1129.894938][T16737] netlink: 'syz.4.2685': attribute type 33 has an invalid length.
[ 1129.913047][T16733]  loop2: unable to read partition table
[ 1130.006939][T16737] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2685'.
[ 1130.015521][T16733] loop2: partition table beyond EOD, truncated
[ 1130.049605][T16733] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1130.286135][T16742] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2685'.
[ 1130.334381][T16746] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2687'.
[ 1134.362618][ T4236] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1134.574774][T10638] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1134.715747][T16795] netlink: 'syz.4.2701': attribute type 33 has an invalid length.
[ 1134.731431][T16795] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2701'.
[ 1134.746028][T10638] usb 3-1: Using ep0 maxpacket: 8
[ 1134.836991][T10638] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1134.848468][T10638] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1134.861819][T10638] usb 3-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1134.872110][T10638] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1134.888685][T10638] usb 3-1: config 0 descriptor??
[ 1134.920824][T16796] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2701'.
[ 1135.135937][T16785] futex_wake_op: syz.2.2698 tries to shift op by -1; fix this program
[ 1135.623501][T16801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2698'.
[ 1135.632601][T16801] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2698'.
[ 1136.094637][T10638] usbhid 3-1:0.0: can't add hid device: -71
[ 1136.116096][T10638] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1136.130165][T16810] netlink: 212324 bytes leftover after parsing attributes in process `syz.1.2706'.
[ 1136.150078][T16811] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2705'.
[ 1136.169430][T10638] usb 3-1: USB disconnect, device number 62
[ 1136.278913][T16810] mtd partition "" doesn't have enough space: 0x20003 < 0x20020, disabled
[ 1136.292299][T16810] ftl_cs: FTL header not found.
[ 1137.009948][T16812] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1137.279736][T10638] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1137.291778][ T5936] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1137.719283][T10638] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[ 1137.728404][T10638] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1137.759323][T10638] usb 2-1: Product: syz
[ 1137.769269][T10638] usb 2-1: Manufacturer: syz
[ 1137.782406][ T5936] usb 4-1: Using ep0 maxpacket: 8
[ 1137.782708][T10638] usb 2-1: SerialNumber: syz
[ 1137.800875][T10638] usb 2-1: config 0 descriptor??
[ 1137.804819][ T5936] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1137.819154][T10638] hub 2-1:0.0: bad descriptor, ignoring hub
[ 1137.828655][T10638] hub 2-1:0.0: probe with driver hub failed with error -5
[ 1137.878319][ T5936] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1137.917434][ T5936] usb 4-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1137.934773][ T5936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1137.945550][ T5936] usb 4-1: config 0 descriptor??
[ 1138.034296][T10638] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[ 1138.042815][T16822] batadv_slave_0: entered promiscuous mode
[ 1138.058533][T10638] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1138.080417][T10638] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[ 1138.139027][T16834] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1138.305836][T16820] futex_wake_op: syz.3.2708 tries to shift op by -1; fix this program
[ 1138.382834][T16838] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2708'.
[ 1138.391911][T16838] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2708'.
[ 1138.605556][ T5815] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1138.674206][T10638] usb 2-1: media controller created
[ 1138.689350][T10638] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1138.742480][T10638] DVB: Unable to find symbol dib7000p_attach()
[ 1138.748833][T10638] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[ 1138.835231][T10638] rc_core: IR keymap rc-dib0700-rc5 not found
[ 1138.857987][T10638] Registered IR keymap rc-empty
[ 1138.871440][ T5936] usbhid 4-1:0.0: can't add hid device: -71
[ 1138.873772][T10638] dvb-usb: could not initialize remote control.
[ 1138.915287][T10638] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[ 1138.926104][ T5936] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1138.964958][T10638] usb 2-1: USB disconnect, device number 66
[ 1138.966120][ T5936] usb 4-1: USB disconnect, device number 70
[ 1139.119285][T10638] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[ 1139.716422][ T5883] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1140.124950][ T5883] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1140.226617][ T5883] usb 3-1: New USB device found, idVendor=0471, idProduct=0308, bcdDevice=e4.df
[ 1140.254554][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1140.758199][ T5883] usb 3-1: config 0 descriptor??
[ 1140.769592][ T5883] pwc: Philips PCVC680K (Vesta Pro) USB webcam detected.
[ 1140.780964][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1142.481551][ T5883] pwc: recv_control_msg error -71 req 02 val 2b00
[ 1142.503622][ T5883] pwc: recv_control_msg error -71 req 02 val 2700
[ 1142.519003][ T5883] pwc: recv_control_msg error -71 req 04 val 1700
[ 1142.533132][ T5883] pwc: recv_control_msg error -71 req 02 val 2c00
[ 1142.546578][ T5883] pwc: recv_control_msg error -71 req 04 val 1000
[ 1142.560319][ T5883] pwc: recv_control_msg error -71 req 04 val 1300
[ 1142.572452][ T5883] pwc: recv_control_msg error -71 req 04 val 1400
[ 1142.579266][ T5883] pwc: recv_control_msg error -71 req 02 val 2000
[ 1142.593355][ T5883] pwc: recv_control_msg error -71 req 02 val 2100
[ 1142.643271][ T5883] pwc: recv_control_msg error -71 req 02 val 2200
[ 1142.651136][ T5883] pwc: recv_control_msg error -71 req 06 val 0600
[ 1142.658405][ T5883] pwc: recv_control_msg error -71 req 04 val 1500
[ 1142.736374][ T5883] pwc: recv_control_msg error -71 req 02 val 2500
[ 1142.754276][ T5883] pwc: recv_control_msg error -71 req 02 val 2400
[ 1142.761442][ T5883] pwc: recv_control_msg error -71 req 02 val 2600
[ 1142.963091][T16888] loop7: detected capacity change from 0 to 7
[ 1143.668889][ T5883] pwc: recv_control_msg error -71 req 02 val 2900
[ 1143.676071][    C0] blk_print_req_error: 10 callbacks suppressed
[ 1143.676082][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.691772][    C0] buffer_io_error: 10 callbacks suppressed
[ 1143.691783][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.706408][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.716015][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.810768][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.820397][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.828883][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.838462][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.842028][ T5883] pwc: recv_control_msg error -71 req 02 val 2800
[ 1143.850869][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.855667][ T5883] pwc: recv_control_msg error -71 req 04 val 1100
[ 1143.862420][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.877252][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.886823][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.894800][T16888] ldm_validate_partition_table(): Disk read failed.
[ 1143.907749][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.917404][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.926915][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.936497][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.946028][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1143.955624][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1143.971843][T16895] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2722'.
[ 1144.049742][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1144.059392][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1144.068300][T16888] Dev loop7: unable to read RDB block 0
[ 1144.084579][T16888]  loop7: unable to read partition table
[ 1144.092445][T16888] loop7: partition table beyond EOD, truncated
[ 1144.099074][T16888] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%�֐�ȵ4FLQk݊5) failed (rc=-5)
[ 1144.268106][ T5883] pwc: recv_control_msg error -71 req 04 val 1200
[ 1144.409013][ T5883] pwc: Registered as video103.
[ 1144.419363][T16890] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1144.853826][ T5883] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input49
[ 1145.649656][ T5883] usb 3-1: USB disconnect, device number 63
[ 1145.885960][ T5936] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1146.101663][ T5936] usb 2-1: Using ep0 maxpacket: 8
[ 1146.168546][ T5936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1146.248326][ T5936] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1146.270519][ T5936] usb 2-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1146.316667][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1146.330772][ T5936] usb 2-1: config 0 descriptor??
[ 1146.879428][ T6284] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1146.907980][T16909] futex_wake_op: syz.1.2727 tries to shift op by -1; fix this program
[ 1146.983760][T16924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2727'.
[ 1146.992891][T16924] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2727'.
[ 1147.493991][ T5936] usbhid 2-1:0.0: can't add hid device: -71
[ 1147.515043][ T5936] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1147.601837][ T5936] usb 2-1: USB disconnect, device number 67
[ 1148.616293][   T10] usb 4-1: new full-speed USB device number 71 using dummy_hcd
[ 1149.855334][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1149.875819][   T10] usb 4-1: not running at top speed; connect to a high speed hub
[ 1149.894471][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1149.926679][   T10] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1149.959343][   T10] usb 4-1: config 1 has no interface number 1
[ 1149.965474][   T10] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1150.001691][   T10] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1150.208598][   T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1150.218438][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1150.254083][    T9] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1150.324150][   T10] usb 4-1: Product: syz
[ 1150.342505][   T10] usb 4-1: Manufacturer: syz
[ 1150.642907][   T10] usb 4-1: SerialNumber: syz
[ 1150.707472][    T9] usb 5-1: Using ep0 maxpacket: 8
[ 1150.713957][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1150.741385][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1150.766232][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1150.786152][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.812574][    T9] usb 5-1: config 0 descriptor??
[ 1150.904983][T16938] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2735'.
[ 1150.923368][T16938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1150.933844][T16938] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1150.945890][   T10] hub 4-1:1.0: Invalid hub with more than one config or interface
[ 1150.957622][   T10] hub 4-1:1.0: probe with driver hub failed with error -22
[ 1150.972421][   T10] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1151.601567][T16950] futex_wake_op: syz.4.2740 tries to shift op by -1; fix this program
[ 1151.684182][T16972] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2740'.
