last executing test programs:

6.256452048s ago: executing program 3 (id=2621):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x404c840)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000080)={0xa})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 2)

5.584868706s ago: executing program 3 (id=2625):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
fsopen(0x0, 0x0)
write$char_usb(r0, &(0x7f0000000080)='7', 0x1)
write$char_usb(r0, &(0x7f0000000280)='L', 0x1)
openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x204402, 0x1d6, 0x2a}, 0x18)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000100)={0x51})

2.808502621s ago: executing program 1 (id=2650):
r0 = socket(0x2b, 0x80801, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$inet6(0xa, 0x1, 0x84)
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r2, 0x40106f52, &(0x7f00000000c0)={0x29, &(0x7f0000000440)=[{0x28, '\x00', @buffer={"fa3ac6db3cbdf073aa9bb3538ad53a2725a4ab497c0877807ea35faf5c6a1cc5", 0x20}, 0x5}]})
setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
sendto$inet6(r1, &(0x7f00000002c0)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x27b6a97, @private2={0xfc, 0x2, '\x00', 0xff}, 0x8080}, 0x1c)
getsockopt$bt_hci(r1, 0x84, 0x6d, &(0x7f00000006c0)=""/4097, &(0x7f0000000040)=0x1001)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff, 0x35, 0x0, @val=@netfilter={0x1, 0x0, 0x100}}, 0x20)
r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000380)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000400)={r3, r4}, 0x10)
syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xc0, 0x100)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000100)={0x0, &(0x7f0000000040)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r7})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES64=r0, @ANYBLOB="01002dbd7000fcdbdf25300000000800063ef36da40018000180140002006272696467655f736c6176655f31"], 0x34}, 0x1, 0x0, 0x0, 0x40814}, 0x800)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000001700)={'team0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000032c0)=@deltfilter={0x1aa0, 0x2d, 0x800, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r9, {0x1, 0xfff1}, {0x3, 0x10}, {0x8, 0xc}}, [@filter_kind_options=@f_basic={{0xa}, {0x19f8, 0x2, [@TCA_BASIC_POLICE={0xcb4, 0x4, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0x6, 0x4, 0xfff, 0xb, 0x515, 0x1, 0x0, 0x6, 0x1, 0x7, 0xcd4, 0xffffffff, 0x1, 0x4, 0xfe85, 0x1, 0x400, 0x8f, 0x1ca, 0xbb, 0x10, 0x2, 0xc, 0x9, 0x5, 0x629, 0xfffffffd, 0x5, 0x0, 0xf, 0x81, 0x4, 0x1, 0xe, 0xf6c, 0x7, 0x9f9d, 0x35, 0x4, 0x1, 0x4, 0x80a, 0x0, 0x1, 0x1, 0x80000000, 0x0, 0xdf4, 0x2, 0x101, 