[ 1152.035078][   T10] usb 4-1: USB disconnect, device number 71
[ 1152.057292][    T9] usbhid 5-1:0.0: can't add hid device: -71
[ 1152.073473][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1152.100622][    T9] usb 5-1: USB disconnect, device number 71
[ 1152.115272][T14849] udevd[14849]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1152.129472][   T30] kauditd_printk_skb: 3 callbacks suppressed
[ 1152.129485][   T30] audit: type=1400 audit(1766661848.591:1319): avc:  denied  { read } for  pid=16975 comm="syz.2.2746" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1152.217243][   T30] audit: type=1400 audit(1766661848.637:1320): avc:  denied  { open } for  pid=16975 comm="syz.2.2746" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1152.385510][   T30] audit: type=1326 audit(1766661848.843:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16977 comm="syz.1.2747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f738f749 code=0x7ffc0000
[ 1152.509300][   T30] audit: type=1326 audit(1766661848.843:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16977 comm="syz.1.2747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f738f749 code=0x7ffc0000
[ 1152.534055][   T30] audit: type=1326 audit(1766661848.843:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16977 comm="syz.1.2747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fb6f738f749 code=0x7ffc0000
[ 1152.887074][ T2992] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1152.902798][   T30] audit: type=1326 audit(1766661848.955:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16977 comm="syz.1.2747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f738f749 code=0x7ffc0000
[ 1152.932991][   T30] audit: type=1326 audit(1766661848.955:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16977 comm="syz.1.2747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f738f749 code=0x7ffc0000
[ 1152.964121][   T30] audit: type=1326 audit(1766661848.955:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16977 comm="syz.1.2747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fb6f738f749 code=0x7ffc0000
[ 1152.991284][   T30] audit: type=1326 audit(1766661849.302:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16977 comm="syz.1.2747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f738f749 code=0x7ffc0000
[ 1153.020594][   T30] audit: type=1326 audit(1766661849.302:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16977 comm="syz.1.2747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6f738f749 code=0x7ffc0000
[ 1153.166630][T16987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2750'.
[ 1156.872619][T17025] netlink: 'syz.1.2756': attribute type 33 has an invalid length.
[ 1156.881973][T17025] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2756'.
[ 1156.961501][T10470] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1157.679284][T10470] usb 6-1: Using ep0 maxpacket: 8
[ 1157.689213][T10470] usb 6-1: device descriptor read/all, error -71
[ 1157.865552][T17032] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1158.178005][T17032] team0: Port device batadv1 added
[ 1158.472545][ T1076] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1158.982249][ T5936] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1159.184801][ T5936] usb 5-1: Using ep0 maxpacket: 8
[ 1159.208245][ T5936] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1159.235106][ T5936] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1159.383705][ T5936] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1159.698582][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1159.705329][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1159.860533][ T5936] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1160.241421][ T5936] usb 5-1: config 0 descriptor??
[ 1161.678807][ T5936] usbhid 5-1:0.0: can't add hid device: -71
[ 1161.684751][ T5936] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1161.794769][ T5936] usb 5-1: USB disconnect, device number 72
[ 1161.906025][T17078] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1164.414985][ T5815] Bluetooth: hci2: unexpected event for opcode 0x042c
[ 1164.470715][ T6284] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1167.633933][T10470] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[ 1168.027275][T17133] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1168.474870][T10470] usb 5-1: Using ep0 maxpacket: 8
[ 1168.482650][T10470] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1168.913923][T10470] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1169.950037][T10470] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1170.007465][T16674] hid_parser_main: 5 callbacks suppressed
[ 1170.007478][T16674] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[ 1170.221105][T16674] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1170.271292][T10470] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1170.480209][T10470] usb 5-1: config 0 descriptor??
[ 1170.517624][T10470] usb 5-1: can't set config #0, error -71
[ 1170.549281][T10470] usb 5-1: USB disconnect, device number 73
[ 1170.689789][T16069] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1173.323888][T17203] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1174.825709][ T5899] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1175.028231][T16674] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1175.145995][ T5899] usb 3-1: Using ep0 maxpacket: 8
[ 1175.156676][ T5899] usb 3-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1175.165774][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1175.174225][ T5899] usb 3-1: Product: syz
[ 1175.178537][ T5899] usb 3-1: Manufacturer: syz
[ 1175.183215][ T5899] usb 3-1: SerialNumber: syz
[ 1175.211496][T16674] usb 5-1: Using ep0 maxpacket: 8
[ 1175.215833][ T5899] usb 3-1: config 0 descriptor??
[ 1175.220641][ T5883] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[ 1175.245589][T16674] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1175.307761][T16674] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1175.353553][ T5899] cdc_phonet 3-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1175.356237][T16674] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1175.395117][T16674] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.414990][T16674] usb 5-1: config 0 descriptor??
[ 1175.468409][ T5883] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1175.481459][ T5883] usb 6-1: not running at top speed; connect to a high speed hub
[ 1175.491310][ T5883] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1175.502934][ T5883] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1175.513318][ T5883] usb 6-1: config 1 has no interface number 1
[ 1175.520197][ T5883] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1175.534590][ T5883] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1175.549157][ T5883] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1175.560113][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1175.576567][ T5883] usb 6-1: Product: syz
[ 1175.582023][ T5883] usb 6-1: Manufacturer: syz
[ 1175.588590][ T5883] usb 6-1: SerialNumber: syz
[ 1175.645537][T17219] futex_wake_op: syz.4.2806 tries to shift op by -1; fix this program
[ 1175.738601][T17238] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2806'.
[ 1175.950125][T17228] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2805'.
[ 1176.045478][T17228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1176.054108][T17228] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1176.074638][ T5883] hub 6-1:1.0: Invalid hub with more than one config or interface
[ 1176.089375][ T5883] hub 6-1:1.0: probe with driver hub failed with error -22
[ 1176.096746][T16674] usbhid 5-1:0.0: can't add hid device: -71
[ 1176.116745][T16674] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1176.129623][ T5883] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1176.143556][T16674] usb 5-1: USB disconnect, device number 74
[ 1176.177363][ T5883] usb 6-1: USB disconnect, device number 6
[ 1176.228693][T14849] udevd[14849]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1176.895784][  T442] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1177.540083][ T5883] usb 3-1: USB disconnect, device number 64
[ 1177.685755][T17266] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2817'.
[ 1178.354430][T14644] udevd[14644]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1180.747723][ T5899] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[ 1180.822514][T16499] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[ 1181.180356][ T5899] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1181.293535][T16499] usb 5-1: Using ep0 maxpacket: 8
[ 1181.299546][ T5899] usb 3-1: not running at top speed; connect to a high speed hub
[ 1181.317747][T16499] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1181.388620][T17313] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2828'.
[ 1181.808015][ T5899] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1181.818251][T16499] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1181.831218][ T5899] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1181.840667][T16499] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1181.850163][ T5899] usb 3-1: config 1 has no interface number 1
[ 1181.856743][ T5899] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1181.870430][T16499] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1181.889866][ T5899] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1181.923717][T16499] usb 5-1: config 0 descriptor??
[ 1181.935699][ T5899] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1181.960217][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1181.978967][ T5899] usb 3-1: Product: syz
[ 1181.983185][ T5899] usb 3-1: Manufacturer: syz
[ 1182.007902][ T5899] usb 3-1: SerialNumber: syz
[ 1182.234091][T17301] futex_wake_op: syz.4.2825 tries to shift op by -1; fix this program
[ 1182.301692][T17320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2825'.
[ 1182.905587][T17299] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2823'.
[ 1182.938386][T17299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1182.947204][T17299] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1182.958597][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1182.960320][ T5899] hub 3-1:1.0: Invalid hub with more than one config or interface
[ 1182.991651][ T5899] hub 3-1:1.0: probe with driver hub failed with error -22
[ 1183.035260][ T5899] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1183.046448][T16499] usbhid 5-1:0.0: can't add hid device: -71
[ 1183.067138][T16499] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1183.099974][T16499] usb 5-1: USB disconnect, device number 75
[ 1183.109064][ T5899] usb 3-1: USB disconnect, device number 65
[ 1183.275667][T14475] udevd[14475]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1184.706500][T17350] netlink: 'syz.2.2839': attribute type 33 has an invalid length.
[ 1184.715345][T17350] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2839'.
[ 1184.899222][T17352] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2839'.
[ 1186.476469][T17360] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2841'.
[ 1186.825878][T14644] udevd[14644]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1187.601727][T17377] netlink: 'syz.5.2847': attribute type 33 has an invalid length.
[ 1187.619067][T17377] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2847'.
[ 1187.651350][T17379] netlink: 'syz.1.2845': attribute type 33 has an invalid length.
[ 1187.675558][T17379] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2845'.
[ 1187.740304][T17383] 9p: Bad value for 'wfdno'
[ 1187.747211][T17379] 9p: Bad value for 'wfdno'
[ 1188.260446][T10470] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1188.417616][ T6163] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1188.870354][T10470] usb 4-1: Using ep0 maxpacket: 8
[ 1188.930937][T10470] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1188.947409][T10470] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1189.053317][T10470] usb 4-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1189.078109][T10470] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1189.117174][T10470] usb 4-1: config 0 descriptor??
[ 1189.398330][T17386] futex_wake_op: syz.3.2849 tries to shift op by -1; fix this program
[ 1189.469843][T17397] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2849'.
[ 1189.788479][T17399] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2851'.
[ 1189.865223][T10470] usbhid 4-1:0.0: can't add hid device: -71
[ 1189.882790][T10470] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1189.961152][T10470] usb 4-1: USB disconnect, device number 72
[ 1190.003367][T17403] netlink: 'syz.4.2852': attribute type 33 has an invalid length.
[ 1190.024710][T17403] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2852'.
[ 1190.189443][T17406] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2852'.
[ 1191.450145][T17421] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2856'.
[ 1193.790988][T16674] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1193.833090][  T850] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1193.930258][T17375] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 1193.972192][T16674] usb 3-1: Using ep0 maxpacket: 8
[ 1193.979569][T16674] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1193.990985][T16674] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1194.003906][  T850] usb 6-1: Using ep0 maxpacket: 8
[ 1194.010087][T16674] usb 3-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1194.020784][T16674] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1194.030787][  T850] usb 6-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1194.040231][  T850] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1194.049731][  T850] usb 6-1: Product: syz
[ 1194.054548][T16674] usb 3-1: config 0 descriptor??
[ 1194.066249][  T850] usb 6-1: Manufacturer: syz
[ 1194.075617][  T850] usb 6-1: SerialNumber: syz
[ 1194.088638][  T850] usb 6-1: config 0 descriptor??
[ 1194.093662][T17375] usb 5-1: Using ep0 maxpacket: 8
[ 1194.102263][T17375] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1194.114076][T17375] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1194.128633][  T850] cdc_phonet 6-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1194.137668][T17375] usb 5-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1194.158073][T17375] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1194.178321][T17375] usb 5-1: config 0 descriptor??
[ 1194.284546][T17446] futex_wake_op: syz.2.2862 tries to shift op by -1; fix this program
[ 1194.593369][T16258] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1194.637232][T17446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2862'.
[ 1194.646159][T17446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2862'.
[ 1194.676677][T17453] futex_wake_op: syz.4.2865 tries to shift op by -1; fix this program
[ 1194.761549][T17460] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2865'.
[ 1195.109057][T16674] usbhid 3-1:0.0: can't add hid device: -71
[ 1195.120869][T17375] usbhid 5-1:0.0: can't add hid device: -71
[ 1195.127999][T17463] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2867'.
[ 1195.141493][T16674] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1195.150296][T17375] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1195.166882][T16674] usb 3-1: USB disconnect, device number 66
[ 1195.173237][T17375] usb 5-1: USB disconnect, device number 76
[ 1195.391085][T17445] udevd[17445]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1196.052632][T17477] netlink: 'syz.2.2869': attribute type 33 has an invalid length.
[ 1196.069789][T17477] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2869'.
[ 1196.248483][T17479] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2869'.
[ 1196.282741][ T5981] usb 6-1: USB disconnect, device number 7
[ 1198.355132][ T5981] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 1198.504809][T16499] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1198.526146][ T5981] usb 5-1: Using ep0 maxpacket: 8
[ 1198.537910][ T5981] usb 5-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1198.546971][ T5981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1198.555088][ T5981] usb 5-1: Product: syz
[ 1198.559343][ T5981] usb 5-1: Manufacturer: syz
[ 1198.564014][ T5981] usb 5-1: SerialNumber: syz
[ 1198.601503][ T5981] usb 5-1: config 0 descriptor??
[ 1198.616682][ T5981] cdc_phonet 5-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1198.675968][T16499] usb 6-1: Using ep0 maxpacket: 8
[ 1198.696219][T16499] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1198.719289][T16499] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1198.740824][T16499] usb 6-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1198.750673][T16499] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1198.805704][T16499] usb 6-1: config 0 descriptor??
[ 1198.860610][ T5981] usb 5-1: USB disconnect, device number 77
[ 1199.221235][T17510] futex_wake_op: syz.5.2879 tries to shift op by -1; fix this program
[ 1199.347118][T17520] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2879'.
[ 1199.662741][T16499] usbhid 6-1:0.0: can't add hid device: -71
[ 1199.668744][T16499] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1199.984955][T16499] usb 6-1: USB disconnect, device number 8
[ 1200.047394][ T2992] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1200.638612][T17538] netlink: 'syz.2.2887': attribute type 33 has an invalid length.
[ 1200.653108][T17538] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2887'.
[ 1201.916109][T17542] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2887'.
[ 1204.441881][T17576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2899'.
[ 1204.494705][T17576] netlink: 'syz.2.2899': attribute type 30 has an invalid length.
[ 1204.942792][T17590] loop7: detected capacity change from 0 to 7
[ 1205.827145][T17375] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1205.893003][    C1] blk_print_req_error: 5 callbacks suppressed
[ 1205.893015][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1205.908705][    C1] buffer_io_error: 5 callbacks suppressed
[ 1205.908720][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1205.928148][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1205.944742][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1205.954347][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1205.962402][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1205.971985][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1205.980143][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1205.989822][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1205.998754][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1206.008315][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1206.016348][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1206.025885][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1206.033955][T17590] ldm_validate_partition_table(): Disk read failed.
[ 1206.040657][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1206.050234][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1206.063084][T17375] usb 6-1: Using ep0 maxpacket: 8
[ 1206.063566][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1206.069499][T17375] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1206.077654][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1206.097542][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1206.097554][T17375] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1206.107118][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1206.127962][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 1
[ 1206.137502][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1206.145431][T17590] Dev loop7: unable to read RDB block 0
[ 1206.158074][T17590]  loop7: unable to read partition table
[ 1206.163947][T17590] loop7: partition table beyond EOD, truncated
[ 1206.170520][T17590] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%�֐�ȵ4FLQk݊5) failed (rc=-5)
[ 1206.235060][T17375] usb 6-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1206.251891][T17375] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1206.272814][T17375] usb 6-1: config 0 descriptor??
[ 1206.611794][T17578] futex_wake_op: syz.5.2900 tries to shift op by -1; fix this program
[ 1206.706403][T17598] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2900'.
[ 1206.939748][T17375] usbhid 6-1:0.0: can't add hid device: -71
[ 1206.967094][T17375] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1207.011377][T17375] usb 6-1: USB disconnect, device number 9
[ 1207.057408][T16499] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1207.325523][T16499] usb 3-1: Using ep0 maxpacket: 8
[ 1207.332872][T16499] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1207.347004][T16499] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1207.376089][T16499] usb 3-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1207.404181][T16499] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1207.454207][T16499] usb 3-1: config 0 descriptor??
[ 1207.747955][T17592] futex_wake_op: syz.2.2905 tries to shift op by -1; fix this program
[ 1207.821036][T17612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2905'.
[ 1207.862390][T17614] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2910'.
[ 1207.889087][ T5899] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1207.895142][T17612] team11: entered promiscuous mode
[ 1207.902084][T17612] team11: entered allmulticast mode
[ 1208.083935][ T5899] usb 4-1: Using ep0 maxpacket: 8
[ 1208.097052][ T5899] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1208.132227][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1208.160775][ T5899] usb 4-1: Product: syz
[ 1208.199697][ T5899] usb 4-1: Manufacturer: syz
[ 1208.208238][ T5899] usb 4-1: SerialNumber: syz
[ 1208.296865][ T5899] usb 4-1: config 0 descriptor??
[ 1208.385770][ T5899] cdc_phonet 4-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1208.460603][T17579] udevd[17579]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1209.659025][T16499] usbhid 3-1:0.0: can't add hid device: -71
[ 1209.676134][T16499] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1209.716649][T16499] usb 3-1: USB disconnect, device number 67
[ 1212.013986][ T3487] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1212.234941][T15754] usb 4-1: USB disconnect, device number 73
[ 1212.931066][T17655] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2922'.
[ 1212.992792][T17660] netlink: 'syz.4.2923': attribute type 33 has an invalid length.
[ 1213.011793][T17660] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2923'.
[ 1213.172312][T15754] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1213.245237][T17595] udevd[17595]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1213.294889][T17579] udevd[17579]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1213.381274][T15754] usb 4-1: Using ep0 maxpacket: 8
[ 1213.389317][T15754] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1213.401117][T15754] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1213.433444][T15754] usb 4-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1213.453128][T15754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1213.478077][T15754] usb 4-1: config 0 descriptor??
[ 1214.642328][T17653] futex_wake_op: syz.3.2920 tries to shift op by -1; fix this program
[ 1214.736442][T17675] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2920'.
[ 1215.173972][T15754] usbhid 4-1:0.0: can't add hid device: -71
[ 1215.193146][T15754] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1215.226717][T15754] usb 4-1: USB disconnect, device number 74
[ 1216.946082][ T5899] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1217.150582][ T5899] usb 3-1: Using ep0 maxpacket: 8
[ 1217.170717][ T5899] usb 3-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1217.179772][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1217.266134][ T5899] usb 3-1: Product: syz
[ 1217.270558][ T5899] usb 3-1: Manufacturer: syz
[ 1217.288046][ T5899] usb 3-1: SerialNumber: syz
[ 1217.324617][ T5899] usb 3-1: config 0 descriptor??