0xe6, 0x0, 0xfffffffc, 0x8, 0x4, 0x7, 0x9, 0x2, 0x3, 0x0, 0x1, 0x6, 0xfd, 0x1, 0x8, 0x4, 0x101, 0x80000000, 0x2, 0x6, 0x9ce, 0xefc, 0x1ff, 0x9, 0x2, 0x0, 0x9, 0x5, 0x10, 0xc, 0x4, 0x5, 0x5, 0x0, 0x9, 0x4, 0x9, 0x9, 0x1, 0x8, 0x5, 0xffff508c, 0x6c7, 0xc, 0x2, 0x8, 0x100, 0x5950000, 0x0, 0x2, 0x1ff, 0x8, 0x0, 0x4, 0x2f4, 0xc, 0x2b1, 0x81, 0x9, 0x8, 0x8, 0x200, 0x6, 0x0, 0x80000001, 0xfff, 0x4009, 0x7, 0x200, 0x2, 0x3, 0x0, 0x2, 0x1, 0x8, 0x4, 0x4, 0x5, 0x7, 0xbf1, 0x400, 0x8, 0x200, 0x1, 0xf767, 0xffff, 0xff, 0x1, 0xffff, 0x6, 0x9, 0x4, 0x5, 0x4, 0x82ae, 0x9, 0x1, 0x6, 0x101, 0x6c, 0x0, 0x0, 0x9, 0xf97a, 0x40, 0x13f8, 0x6, 0xc4, 0x4, 0x2, 0x7, 0x5, 0xf, 0x4, 0xc8c2, 0x7, 0x5, 0x5, 0x4, 0x8, 0x2, 0x80, 0x200, 0x7, 0x101, 0x5, 0x0, 0x9, 0xfffffff8, 0x67, 0x2, 0x3, 0x6, 0x9, 0x9, 0x40, 0x0, 0x3d2fe44b, 0xf360, 0x3, 0x3a25, 0x3, 0x0, 0x1, 0x9e, 0xfffffff9, 0x7fffffff, 0x4, 0x9, 0x7, 0x5, 0x5, 0x2, 0x4, 0x8, 0x1, 0xe, 0xe36, 0x81, 0x8, 0x31, 0x5, 0x30, 0x3, 0xfffffff8, 0x0, 0x4, 0x3ff, 0xfffffff9, 0x0, 0x9, 0x3, 0x1, 0x8, 0x6, 0x0, 0xffffffff, 0x1, 0xab, 0x5, 0x1ff, 0x7f, 0xfffffffb, 0x401, 0x6, 0x0, 0x8, 0x6, 0x9f07, 0x9, 0x0, 0xfffffff0, 0x3, 0xd1, 0x7, 0x8001, 0x0, 0x81, 0x8, 0x7, 0x7, 0x2, 0xfffffff7, 0xb, 0x7]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x80000000}, @TCA_POLICE_RATE={0x404, 0x2, [0x100, 0x7, 0x2ae, 0x8515, 0x1, 0xfff, 0xe1a, 0x9, 0x40, 0x8, 0xfffeffff, 0x800, 0xfffeffff, 0x9, 0x9, 0x5, 0x9, 0x0, 0x800, 0x2, 0x7, 0xb, 0x6, 0x7, 0x1, 0x1, 0x7, 0xffffff29, 0x4, 0x80000001, 0x8, 0x10, 0xc, 0x0, 0x200, 0x9, 0x78, 0x1, 0x0, 0x8fe4, 0x0, 0x0, 0xb159, 0x6, 0xfff, 0x2, 0x60000000, 0x9, 0x0, 0x9, 0x4, 0x8001, 0x9, 0x389dfa56, 0xb, 0x629, 0x252, 0x5, 0x7fffffff, 0xffff6c0c, 0x5, 0xffff4e51, 0x9, 0x6, 0x0, 0xffff, 0x9, 0x80000001, 0x5, 0x6, 0xfffffff7, 0x5, 0x6, 0x401, 0xb, 0x1, 0x400, 0x3, 0x3, 0x8, 0x9, 0x3ff, 0x7fffffff, 0xb7, 0x1, 0x2, 0xcc76, 0x7f, 0x9, 0xb53, 0x1, 0x7, 0xffffff7f, 0x3e, 0x48, 0x9, 0x10000, 0xc5, 0x7fffffff, 0x10000, 0x8, 0xc9a, 0x8, 0x5, 0x1, 0xe096, 0x6, 0xfff, 0x53, 0xe, 0xffffffff, 0x8, 0xf, 0x8000, 0x8, 0x7, 0x9, 0x0, 0x8, 0x16, 0x8, 0x7, 0xb4e, 0x5, 0x9, 0x4, 0x3, 0x3, 0x0, 0x200, 0x35c, 0x3, 0xfffffffa, 0x4, 0x8, 0x4, 0x1, 0x4, 0x6, 0xc, 0x9, 0x4, 0xb, 0x1, 0x3, 0xd3e2, 0x2, 0x8001, 0x8, 0x7, 0x200, 0x2, 0x101, 0x101, 0x5, 0xfffffff9, 0x9, 0x2e4a, 0x6, 0x6, 0x7, 0x8, 0x2, 0x9, 0x81, 0x7f, 0x0, 0x4, 0x0, 0xd7, 0x10, 0x1, 0xb444, 0x1000003, 0x0, 0xf1, 0x7ff, 0x9, 0x7, 0x9, 0x76e58123, 0x3, 0x8, 0x7, 0x3, 0x6e, 0x5, 0x1, 0x998, 0x68, 0x4, 0x9, 0x3, 0x0, 0x2b8, 0xed, 0x9, 0x5, 0xfc, 0xfff, 0x9700, 0xffff64b0, 0x8, 0x1, 0x10001, 0x9, 0x6, 0x6, 0xdcbc, 0x9, 0x8, 0x1, 0xffffffff, 0xa, 