[ 1217.353218][ T5899] cdc_phonet 3-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1217.785965][T17375] usb 3-1: USB disconnect, device number 68
[ 1217.837010][   T36] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1218.078517][T15511] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1218.089421][T15511] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1218.098081][T15511] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1218.106916][T15511] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1218.116357][T15511] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1218.164006][T17711] lo speed is unknown, defaulting to 1000
[ 1218.309970][ T6163] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1218.436026][ T6163] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1218.877561][T17711] chnl_net:caif_netlink_parms(): no params data found
[ 1219.036168][T17724] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2939'.
[ 1219.069824][ T6163] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1219.305616][ T6163] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1219.359090][T17579] udevd[17579]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1219.404090][T17733] loop2: detected capacity change from 0 to 7
[ 1219.416685][T17595] Dev loop2: unable to read RDB block 7
[ 1219.425164][T17595]  loop2: unable to read partition table
[ 1219.426591][T17711] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1219.442043][T17595] loop2: partition table beyond EOD, truncated
[ 1219.458734][T17733] Dev loop2: unable to read RDB block 7
[ 1219.463212][T17711] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1219.466470][T17733]  loop2: unable to read partition table
[ 1219.479542][T17733] loop2: partition table beyond EOD, truncated
[ 1219.489245][T17733] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[ 1219.495493][T17711] bridge_slave_0: entered allmulticast mode
[ 1219.543774][T17711] bridge_slave_0: entered promiscuous mode
[ 1219.689596][T17711] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1219.723529][T17711] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1219.732780][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1219.732793][   T30] audit: type=1326 audit(1766661911.842:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17734 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1219.736562][T17711] bridge_slave_1: entered allmulticast mode
[ 1219.747050][   T30] audit: type=1326 audit(1766661911.842:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17734 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1219.782614][T17711] bridge_slave_1: entered promiscuous mode
[ 1220.778373][ T5815] Bluetooth: hci1: command tx timeout
[ 1220.827988][   T30] audit: type=1326 audit(1766661911.852:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17734 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1220.965626][   T30] audit: type=1326 audit(1766661912.058:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17734 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1221.157150][   T30] audit: type=1326 audit(1766661912.058:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17734 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1221.182822][   T30] audit: type=1326 audit(1766661912.076:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17734 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1221.195703][T17750] netlink: 'syz.5.2944': attribute type 33 has an invalid length.
[ 1221.207158][   T30] audit: type=1326 audit(1766661913.161:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17734 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1221.214876][T17750] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2944'.
[ 1221.238054][   T30] audit: type=1326 audit(1766661913.161:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17734 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96b278f749 code=0x7ffc0000
[ 1221.271485][T17745] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2943'.
[ 1221.506705][T17711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1221.826998][T17750] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2944'.
[ 1221.857177][T17753] netlink: 'syz.1.2945': attribute type 33 has an invalid length.
[ 1221.865265][T17753] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2945'.
[ 1221.901716][T17711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1222.056440][ T5936] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[ 1222.073214][T17711] team0: Port device team_slave_0 added
[ 1222.103474][ T6163] bridge_slave_1: left allmulticast mode
[ 1222.221007][ T6163] bridge_slave_1: left promiscuous mode
[ 1222.249010][ T6163] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1222.288926][ T6163] bridge_slave_0: left allmulticast mode
[ 1222.294882][ T5936] usb 4-1: Using ep0 maxpacket: 8
[ 1222.316501][ T6163] bridge_slave_0: left promiscuous mode
[ 1222.339758][ T5936] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1222.352226][ T6163] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1222.371906][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1222.387762][ T5936] usb 4-1: Product: syz
[ 1222.414346][ T5936] usb 4-1: Manufacturer: syz
[ 1222.443367][ T5936] usb 4-1: SerialNumber: syz
[ 1222.474372][ T5936] usb 4-1: config 0 descriptor??
[ 1222.505986][ T5936] cdc_phonet 4-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1222.725497][ T5936] usb 4-1: USB disconnect, device number 75
[ 1222.901643][T17375] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1222.975808][ T5815] Bluetooth: hci1: command tx timeout
[ 1223.071793][T17375] usb 6-1: Using ep0 maxpacket: 8
[ 1223.078206][T17375] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1223.089943][T17375] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1223.102847][T17375] usb 6-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1223.111918][T17375] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1223.122354][T17375] usb 6-1: config 0 descriptor??
[ 1223.190817][ T6163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1223.201271][ T6163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1223.211028][ T6163] bond0 (unregistering): Released all slaves
[ 1223.222696][T17711] team0: Port device team_slave_1 added
[ 1223.250738][T17711] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1223.259254][T17711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1223.286524][T17711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1223.314273][T17711] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1223.328775][T17711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1223.394290][T17711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1223.436242][T17776] futex_wake_op: syz.5.2948 tries to shift op by -1; fix this program
[ 1223.610753][T17783] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2948'.
[ 1223.872541][T17789] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[ 1223.898331][T17788] evm: overlay not supported
[ 1223.944542][T17783] team1: entered promiscuous mode
[ 1223.951147][T17783] team1: entered allmulticast mode
[ 1223.993319][  T442] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1224.023596][T17711] hsr_slave_0: entered promiscuous mode
[ 1224.035003][T17711] hsr_slave_1: entered promiscuous mode
[ 1224.045291][T17711] debugfs: 'hsr0' already exists in 'hsr'
[ 1224.058493][T17711] Cannot create hsr debugfs directory
[ 1224.064248][T17375] usbhid 6-1:0.0: can't add hid device: -71
[ 1224.088341][T17375] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1224.117371][T17375] usb 6-1: USB disconnect, device number 10
[ 1224.227310][ T5899] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 1224.322606][ T5883] usb 2-1: new full-speed USB device number 68 using dummy_hcd
[ 1224.408206][ T5899] usb 4-1: Using ep0 maxpacket: 8
[ 1224.423006][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1224.440266][ T5899] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1224.459255][ T5899] usb 4-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1224.482982][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1224.518186][ T5883] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1224.551251][ T5899] usb 4-1: config 0 descriptor??
[ 1224.557333][ T5883] usb 2-1: not running at top speed; connect to a high speed hub
[ 1224.573639][ T5883] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1224.590466][ T5883] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1224.613537][ T5883] usb 2-1: config 1 has no interface number 1
[ 1224.642662][ T5883] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1224.693195][ T5883] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1224.727794][ T5883] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1224.746218][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1224.764472][ T5883] usb 2-1: Product: syz
[ 1224.774966][ T5883] usb 2-1: Manufacturer: syz
[ 1224.787647][ T5883] usb 2-1: SerialNumber: syz
[ 1224.854137][T17791] futex_wake_op: syz.3.2951 tries to shift op by -1; fix this program
[ 1224.925358][T17814] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2951'.
[ 1224.989618][T17815] FAULT_INJECTION: forcing a failure.
[ 1224.989618][T17815] name failslab, interval 1, probability 0, space 0, times 0
[ 1225.003070][T17815] CPU: 0 UID: 0 PID: 17815 Comm: syz.3.2951 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1225.003101][T17815] Tainted: [L]=SOFTLOCKUP
[ 1225.003108][T17815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1225.003118][T17815] Call Trace:
[ 1225.003124][T17815]  <TASK>
[ 1225.003131][T17815]  dump_stack_lvl+0x16c/0x1f0
[ 1225.003164][T17815]  should_fail_ex+0x512/0x640
[ 1225.003190][T17815]  ? kmem_cache_alloc_noprof+0x62/0x770
[ 1225.003213][T17815]  should_failslab+0xc2/0x120
[ 1225.003237][T17815]  kmem_cache_alloc_noprof+0x83/0x770
[ 1225.003256][T17815]  ? do_fcntl_add_lease+0x361/0x550
[ 1225.003287][T17815]  ? do_fcntl_add_lease+0x361/0x550
[ 1225.003312][T17815]  ? fasync_alloc+0x9/0x20
[ 1225.003330][T17815]  do_fcntl_add_lease+0x361/0x550
[ 1225.003357][T17815]  ? __pfx_do_fcntl_add_lease+0x10/0x10
[ 1225.003393][T17815]  fcntl_setlease+0xfc/0x180
[ 1225.003417][T17815]  ? __pfx_fcntl_setlease+0x10/0x10
[ 1225.003444][T17815]  ? trace_irq_enable.constprop.0+0x2f/0x110
[ 1225.003472][T17815]  do_fcntl+0x153b/0x1660
[ 1225.003491][T17815]  ? __pfx_do_fcntl+0x10/0x10
[ 1225.003516][T17815]  ? selinux_file_fcntl+0x93/0x170
[ 1225.003540][T17815]  __x64_sys_fcntl+0x163/0x200
[ 1225.003559][T17815]  do_syscall_64+0xcd/0xf80
[ 1225.003583][T17815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1225.003602][T17815] RIP: 0033:0x7f96b278f749
[ 1225.003616][T17815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1225.003633][T17815] RSP: 002b:00007f96b36bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[ 1225.003650][T17815] RAX: ffffffffffffffda RBX: 00007f96b29e6180 RCX: 00007f96b278f749
[ 1225.003662][T17815] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000004
[ 1225.003673][T17815] RBP: 00007f96b36bf090 R08: 0000000000000000 R09: 0000000000000000
[ 1225.003684][T17815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1225.003695][T17815] R13: 00007f96b29e6218 R14: 00007f96b29e6180 R15: 00007fff5b875e58
[ 1225.003721][T17815]  </TASK>
[ 1225.253337][ T5815] Bluetooth: hci1: command tx timeout
[ 1225.284799][ T5936] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1225.411898][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1225.429706][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1225.574706][ T5936] usb 6-1: Using ep0 maxpacket: 8
[ 1225.583453][ T5936] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1225.597217][ T5936] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1225.611733][ T5936] usb 6-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1225.684797][T17816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1225.693668][T17816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1225.704004][ T5936] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1225.827466][ T5936] usb 6-1: config 0 descriptor??
[ 1225.860873][T17814] team12: entered promiscuous mode
[ 1225.872165][T17814] team12: entered allmulticast mode
[ 1225.925379][T17794] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2952'.
[ 1225.972828][ T5899] usbhid 4-1:0.0: can't add hid device: -71
[ 1225.983515][ T5899] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1226.051723][ T5883] hub 2-1:1.0: Invalid hub with more than one config or interface
[ 1226.066886][ T5883] hub 2-1:1.0: probe with driver hub failed with error -22
[ 1226.075025][T17813] futex_wake_op: syz.5.2954 tries to shift op by -1; fix this program
[ 1226.143507][T17818] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2954'.
[ 1226.432111][ T5899] usb 4-1: USB disconnect, device number 76
[ 1226.463405][ T5883] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1226.525509][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1226.560189][ T5883] usb 2-1: USB disconnect, device number 68
[ 1226.582080][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1226.594846][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1226.604310][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1226.641904][T17707] udevd[17707]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1226.721219][ T6163] veth1_macvtap: left promiscuous mode
[ 1226.726848][ T6163] veth0_macvtap: left promiscuous mode
[ 1226.751059][ T6163] veth1_vlan: left promiscuous mode
[ 1226.759193][ T6163] veth0_vlan: left promiscuous mode
[ 1226.777449][T17825] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2956'.
[ 1227.409423][ T6163] batadv4 (unregistering): left promiscuous mode
[ 1227.415921][ T5815] Bluetooth: hci1: command tx timeout
[ 1227.429811][ T6163] batadv4 (unregistering): left allmulticast mode
[ 1227.453931][ T6163] team0 (unregistering): Port device batadv4 removed
[ 1227.473114][T17579] udevd[17579]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1227.570906][ T6163] batadv3 (unregistering): left promiscuous mode
[ 1227.592094][ T6163] batadv3 (unregistering): left allmulticast mode
[ 1227.650319][ T6163] team0 (unregistering): Port device batadv3 removed
[ 1227.710264][ T6163] pim6reg (unregistering): left allmulticast mode
[ 1227.760743][ T6163] batadv2 (unregistering): left promiscuous mode
[ 1227.770265][ T6163] batadv2 (unregistering): left allmulticast mode
[ 1227.793087][ T6163] team0 (unregistering): Port device batadv2 removed
[ 1228.353754][ T5883] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 1228.528127][ T5883] usb 2-1: Using ep0 maxpacket: 8
[ 1228.537657][ T5883] usb 2-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1228.554415][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1228.567880][ T5883] usb 2-1: Product: syz
[ 1228.572038][ T5883] usb 2-1: Manufacturer: syz
[ 1228.588744][ T5883] usb 2-1: SerialNumber: syz
[ 1228.602644][ T5883] usb 2-1: config 0 descriptor??
[ 1228.621888][ T5883] cdc_phonet 2-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1228.791609][ T5981] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 1228.934083][ T5936] usbhid 6-1:0.0: can't add hid device: -71
[ 1228.958381][ T5936] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1228.989532][ T5936] usb 6-1: USB disconnect, device number 11
[ 1228.997538][ T5981] usb 4-1: Using ep0 maxpacket: 8
[ 1229.011215][ T5981] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1229.023928][ T5981] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1229.062130][ T5981] usb 4-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1229.109803][ T5981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1229.161336][ T5981] usb 4-1: config 0 descriptor??
[ 1229.385770][T17855] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2962'.
[ 1229.885800][T17711] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1229.908779][T17711] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1229.920682][T17711] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1229.934464][T17711] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1229.968583][T17859] futex_wake_op: syz.3.2959 tries to shift op by -1; fix this program
[ 1230.443830][ T4236] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1230.684922][T17711] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1230.770420][T17877] netlink: 'syz.5.2965': attribute type 33 has an invalid length.
[ 1230.790657][T17877] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2965'.
[ 1230.930835][T17711] 8021q: adding VLAN 0 to HW filter on device team0
[ 1230.973112][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1230.980190][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1231.085627][T16499] usb 2-1: USB disconnect, device number 69
[ 1231.106239][T16258] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1231.113327][T16258] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1231.195423][T17881] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2965'.
[ 1231.581617][T16499] usb 2-1: new full-speed USB device number 70 using dummy_hcd
[ 1231.765836][T16499] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1231.827543][T16499] usb 2-1: not running at top speed; connect to a high speed hub
[ 1231.937662][T17711] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1232.158038][T16499] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1232.235949][T16499] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1232.411587][T16499] usb 2-1: config 1 has no interface number 1
[ 1232.443499][T16499] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1232.503512][T16499] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1232.555379][T16499] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1232.585105][T16499] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1232.610263][T16499] usb 2-1: Product: syz
[ 1232.614515][T16499] usb 2-1: Manufacturer: syz
[ 1232.627343][T16499] usb 2-1: SerialNumber: syz
[ 1232.809119][ T5981] usbhid 4-1:0.0: can't add hid device: -71
[ 1232.827432][ T5981] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1232.891296][T17880] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2966'.
[ 1232.932887][T17880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1232.941524][T17880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1232.988266][T16499] hub 2-1:1.0: Invalid hub with more than one config or interface
[ 1233.000333][ T5981] usb 4-1: USB disconnect, device number 77
[ 1233.078354][T16499] hub 2-1:1.0: probe with driver hub failed with error -22
[ 1233.109883][T16499] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1233.223070][T17711] veth0_vlan: entered promiscuous mode
[ 1233.279961][T16499] usb 2-1: USB disconnect, device number 70
[ 1233.335450][T17711] veth1_vlan: entered promiscuous mode
[ 1233.644293][T17711] veth0_macvtap: entered promiscuous mode
[ 1233.672522][T17711] veth1_macvtap: entered promiscuous mode
[ 1233.754832][T17711] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1233.932922][T17711] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1233.962921][ T6163] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1234.049602][T17934] netlink: 'syz.5.2971': attribute type 1 has an invalid length.
[ 1234.052827][ T6163] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1234.160765][ T6163] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1234.208835][ T6163] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1234.448036][ T6163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1234.501566][ T6163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1234.604674][T16069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1234.649441][T16069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1235.215866][T15511] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1235.226137][T15511] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1235.234599][T15511] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1235.243193][T15511] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1235.253210][T15511] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1235.298197][T17963] netlink: 'syz.1.2976': attribute type 33 has an invalid length.
[ 1235.401905][T17961] lo speed is unknown, defaulting to 1000
[ 1235.415326][T17963] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2976'.
[ 1235.687171][T17965] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2976'.
[ 1235.865707][T17961] chnl_net:caif_netlink_parms(): no params data found
[ 1236.015112][T17961] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1236.030994][T17961] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1236.045420][T17961] bridge_slave_0: entered allmulticast mode
[ 1236.059480][T17961] bridge_slave_0: entered promiscuous mode
[ 1236.078386][T17961] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1236.095478][T17961] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1236.110735][T17961] bridge_slave_1: entered allmulticast mode
[ 1236.124792][T17961] bridge_slave_1: entered promiscuous mode
[ 1236.389662][T16069] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1236.467835][T16069] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1236.550719][T17961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1236.588214][T17961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1236.680915][ T5981] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[ 1236.988763][T16069] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1237.007710][T16069] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1237.161683][ T5981] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1237.190307][ T5981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1237.201025][ T5981] usb 2-1: Product: syz
[ 1237.208441][ T5981] usb 2-1: Manufacturer: syz
[ 1237.215762][ T5981] usb 2-1: SerialNumber: syz
[ 1237.239079][T16069] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1237.278503][ T5981] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1237.303988][T16069] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1237.326032][T16053] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1237.364999][T17961] team0: Port device team_slave_0 added
[ 1237.398121][T17986] pim6reg: entered allmulticast mode
[ 1237.465712][T15511] Bluetooth: hci5: command tx timeout
[ 1237.470048][T17961] team0: Port device team_slave_1 added
[ 1237.571886][T16674] usb 2-1: USB disconnect, device number 71
[ 1237.883966][T16069] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1237.912839][T16069] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1237.963995][T17961] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1237.992725][T17961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1238.054821][T17961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1238.103572][T17961] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1238.113498][T17961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1238.179210][T17961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1238.802843][T16053] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[ 1238.814731][T16053] ath9k_htc: Failed to initialize the device
[ 1238.825113][T16674] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1238.885008][T17961] hsr_slave_0: entered promiscuous mode
[ 1238.891233][T17961] hsr_slave_1: entered promiscuous mode
[ 1238.897484][T17961] debugfs: 'hsr0' already exists in 'hsr'
[ 1238.904708][T17961] Cannot create hsr debugfs directory
[ 1239.171923][T16674] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[ 1239.368189][T16674] usb 2-1: Using ep0 maxpacket: 8
[ 1239.378353][T16674] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1240.307326][T15511] Bluetooth: hci5: command tx timeout
[ 1240.326760][T16674] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1240.351570][T16674] usb 2-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1240.375078][T16674] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1240.433829][T16674] usb 2-1: config 0 descriptor??