0x101, 0x8, 0x5278, 0x8, 0x10, 0x0, 0x2, 0x7fff, 0x7, 0x5b1a, 0x60e, 0x1, 0x8, 0x4, 0xd50, 0x4, 0xfffffffc, 0xffff2024, 0x4, 0x4, 0x0, 0x9, 0x7, 0x5, 0x8, 0x111, 0x0, 0x400, 0x9, 0x9, 0x101, 0x9, 0x5, 0xffffffff, 0x3, 0x0, 0x4, 0x101, 0x9, 0x7, 0x40, 0x1]}, @TCA_POLICE_RATE={0x404, 0x2, [0xa6, 0x8, 0x5, 0xfffffffe, 0x7ff, 0x10001, 0x3, 0x1, 0xffffffff, 0x401, 0x7, 0xfc, 0x4, 0x7, 0x4, 0xa, 0x9, 0x3, 0xff, 0x3, 0x246, 0x9, 0x0, 0xc, 0x7fffffff, 0x30, 0x4, 0x200, 0x1, 0x0, 0xe408, 0x5, 0x80, 0xe779, 0x6, 0x1, 0x101, 0x0, 0x9, 0x1, 0x2, 0x400, 0x1, 0x7f, 0x7, 0x0, 0x101, 0x0, 0x3, 0x5, 0x400, 0x8, 0x0, 0xff, 0x400, 0x0, 0xe8c, 0x5b, 0x4, 0x2, 0xf2, 0x5, 0x9, 0x80000000, 0x5, 0xffffffff, 0xcbe3, 0x100000, 0x1, 0x9, 0xc, 0xff, 0x0, 0x4, 0x3, 0xfff, 0x1ff, 0x7, 0xffffffff, 0xe0, 0x80000001, 0x0, 0xd, 0x2, 0xfffffff5, 0x4, 0x800, 0x8, 0x6, 0x18a, 0xa, 0x8, 0x7, 0x4, 0x726, 0xfffffffd, 0x2, 0x9, 0x2, 0x4, 0x8, 0x529, 0xd98f, 0x3, 0x247b, 0x1ff, 0x4921, 0x7, 0x519e, 0x7, 0x4, 0x9, 0x7, 0x0, 0xc000000, 0x0, 0x6, 0x8, 0x0, 0x3, 0xff, 0x9, 0x7, 0x1, 0x0, 0x8, 0x1, 0x1, 0xe, 0x1, 0x2, 0x6, 0x7, 0x0, 0x3, 0x6a, 0x7fff, 0xfff, 0x0, 0x9, 0x5, 0xff, 0x8, 0x2, 0x1ff, 0x8, 0x10001, 0xfffffff8, 0x4, 0x7, 0xe, 0x9, 0x1, 0x5, 0x6530, 0x7c8, 0x18af5d19, 0x3f3, 0x549, 0x7, 0x7, 0x8, 0x8, 0x6, 0x9, 0x4, 0x7, 0x6, 0x8, 0x1, 0x481, 0x1, 0x2, 0x4a0, 0x100, 0xffffffff, 0xf6, 0x8, 0x200, 0x8, 0x8, 0x1, 0x0, 0x3bf, 0xffff, 0x6, 0x5, 0xfffffffa, 0x9, 0x6, 0x8e6, 0x7ff, 0x3, 0x2, 0x8, 0x7b6, 0x2ec, 0x81, 0x7, 0x3, 0x3f3, 0x62aa, 0x10001, 0x1, 0x3, 0x8a, 0x8, 0x4, 0x1, 0xee, 0x9c24e67, 0x300, 0x718, 0x5, 0x1, 0x200, 0x400000, 0x0, 0x3, 0x998, 0x6, 0x5, 0x2, 0x2, 0x1, 0x6, 0xc97, 0x2, 0xc, 0x3, 0x8000, 0x0, 0x0, 0x0, 0x1, 0x9, 0xfffffffd, 0x4, 0x3, 0x9, 0x4, 0xa, 0x4, 0x7, 0x1b4d9113, 0x7fff, 0x400, 0x7, 0x8, 0x80000001, 0xfffffeff, 0xfffffffc, 0xfffffffc, 0x9, 0x3, 0xcc15]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x101}, @TCA_POLICE_TBF={0x3c, 0x1, {0x6e63, 0x10000000, 0x87, 0xff, 0x1, {0x7, 0x2, 0x10, 0x3, 0x3, 0x80}, {0xc3, 0x0, 0x0, 0x5d, 0xdaa, 0x7}, 0x8, 0x7f, 0x2}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0xfffffffe, 0x3, 0x5, {0xb, 0x2, 0x0, 0x4, 0x3, 0x1000}, {0xf5, 0x0, 0x4, 0x2, 0x6, 0x2}, 0x6, 0x5, 0x100}}, @TCA_POLICE_RATE64={0xc, 0x8, 0x45b7ba59}]}, @TCA_BASIC_EMATCHES={0xc, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x800}}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0xf, 0x4}}, @TCA_BASIC_EMATCHES={0x48, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x5cb, 0x1, 0x1}, {0x8, 0x9, 0xd454, 0x1, 0x3, 0x2, 0x1}}}, @TCF_EM_META={0x28, 0x3, 0x0, 0x0, {{0x56aa, 0x4, 0x7}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x8}, {0x2, 