[ 1240.551144][T18025] netlink: 220 bytes leftover after parsing attributes in process `syz.3.2989'.
[ 1240.696490][T18002] futex_wake_op: syz.1.2983 tries to shift op by -1; fix this program
[ 1240.815738][T18034] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2983'.
[ 1241.699244][T16069] bond0 (unregistering): Released all slaves
[ 1241.756041][T16069] bond1 (unregistering): Released all slaves
[ 1241.895020][T16674] usbhid 2-1:0.0: can't add hid device: -71
[ 1241.926635][T16674] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1241.961189][T16674] usb 2-1: USB disconnect, device number 72
[ 1242.464923][T15511] Bluetooth: hci5: command tx timeout
[ 1243.248753][T17961] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1243.366942][T17961] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1243.425003][T17961] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1243.741597][T17961] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1244.240132][T16053] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1244.415056][T17961] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1244.453041][T16053] usb 2-1: Using ep0 maxpacket: 8
[ 1244.477849][T16053] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1244.495804][T16674] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[ 1244.533827][T16053] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1244.534203][T17961] 8021q: adding VLAN 0 to HW filter on device team0
[ 1244.566001][T16053] usb 2-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1244.587956][T16053] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1244.626390][T16053] usb 2-1: config 0 descriptor??
[ 1244.682329][T16674] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1244.689408][T15511] Bluetooth: hci5: command tx timeout
[ 1244.702538][T16674] usb 6-1: not running at top speed; connect to a high speed hub
[ 1244.720036][T16674] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1244.734747][ T2967] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1244.741828][ T2967] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1244.779443][T16674] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1244.804882][ T2967] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1244.812019][ T2967] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1244.824151][T16674] usb 6-1: config 1 has no interface number 1
[ 1244.851399][T16674] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1244.887696][T18088] futex_wake_op: syz.1.2995 tries to shift op by -1; fix this program
[ 1244.957687][T18115] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64013 sclass=netlink_route_socket pid=18115 comm=syz.1.2995
[ 1245.244356][T16674] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[ 1245.267974][T16069] hsr_slave_0: left promiscuous mode
[ 1245.268901][T16053] usbhid 2-1:0.0: can't add hid device: -71
[ 1245.285546][T16053] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1245.292848][T16674] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1245.303284][T16069] hsr_slave_1: left promiscuous mode
[ 1245.309646][T16674] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1245.318561][T16674] usb 6-1: Product: syz
[ 1245.321145][T16053] usb 2-1: USB disconnect, device number 73
[ 1245.322927][T16674] usb 6-1: Manufacturer: syz
[ 1245.338526][T16674] usb 6-1: SerialNumber: syz
[ 1245.356962][T16069] veth1_macvtap: left allmulticast mode
[ 1245.368434][T16069] veth1_macvtap: left promiscuous mode
[ 1245.380583][T16069] veth1_vlan: left promiscuous mode
[ 1245.392674][T16069] veth0_vlan: left promiscuous mode
[ 1245.665748][T16069] pim6reg (unregistering): left allmulticast mode
[ 1245.738485][T18125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1245.747069][T18125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1245.777480][T16069] batadv3 (unregistering): left promiscuous mode
[ 1245.784220][T16069] batadv3 (unregistering): left allmulticast mode
[ 1245.813443][T16069] team0 (unregistering): Port device batadv3 removed
[ 1245.860589][T16069] batadv2 (unregistering): left promiscuous mode
[ 1245.868242][T16069] batadv2 (unregistering): left allmulticast mode
[ 1245.880094][T16069] team0 (unregistering): Port device batadv2 removed
[ 1245.921836][T16069] batadv1 (unregistering): left promiscuous mode
[ 1245.939691][T16069] batadv1 (unregistering): left allmulticast mode
[ 1247.358138][T16069] team0 (unregistering): Port device batadv1 removed
[ 1247.771529][ T5883] usb 2-1: new full-speed USB device number 74 using dummy_hcd
[ 1247.941746][ T5883] usb 2-1: config index 0 descriptor too short (expected 115, got 27)
[ 1247.959610][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1247.969853][ T5883] usb 2-1: config 0 has no interfaces?
[ 1247.985111][ T5883] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a
[ 1248.026218][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1248.076900][ T5883] usb 2-1: config 0 descriptor??
[ 1248.396530][T18142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1248.417027][T18142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1248.817734][T15754] lo speed is unknown, defaulting to 1000
[ 1248.821689][T18122] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2997'.
[ 1248.832494][T15754] syz0: Port: 1 Link DOWN
[ 1248.903797][T16674] hub 6-1:1.0: Invalid hub with more than one config or interface
[ 1248.912160][T16674] hub 6-1:1.0: probe with driver hub failed with error -22
[ 1248.946177][T16674] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1249.040560][T16674] usb 6-1: USB disconnect, device number 12
[ 1249.046772][T10470] usb 2-1: USB disconnect, device number 74
[ 1249.123495][T17820] udevd[17820]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1249.540639][T17961] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1249.547835][ T5981] usb 4-1: new full-speed USB device number 78 using dummy_hcd
[ 1250.211916][T17961] veth0_vlan: entered promiscuous mode
[ 1250.294853][T17961] veth1_vlan: entered promiscuous mode
[ 1250.318155][T17961] veth0_macvtap: entered promiscuous mode
[ 1250.324401][ T5981] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1250.338668][ T5981] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1250.351121][T17961] veth1_macvtap: entered promiscuous mode
[ 1250.362962][ T5981] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1250.442664][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1250.466683][T17961] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1250.474127][ T5981] usb 4-1: Product: syz
[ 1250.478344][ T5981] usb 4-1: Manufacturer: syz
[ 1250.483715][ T5981] usb 4-1: SerialNumber: syz
[ 1250.497675][T17961] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1250.524922][ T6517] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1250.641338][T16069] IPVS: stop unused estimator thread 0...
[ 1250.692876][ T6517] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1251.313366][ T6517] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1251.329992][ T5981] usb 4-1: cannot find UAC_HEADER
[ 1251.372083][ T6517] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1251.383179][ T5981] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1251.558339][T17579] udevd[17579]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1251.589083][ T5883] usb 4-1: USB disconnect, device number 78
[ 1251.699293][T16069] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1251.730147][T16069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1251.842037][T16069] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1251.873409][T16069] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1252.494546][ T5815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1252.506440][ T5815] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1252.515029][ T5815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1252.522579][ T5815] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1252.530724][ T5815] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1253.467107][T16499] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1253.653756][T16476] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1253.701215][T16499] usb 3-1: Using ep0 maxpacket: 8
[ 1253.723362][T16499] usb 3-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1253.769476][T16499] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1253.784486][T16476] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1253.823168][T16499] usb 3-1: Product: syz
[ 1253.844625][T16499] usb 3-1: Manufacturer: syz
[ 1253.849244][T16499] usb 3-1: SerialNumber: syz
[ 1253.907502][T16499] usb 3-1: config 0 descriptor??
[ 1253.928098][T16476] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1253.974675][T16499] cdc_phonet 3-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1254.038316][T16476] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1254.069631][T18216] chnl_net:caif_netlink_parms(): no params data found
[ 1254.873576][T18216] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1254.893479][T18216] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1254.903640][T18216] bridge_slave_0: entered allmulticast mode
[ 1254.921002][T18216] bridge_slave_0: entered promiscuous mode
[ 1254.955881][T18216] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1254.972741][T18216] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1254.988180][T18216] bridge_slave_1: entered allmulticast mode
[ 1255.002535][T18216] bridge_slave_1: entered promiscuous mode
[ 1255.093805][T18216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1255.254118][T16476] bridge_slave_1: left allmulticast mode
[ 1255.259779][T16476] bridge_slave_1: left promiscuous mode
[ 1255.275754][T16476] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1255.276226][T15754] usb 3-1: USB disconnect, device number 69
[ 1255.733044][T15511] Bluetooth: hci0: command tx timeout
[ 1255.812922][T16476] bridge_slave_0: left allmulticast mode
[ 1255.841771][T16476] bridge_slave_0: left promiscuous mode
[ 1255.868048][T16476] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1257.026222][T15754] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1257.185534][T15754] usb 4-1: Using ep0 maxpacket: 8
[ 1257.194222][T15754] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1257.207196][T15754] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1257.239378][T15754] usb 4-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[ 1257.248436][T15754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1257.268204][T15754] usb 4-1: config 0 descriptor??
[ 1257.544488][T18256] futex_wake_op: syz.3.3020 tries to shift op by -1; fix this program
[ 1257.649956][T18262] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3020'.
[ 1257.944661][T15511] Bluetooth: hci0: command tx timeout
[ 1257.968088][T16476] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1257.986642][T16476] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1258.009175][T16476] bond0 (unregistering): Released all slaves
[ 1258.153298][T16476] bond1 (unregistering): Released all slaves
[ 1258.184657][T18216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1258.209737][T18252] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3019'.
[ 1258.313441][T15754] usbhid 4-1:0.0: can't add hid device: -71
[ 1258.333251][T15754] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1258.363687][T15754] usb 4-1: USB disconnect, device number 79
[ 1258.479657][T16476] tipc: Left network mode
[ 1258.481580][T18216] team0: Port device team_slave_0 added
[ 1258.501946][T18216] team0: Port device team_slave_1 added
[ 1258.512066][T18268] netlink: 220 bytes leftover after parsing attributes in process `syz.2.3022'.
[ 1258.627095][T18216] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1258.635741][T18216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1258.693172][T18216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1258.721921][T18216] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1258.740923][T18216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1258.803170][T18216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1258.982550][T18277] syzkaller0: entered promiscuous mode
[ 1258.988172][T18277] syzkaller0: entered allmulticast mode
[ 1259.661094][T18216] hsr_slave_0: entered promiscuous mode
[ 1259.683716][T18216] hsr_slave_1: entered promiscuous mode
[ 1259.806999][T18293] pim6reg: entered allmulticast mode
[ 1260.209671][T15511] Bluetooth: hci0: command tx timeout
[ 1260.903023][T15754] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1261.120252][T15754] usb 4-1: Using ep0 maxpacket: 8
[ 1261.128678][T15754] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[ 1261.146481][T15754] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1261.190426][T15754] usb 4-1: Product: syz
[ 1261.216560][T15754] usb 4-1: Manufacturer: syz
[ 1261.225602][T15754] usb 4-1: SerialNumber: syz
[ 1261.246367][T15754] usb 4-1: config 0 descriptor??
[ 1261.271454][T15754] cdc_phonet 4-1:0.0: probe with driver cdc_phonet failed with error -22
[ 1261.571067][T15754] usb 4-1: USB disconnect, device number 80
[ 1262.159402][T18328] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3031'.
[ 1262.402590][T15511] Bluetooth: hci0: command tx timeout
[ 1263.139326][T18216] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1263.206332][T18216] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1263.238720][T15754] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[ 1263.367520][T18216] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1263.485243][T18216] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1263.493021][T15754] usb 4-1: Using ep0 maxpacket: 8
[ 1263.509939][T15754] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1263.564220][T15754] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1263.674964][    C0] ==================================================================
[ 1263.683045][    C0] BUG: KASAN: slab-use-after-free in rose_send_frame+0x29a/0x2c0
[ 1263.690770][    C0] Read of size 8 at addr ffff888059300420 by task kworker/u8:8/16948
[ 1263.698822][    C0] 
[ 1263.701135][    C0] CPU: 0 UID: 0 PID: 16948 Comm: kworker/u8:8 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1263.701163][    C0] Tainted: [L]=SOFTLOCKUP
[ 1263.701171][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1263.701185][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1263.701215][    C0] Call Trace:
[ 1263.701223][    C0]  <IRQ>
[ 1263.701232][    C0]  dump_stack_lvl+0x116/0x1f0
[ 1263.701258][    C0]  print_report+0xcd/0x630
[ 1263.701284][    C0]  ? __virt_addr_valid+0x81/0x610
[ 1263.701303][    C0]  ? __phys_addr+0xe8/0x180
[ 1263.701323][    C0]  ? rose_send_frame+0x29a/0x2c0
[ 1263.701348][    C0]  kasan_report+0xe0/0x110
[ 1263.701373][    C0]  ? rose_send_frame+0x29a/0x2c0
[ 1263.701402][    C0]  rose_send_frame+0x29a/0x2c0
[ 1263.701428][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1263.701454][    C0]  rose_transmit_restart_request+0x1b8/0x240
[ 1263.701482][    C0]  rose_t0timer_expiry+0x1d/0x150
[ 1263.701509][    C0]  call_timer_fn+0x19a/0x5a0
[ 1263.701532][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1263.701557][    C0]  ? mark_held_locks+0x49/0x80
[ 1263.701579][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1263.701607][    C0]  __run_timers+0x74a/0xae0
[ 1263.701633][    C0]  ? __pfx___run_timers+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1263.701663][    C0]  run_timer_base+0x114/0x190
[ 1263.701686][    C0]  ? __pfx_run_timer_base+0x10/0x10
[ 1263.701716][    C0]  run_timer_softirq+0x1a/0x40
[ 1263.701740][    C0]  handle_softirqs+0x219/0x950
[ 1263.701771][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1263.701800][    C0]  __irq_exit_rcu+0x109/0x170
[ 1263.701826][    C0]  irq_exit_rcu+0x9/0x30
[ 1263.701852][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1263.701875][    C0]  </IRQ>
[ 1263.701882][    C0]  <TASK>
[ 1263.701890][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1263.701911][    C0] RIP: 0010:in_aton+0xa4/0x150
[ 1263.701936][    C0] Code: 44 89 f8 5b 5d 0f c8 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 45 31 e4 eb 53 e8 28 f0 6e f8 89 de bf 0a 00 00 00 e8 5c ea 6e f8 <80> fb 0a 74 53 e8 12 f0 6e f8 48 83 c5 01 43 8d 04 a4 44 8d 64 43
[ 1263.701954][    C0] RSP: 0018:ffffc9000c937ae8 EFLAGS: 00000293
[ 1263.701969][    C0] RAX: 0000000000000000 RBX: 0000000000000032 RCX: ffffffff894ff654
[ 1263.701982][    C0] RDX: ffff8880280a4980 RSI: 000000000000000a RDI: 0000000000000001
[ 1263.701994][    C0] RBP: ffffffff8c50ab86 R08: 0000000000000001 R09: 000000000000000a
[ 1263.702007][    C0] R10: 0000000000000032 R11: ff3cc5d23e5bf983 R12: 0000000000000000
[ 1263.702019][    C0] R13: 0000000000000002 R14: dffffc0000000000 R15: 0000000000c00000
[ 1263.702036][    C0]  ? in_aton+0xa4/0x150
[ 1263.702061][    C0]  ? in_aton+0xa4/0x150
[ 1263.702085][    C0]  nsim_dev_trap_report_work+0x549/0xcf0
[ 1263.702117][    C0]  process_one_work+0x9ba/0x1b20
[ 1263.702146][    C0]  ? __pfx_cfg80211_wiphy_work+0x10/0x10
[ 1263.702172][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1263.702200][    C0]  ? assign_work+0x1a0/0x250
[ 1263.702223][    C0]  worker_thread+0x6c8/0xf10
[ 1263.702251][    C0]  ? __kthread_parkme+0x19e/0x250
[ 1263.702272][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1263.702297][    C0]  kthread+0x3c5/0x780
[ 1263.702320][    C0]  ? __pfx_kthread+0x10/0x10
[ 1263.702344][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1263.702363][    C0]  ? __pfx_kthread+0x10/0x10
[ 1263.702385][    C0]  ret_from_fork+0x983/0xb10
[ 1263.702407][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1263.702428][    C0]  ? __switch_to+0x7af/0x10d0
[ 1263.702452][    C0]  ? __pfx_kthread+0x10/0x10
[ 1263.702475][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1263.702509][    C0]  </TASK>
[ 1263.702516][    C0] 
[ 1263.796822][   T30] audit: type=1400 audit(1766661953.056:1344): avc:  denied  { write } for  pid=5800 comm="syz-executor" path="pipe:[5175]" dev="pipefs" ino=5175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1263.799226][    C0] Allocated by task 16105:
[ 1264.067987][    C0]  kasan_save_stack+0x33/0x60
[ 1264.072637][    C0]  kasan_save_track+0x14/0x30
[ 1264.077293][    C0]  __kasan_kmalloc+0xaa/0xb0
[ 1264.081871][    C0]  rose_rt_ioctl+0x880/0x2580
[ 1264.086526][    C0]  rose_ioctl+0x64d/0x7c0
[ 1264.090824][    C0]  sock_do_ioctl+0x118/0x280
[ 1264.095385][    C0]  sock_ioctl+0x227/0x6b0
[ 1264.099686][    C0]  __x64_sys_ioctl+0x18e/0x210
[ 1264.104423][    C0]  do_syscall_64+0xcd/0xf80
[ 1264.108896][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1264.114755][    C0] 
[ 1264.117047][    C0] Freed by task 18358:
[ 1264.121077][    C0]  kasan_save_stack+0x33/0x60