0x0, 0x1}}}, @TCA_EM_META_RVALUE={0xd, 0x3, [@TCF_META_TYPE_VAR="c8578248a5af02d7aa", @TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR]}]}}]}]}, @TCA_BASIC_POLICE={0x450, 0x4, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6d31, 0x4, 0x0, 0x0, 0x7, 0x3, 0x0, 0xe0000, 0x5, 0x0, 0x3ff, 0xe1, 0x10, 0x8001, 0xf8, 0x6, 0x1000, 0x4, 0x1, 0x10000, 0x8, 0x7fffffff, 0x0, 0x0, 0xfff, 0x5, 0x81, 0x2, 0xcd7, 0x5, 0x8, 0x4, 0x8001, 0x800, 0x981, 0x5, 0xa, 0x0, 0x4, 0x0, 0xe5bc, 0x3, 0x80000000, 0x400, 0x5, 0x1, 0x1, 0x9, 0x1, 0x7fffffff, 0x5, 0x7fffffff, 0x401, 0x7f, 0x1, 0xb, 0xae8, 0x7, 0xd, 0x6, 0x7, 0x0, 0x5, 0x1, 0x3, 0x6c5b, 0x3, 0xe, 0x7, 0x519, 0x800, 0x3, 0x2, 0x1, 0x7, 0x0, 0x1, 0x3, 0x9, 0x1, 0x4, 0x0, 0x4, 0x1, 0x0, 0x6, 0xfffffffa, 0x7fffffff, 0x6, 0x2, 0x1123, 0x8, 0xfff, 0xfffffffc, 0x1, 0xc0000000, 0xfffffffd, 0xc, 0x68, 0x6, 0x0, 0x1, 0xfffff800, 0x7ff, 0x3, 0x9, 0x3, 0x6, 0x101, 0x48f3, 0x2, 0x9, 0x0, 0x5, 0xfffffff0, 0x101, 0x3, 0x0, 0x200, 0x7, 0x2, 0x4, 0x101, 0x4, 0x3, 0xfff, 0x5d68648e, 0x800, 0x0, 0xeaf, 0x5, 0x1, 0x9, 0x7, 0xf0, 0x5, 0x5d, 0x1, 0x4, 0x96, 0x3, 0xd, 0x4, 0xb, 0x5, 0x4, 0x1, 0x7f, 0x4f, 0xfffffffe, 0x12, 0xf0ac, 0x3395, 0x9, 0x4, 0xfff, 0x1, 0xffffffff, 0x4, 0x200, 0xffffffff, 0x2, 0xeabd, 0xaec, 0x1, 0x4a3c, 0x8, 0xfffffffa, 0x6267fd8f, 0x3ff, 0x4, 0x67c, 0x7, 0xf, 0xfffffff7, 0x50a4, 0x800, 0x8, 0x48, 0xbe, 0x9, 0x0, 0x3, 0x5, 0x8, 0xfffffff9, 0xffffff7f, 0x3, 0x4, 0x7, 0xd268, 0x5, 0x2, 0x4, 0x7, 0x7ff, 0x9, 0x7bb, 0x2, 0x41, 0x2, 0x7, 0xb391, 0x1, 0x7, 0x6, 0x6, 0x0, 0x1ff, 0x9, 0x8, 0x7, 0x1, 0x80000001, 0x4, 0x14, 0x6, 0x4, 0x10000, 0x4, 0xc7d, 0xa, 0x10000, 0x4, 0x3, 0x1ff, 0x28, 0x5, 0x0, 0x80000000, 0xb960277, 0x6, 0xdd, 0xfd, 0xda, 0xa86, 0x8000, 0x5, 0x280, 0x3, 0x1, 0x1, 0x3, 0x77, 0xffffffff, 0x1ff, 0x2, 0x3, 0x7, 0x0, 0x8, 0x4, 0x74ab, 0x8c96, 0x1, 0x7]}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x2, 0x3, 0x4a33, 0x7, {0xf7, 0x1, 0x3, 0x10, 0xffff, 0xffffffff}, {0x4, 0x1, 0x2, 0x400, 0x6, 0x2}, 0x7, 0xcc, 0x8}}]}, @TCA_BASIC_EMATCHES={0x484, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x2e0, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x2, 0x0, 0x0, {{0x7f, 0x9, 0x98}, [@TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x80}, @TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}]}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x1ff, 0x7, 0x1}, {{0x0, 0x0, 0x0, 0x1}, {0x4, 0x1}}}}, @TCF_EM_CONTAINER={0xd4, 0x1, 0x0, 0x0, {{0x562d, 0x0, 0x7ff}, "7311847bebdd9f1603eb1c7186f4c5a87264fdb9012c02c0e9e43c5f6e5f891da52d3536c39e747696c11d94587fc722a440d412dd5af4173f2bec27ac6684ba2610ee78b2cff48d09a9fc1bf6ccfde0fc0f02b37e4112a736028724515631544ea0a80647d61447451e8b09583dd16c0d20669341b09c72c03f91c210d3bca379c4fc473d2b6e495a52db3a31ba8a980b3440b5df7e6d05e0b7d48962e39216f066c87948248abf074f3b7a2f1c20538367d2685307ddfb11e2a3ae53dc42f3920ea76768cb1c"}}, @TCF_EM_CONTAINER={0x9c, 0x3, 0x0, 0x0, {{0x3, 0x0, 0xe}, "7add33edd673c8817d0b050bffd541db11738f8f3749fc730330b958429d607a57aede47c3d49d12f775187ca050aa71c653e81f7b7b24160a7cd418fd16aff1cb93eab403d12709caed44ab6b5e8ad882e7f812f670d438071285851de18ff42fb59d370c8238f712ef610b8e09f69b07f2687d121a10a08e39f985a7519fe58fb99f43edcf6c615697c369c29a3728"}}, @TCF_EM_IPT={0x14, 0x3, 0x0, 0x0, {{0x7, 0x9, 0x2}, [@TCA_EM_IPT_HOOK={0x8}]}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x9, 0x8, 0x3}, {0x1, 0x0, 0x4}}}, @TCF_EM_META={0x5c, 0x1, 0x0, 0x0, {{0x9, 0x4, 0xfffa}, [@TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_LVALUE={0x2a, 0x2, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="cd1c59620b", @TCF_META_TYPE_VAR="9f1c14b246ba05626e", @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x1]}, @TCA_EM_META_LVALUE={0x20, 0x2, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="c27778e3fdf76cdc", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="27740956a9681dfe"]}]}}, @TCF_EM_CONTAINER={0xb4, 0x2, 0x0, 0x0, {{0x2a8c, 0x0, 0x5}, "3ce4a118d893ab372c0441a7d098631680a7a6220997b28190522db3edf6413890f0eed752dc1113ad8ca5704477d60e3dea9ee789751ae0736f6fde581f2ebe06e2a50b46f6d425db32f5ba49391a86887eb24e1ae416113a64dce606d3be9ed6c108ced271d543c7db6bc9b0917dbc4e387856db997cac3787baed90822cb83d5f7fba63ba23eac1a40ed138e0781c7c4108287ff8445caa6b2ae7a8d588bdba3f472899"}}]}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x198, 0x2, 0x0, 0x1, [@TCF_EM_META={0x4c, 0x2, 0x0, 0x0, {{0x4, 0x4, 0x3}, [@TCA_EM_META_RVALUE={0x22, 0x3, [@TCF_META_TYPE_VAR="c9305ba7a09b", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="c1609cc298f6a09e", @TCF_META_TYPE_INT=0x3]}, @TCA_EM_META_RVALUE={0x1a, 0x3, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="39fb510aa3", @TCF_META_TYPE_VAR="d568b09b86a8c1eb", @TCF_META_TYPE_VAR="7eaa", @TCF_META_TYPE_VAR="ecf409"]}]}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3, 0x1, 0x2}, {0x1, 0x1, 0x7fff, 0x1, 0x0, 0x3, 0x1}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x5, 0x8, 0x8}, {0x2, 0x4}}}, @TCF_EM_NBYTE={0x1c, 0x2, 0x0, 0x0, {{0x4, 0x2, 0x4e2}, {0x5, 0xa, 0x2, "7c1dfc7bda5ac0b6da80"}}}, @TCF_EM_IPT={0xf0, 0x1, 0x0, 0x0, {{0x1, 0x9, 0x8}, [@TCA_EM_IPT_MATCH_DATA={0x71, 0x5, "5cdc54b6458e87093e9243395f16f1456c722a55269aafc2d894d2a49ebbbc5fff3f861391880181d88f0afd24466e645d48c16588e2f8bb31672d46b54d4e7967eafb26ea5b35bc2adea8ec3f3be1bbfbcc57965d27c51fcc70708ac32bee02f33090f9dfe9a0bf82aedde860"}, @TCA_EM_IPT_MATCH_DATA={0x70, 