[ 1264.125723][    C0]  kasan_save_track+0x14/0x30
[ 1264.130368][    C0]  kasan_save_free_info+0x3b/0x60
[ 1264.135369][    C0]  __kasan_slab_free+0x5f/0x80
[ 1264.140104][    C0]  kfree+0x2f8/0x6e0
[ 1264.143965][    C0]  rose_timer_expiry+0x53f/0x630
[ 1264.148870][    C0]  call_timer_fn+0x19a/0x5a0
[ 1264.153437][    C0]  __run_timers+0x74a/0xae0
[ 1264.157909][    C0]  run_timer_base+0x114/0x190
[ 1264.162553][    C0]  run_timer_softirq+0x1a/0x40
[ 1264.167294][    C0]  handle_softirqs+0x219/0x950
[ 1264.172032][    C0]  __irq_exit_rcu+0x109/0x170
[ 1264.176678][    C0]  irq_exit_rcu+0x9/0x30
[ 1264.180896][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1264.186502][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1264.192468][    C0] 
[ 1264.194763][    C0] The buggy address belongs to the object at ffff888059300400
[ 1264.194763][    C0]  which belongs to the cache kmalloc-512 of size 512
[ 1264.208779][    C0] The buggy address is located 32 bytes inside of
[ 1264.208779][    C0]  freed 512-byte region [ffff888059300400, ffff888059300600)
[ 1264.222453][    C0] 
[ 1264.224746][    C0] The buggy address belongs to the physical page:
[ 1264.231120][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59300
[ 1264.239845][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1264.248306][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1264.255816][    C0] page_type: f5(slab)
[ 1264.259775][    C0] raw: 00fff00000000040 ffff88813ff26c80 ffffea000100bd00 dead000000000002
[ 1264.268327][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1264.276879][    C0] head: 00fff00000000040 ffff88813ff26c80 ffffea000100bd00 dead000000000002
[ 1264.285519][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 1264.294155][    C0] head: 00fff00000000002 ffffea000164c001 00000000ffffffff 00000000ffffffff
[ 1264.302802][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 1264.311441][    C0] page dumped because: kasan: bad access detected
[ 1264.317820][    C0] page_owner tracks the page as allocated
[ 1264.323498][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5818, tgid 5818 (syz-executor), ts 70103746940, free_ts 16504034817
[ 1264.344820][    C0]  post_alloc_hook+0x1af/0x220
[ 1264.349562][    C0]  get_page_from_freelist+0xd0b/0x31a0
[ 1264.354987][    C0]  __alloc_frozen_pages_noprof+0x25f/0x2430
[ 1264.360846][    C0]  alloc_pages_mpol+0x1fb/0x550
[ 1264.365680][    C0]  new_slab+0x2c3/0x430
[ 1264.369811][    C0]  ___slab_alloc+0xe18/0x1c90
[ 1264.374460][    C0]  __slab_alloc.constprop.0+0x63/0x110
[ 1264.379892][    C0]  __kmalloc_cache_noprof+0x485/0x800
[ 1264.385236][    C0]  device_add+0xcf2/0x1980
[ 1264.389631][    C0]  netdev_register_kobject+0x1a9/0x3d0
[ 1264.395059][    C0]  register_netdevice+0x13ac/0x21d0
[ 1264.400227][    C0]  virt_wifi_newlink+0x43e/0xa10
[ 1264.405136][    C0]  rtnl_newlink+0xc19/0x1f50
[ 1264.409697][    C0]  rtnetlink_rcv_msg+0x95e/0xe90
[ 1264.414609][    C0]  netlink_rcv_skb+0x158/0x420
[ 1264.419343][    C0]  netlink_unicast+0x5aa/0x870
[ 1264.424088][    C0] page last free pid 1 tgid 1 stack trace:
[ 1264.429865][    C0]  __free_frozen_pages+0x7df/0x1170
[ 1264.435042][    C0]  free_contig_range+0x183/0x4a0
[ 1264.439960][    C0]  destroy_args+0xb95/0x14e0
[ 1264.444525][    C0]  debug_vm_pgtable+0x2220/0x38d0
[ 1264.449537][    C0]  do_one_initcall+0x123/0x680
[ 1264.454274][    C0]  kernel_init_freeable+0x5c8/0x920
[ 1264.459445][    C0]  kernel_init+0x1c/0x2b0
[ 1264.463749][    C0]  ret_from_fork+0x983/0xb10
[ 1264.468306][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1264.473044][    C0] 
[ 1264.475351][    C0] Memory state around the buggy address:
[ 1264.480946][    C0]  ffff888059300300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1264.488983][    C0]  ffff888059300380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1264.497009][    C0] >ffff888059300400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1264.505035][    C0]                                ^
[ 1264.510109][    C0]  ffff888059300480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1264.518139][    C0]  ffff888059300500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1264.526166][    C0] ==================================================================
[ 1264.534301][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1264.541499][    C0] CPU: 0 UID: 0 PID: 16948 Comm: kworker/u8:8 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1264.552590][    C0] Tainted: [L]=SOFTLOCKUP
[ 1264.556888][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1264.566924][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1264.573667][    C0] Call Trace:
[ 1264.576917][    C0]  <IRQ>
[ 1264.579732][    C0]  dump_stack_lvl+0x3d/0x1f0
[ 1264.584295][    C0]  vpanic+0x640/0x6f0
[ 1264.588257][    C0]  panic+0xca/0xd0
[ 1264.591946][    C0]  ? __pfx_panic+0x10/0x10
[ 1264.596334][    C0]  ? check_panic_on_warn+0x1f/0xb0
[ 1264.601417][    C0]  check_panic_on_warn+0xab/0xb0
[ 1264.606325][    C0]  end_report+0x107/0x160
[ 1264.610641][    C0]  kasan_report+0xee/0x110
[ 1264.615032][    C0]  ? rose_send_frame+0x29a/0x2c0
[ 1264.619945][    C0]  rose_send_frame+0x29a/0x2c0
[ 1264.624687][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1264.630316][    C0]  rose_transmit_restart_request+0x1b8/0x240
[ 1264.636284][    C0]  rose_t0timer_expiry+0x1d/0x150
[ 1264.641287][    C0]  call_timer_fn+0x19a/0x5a0
[ 1264.645851][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1264.650934][    C0]  ? mark_held_locks+0x49/0x80
[ 1264.655668][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[ 1264.661274][    C0]  __run_timers+0x74a/0xae0
[ 1264.665748][    C0]  ? __pfx___run_timers+0x10/0x10
[ 1264.670745][    C0]  run_timer_base+0x114/0x190
[ 1264.675393][    C0]  ? __pfx_run_timer_base+0x10/0x10
[ 1264.680563][    C0]  run_timer_softirq+0x1a/0x40
[ 1264.685299][    C0]  handle_softirqs+0x219/0x950
[ 1264.690038][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1264.695297][    C0]  __irq_exit_rcu+0x109/0x170
[ 1264.699949][    C0]  irq_exit_rcu+0x9/0x30
[ 1264.704164][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1264.709770][    C0]  </IRQ>
[ 1264.712673][    C0]  <TASK>
[ 1264.715574][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1264.721520][    C0] RIP: 0010:in_aton+0xa4/0x150
[ 1264.726255][    C0] Code: 44 89 f8 5b 5d 0f c8 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 45 31 e4 eb 53 e8 28 f0 6e f8 89 de bf 0a 00 00 00 e8 5c ea 6e f8 <80> fb 0a 74 53 e8 12 f0 6e f8 48 83 c5 01 43 8d 04 a4 44 8d 64 43
[ 1264.745834][    C0] RSP: 0018:ffffc9000c937ae8 EFLAGS: 00000293
[ 1264.751870][    C0] RAX: 0000000000000000 RBX: 0000000000000032 RCX: ffffffff894ff654
[ 1264.759812][    C0] RDX: ffff8880280a4980 RSI: 000000000000000a RDI: 0000000000000001
[ 1264.767755][    C0] RBP: ffffffff8c50ab86 R08: 0000000000000001 R09: 000000000000000a
[ 1264.775699][    C0] R10: 0000000000000032 R11: ff3cc5d23e5bf983 R12: 0000000000000000
[ 1264.783640][    C0] R13: 0000000000000002 R14: dffffc0000000000 R15: 0000000000c00000
[ 1264.791587][    C0]  ? in_aton+0xa4/0x150
[ 1264.795717][    C0]  ? in_aton+0xa4/0x150
[ 1264.799843][    C0]  nsim_dev_trap_report_work+0x549/0xcf0
[ 1264.805463][    C0]  process_one_work+0x9ba/0x1b20
[ 1264.810383][    C0]  ? __pfx_cfg80211_wiphy_work+0x10/0x10
[ 1264.815997][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1264.821342][    C0]  ? assign_work+0x1a0/0x250
[ 1264.825904][    C0]  worker_thread+0x6c8/0xf10
[ 1264.830467][    C0]  ? __kthread_parkme+0x19e/0x250
[ 1264.835471][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1264.840555][    C0]  kthread+0x3c5/0x780
[ 1264.845043][    C0]  ? __pfx_kthread+0x10/0x10
[ 1264.849606][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1264.854342][    C0]  ? __pfx_kthread+0x10/0x10
[ 1264.858903][    C0]  ret_from_fork+0x983/0xb10
[ 1264.863464][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1264.868547][    C0]  ? __switch_to+0x7af/0x10d0
[ 1264.873197][    C0]  ? __pfx_kthread+0x10/0x10
[ 1264.877761][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1264.882502][    C0]  </TASK>
[ 1264.885787][    C0] Kernel Offset: disabled
[ 1264.890083][    C0] Rebooting in 86400 seconds..