0x5, "bf8c960ce5c60cd99d0cdc77aa70d2fa7fb65185966d22812800608d356b7b2bf4005dde5eef0d4228d628adb89686ff82b5cd260ef59ffc07e05a499c7c8729558086480839f5a165cd7479d283b93ff39eba73f9f4237a234c1f6c6d7230fb509e3bec424c8cec02b2cebe"}]}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x401, 0x7, 0x7ff}, {{0x3, 0x0, 0x1}, {0x1, 0x1, 0x1}}}}]}]}, @TCA_BASIC_POLICE={0x410, 0x4, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x9}, @TCA_POLICE_RATE={0x404, 0x2, [0x4e, 0xab1, 0x1, 0x4, 0xff, 0xc, 0x1, 0x88, 0xf, 0x80000000, 0x7, 0x8, 0xb, 0x8000, 0x3, 0xe2, 0xe8, 0x0, 0x0, 0x7fff, 0x19, 0x4, 0x8, 0x1, 0x9, 0xfff, 0x1, 0xc, 0x9, 0x5, 0x3, 0x2, 0x1ff, 0xbd, 0x2, 0x374, 0x4, 0x81, 0x8, 0xffffff0b, 0xe7, 0x4, 0x401, 0x22, 0x5, 0xfffffff9, 0x10001, 0x7fffffff, 0x9, 0x5, 0x6, 0x1d6, 0x7, 0x9, 0x2, 0x2, 0x800, 0x9, 0xc, 0x7f, 0x80000001, 0xc, 0x6, 0x80, 0x7, 0xffff, 0x6, 0x5, 0x5e8a, 0x7, 0xffff0f81, 0x6, 0x0, 0x9, 0x8, 0x0, 0x9, 0x81, 0x8, 0x1, 0x31f4614e, 0x2, 0x8, 0x4, 0x1, 0x4, 0x2, 0x3ff, 0x0, 0x400, 0x6, 0x17, 0x0, 0x8, 0x3ff, 0x15ba, 0x2, 0xbde, 0x1ff, 0x2, 0xbf, 0x8, 0x4a, 0x2, 0x7, 0x5, 0x2, 0xc3, 0xdc4, 0x7, 0x9, 0xd, 0x9, 0x4cb, 0xff, 0x0, 0x2, 0xfffffffe, 0x80000000, 0x8, 0x7, 0x7, 0x6, 0x81, 0x5, 0xf, 0xfffffffd, 0x9, 0x0, 0x3, 0x0, 0x8001, 0x0, 0x3, 0x2, 0x6, 0x4, 0x5, 0x865, 0xfffffe01, 0xe3, 0x80000001, 0x7, 0x35e4, 0x9, 0x40, 0x9, 0x8000, 0x400, 0x9, 0x2, 0xfffffc00, 0x2, 0x2422, 0x7, 0xdce, 0x2, 0xfffffffe, 0x7, 0x9, 0x2, 0x3, 0xf, 0x59, 0x2478cc8b, 0xfffffffc, 0xf, 0xbbe9, 0x8, 0xfffffff8, 0x4, 0x8, 0x75e, 0xffffffff, 0x2168, 0x9, 0x8, 0xaf, 0x9, 0x400, 0x37, 0x7, 0x4, 0x0, 0x6f90, 0x5, 0x79, 0xffffffff, 0x9, 0xa, 0xa, 0x3, 0xaf, 0x3, 0x2d38, 0x0, 0x0, 0xffff63df, 0x5, 0x0, 0x3, 0x4, 0x0, 0x401, 0x6, 0x2, 0xba43, 0x400, 0x8, 0x1, 0x6, 0xbb1, 0x0, 0xa32c, 0x10, 0x1, 0x1, 0x6, 0x3, 0x81, 0xb, 0xec, 0x0, 0x0, 0xfffffff9, 0x0, 0x6, 0x3, 0x6, 0x8, 0x0, 0x8, 0x5, 0x2, 0x3, 0x5, 0x1, 0x5, 0x8, 0xfffffffc, 0x6, 0x9, 0x7, 0x8, 0x0, 0x101, 0x6, 0x0, 0x4, 0xfe5, 0x2, 0xfffffff9, 0xd, 0x2b8, 0x80000000, 0x3]}]}]}}, @filter_kind_options=@f_flower={{0xb}, {0x5c, 0x2, [@TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0xff, 0x0, 0xff, 0xff, 0x0, 0xff]}, @TCA_FLOWER_KEY_MPLS_TTL={0x5, 0x43, 0x5}, @TCA_FLOWER_KEY_SCTP_SRC={0x6}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5, 0x4c, 0x60}, @TCA_FLOWER_KEY_ENC_OPTS={0x4}, @TCA_FLOWER_KEY_VLAN_ETH_TYPE={0x6, 0x19, 0x88a8}, @TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @remote}, @TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0x0, 0xff000000, 0xffffff, 0xff]}]}}, @TCA_CHAIN={0x8, 0xb, 0xfffffff9}, @TCA_RATE={0x6, 0x5, {0x81, 0x15}}]}, 0x1aa0}}, 0x8001)
r10 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80600, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r10, 0xc020662a, &(0x7f0000001740)={0x5, 0xff, 0x1, 0x6, 0x1, 0x0, [{0x9, 0x4, 0x7, '\x00', 0x3800}]})
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r12, 0x4068aea3, &(0x7f0000000040)={0xc4, 0x0, 0x7})

2.617241581s ago: executing program 0 (id=2655):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=@newqdisc={0x838, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x80c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xfffffffe, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x4, 0xffff, 0x7, 0x0, 0x2, 0x101, 0x6, 0xfffffffc, 0x4, 0x1, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x2, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x80000001, 0x400, 0x8, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0x1, 0x7, 0x40, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xff, 0x9, 0xa7, 0x12, 0x2, 0x0, 0x3, 0x1000, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x200, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc00, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x0, 0x2, 0x5, 0x9, 0x3, 0x0, 0x800, 0x2, 0x8, 0x7ff, 0x1, 0x80000009, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0xcd34, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x8, 0x3, 0x9, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x1fd, 0x2]}, @TCA_TBF_PTAB={0x404, 0x3, [0x8, 0x200006, 0xd, 0x400, 0x0, 0x3, 0x5, 0x10000, 0x7, 0x4, 0x81, 0x0, 0x8, 0x0, 0x9, 0x5, 0xc0000, 0x8001, 0x1, 0x2000, 0x1, 0x8da5, 0x1, 0x4, 0x2, 0x6, 0x58, 0x7, 0x6f, 0x8, 0x3, 0x4, 0x9, 0x1000, 0x4, 0x80000000, 0x6, 0x80000001, 0x3, 0x1, 0x9bc, 0x100, 0xa, 0xfff, 0x8, 0x9, 0x7, 0x7fffffff, 0xf4b3, 0x1, 0x0, 0x8, 0x8, 0x6, 0xd815, 0xfffffff9, 0x2, 0x401, 0x9, 0x36, 0xf, 0x74, 0xbbc, 0x9, 0x0, 0x6, 0x8, 0x5, 0x6, 0xb, 0x5, 0x5, 0x4e3, 0x200, 0x0, 0x9, 0x8001, 0x2, 0x1000, 0x7fffffff, 0x46a3, 0x6, 0x2, 0x1dd50645, 0x401, 0x5, 0x101, 0xbf, 0x0, 0x9, 0x3, 0x65, 0xffffff13, 0x2, 0x30, 0x1a3f, 0x2, 0x389c, 0x4, 0x3, 0x3ff, 0x4, 0x4, 0x6, 0xf3bb, 0x1ff, 0x8, 0xf, 0xb, 0x401, 0x4, 0x1000, 0x1, 0x8, 0x1, 0x7ff, 0x7fff, 0x8, 0x408, 0x3ff, 0x4, 0x1, 0xffff, 0x7fff, 0x2, 0x9, 0x1, 0xfff, 0x0, 0xfffffffe, 0x4, 0x0, 0x101, 0x78f0, 0xf, 0x7, 0x0, 0x3, 0xf1c7, 0x100, 0x3, 0x4, 0xfffffffe, 0xffffff7f, 0x3, 0x0, 0x6, 0xd, 0x3, 0xa, 0x8, 0x200, 0x0, 0x400, 0x9, 0x6, 0x132f, 0xaba3, 0x1, 0x3, 0x1, 0x5, 0x6f788000, 0xc, 0x1ff, 0x40, 0x8, 0x3, 0x2, 0x1, 0x0, 0x71, 0xb13, 0x4, 0xbc5, 0x0, 0x7, 0xffff, 0x100, 0x7b58, 0x1, 0x807, 0x1ff, 0x3, 0x400, 0x80000000, 0x1040, 0x3, 0xfffffffa, 0x9a5, 0x8, 0x5, 0x1, 0x9, 0x3, 0x9, 0x7, 0x3, 0x1, 0x101, 0x2, 0x6, 0x598f, 0x5, 0x8e, 0x0, 0xa, 0x9, 0x1000, 0x8, 0xd00f, 0x2, 0x1, 0x6, 0x2a, 0x7, 0x100, 0x24e, 0xbd, 0x2, 0x2800000, 0x807, 0x0, 0x401, 0x6, 0x2, 0x9, 0x7039, 0x4, 0x1, 0x9, 0x1, 0xb18, 0x2, 0xfffffffe, 0x26e, 0x6, 0x5c, 0x8, 0x100, 0x3ff, 0x1, 0x0, 0xb, 0x10000, 0x8, 0x6, 0x2, 0x6, 0x7, 0x2, 0x7ff, 0x1, 0x4, 0x8001, 0x3]}]}}]}, 0x838}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000200)="2478546ca4fa3b0bfe4ddf30cc5a", 0xe, 0x4000050, 0x0, 0x0)
r8 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004)

2.422595189s ago: executing program 3 (id=2656):
open(0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0)
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae", 0x1e, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14)

2.211553527s ago: executing program 3 (id=2658):
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x1, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x40000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x5, 0x20008b}, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
ioctl$SIOCAX25DELFWD(r0, 0x89eb, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_emit_ethernet(0x80e, &(0x7f00000001c0)=ANY=[@ANYRESDEC], 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, 0x0, 0x4000040)
r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0\x00'})
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0x48, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x0, 0x8}}]}, 0x38}}, 0x4000)

2.172662993s ago: executing program 0 (id=2659):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0xe}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8}, @TCA_CODEL_TARGET={0x8, 0x1, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x55}, 0xc010)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0x29, 0x0, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632177fb7f0200017f020001be3e7d2a182fff", 0x0, 0x3e8, 0x6000000000000000, 0xfc, 0x0, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c266"}, 0x50)

2.027100406s ago: executing program 0 (id=2661):
r0 = syz_create_resource$binfmt(&(0x7f0000000440)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0', [{0x20, '#.:$@}}}\xcc]*\\\\,{/'}, {0x20, ':,[+^)'}, {}, {0x20, '/'}, {0x20, '[$'}, {0x20, '\x14! '}]}, 0x2d)
openat$binfmt(0xffffffffffffff9c, r0, 0x41, 0x1ff)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

1.94285107s ago: executing program 0 (id=2662):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x1, 0x6, {0x77359400}, {0x1, 0x8, 0x5, 0x9, 0x64, 0x5, ' \x00'}, 0xfffffff7, 0x1, {}, 0x2})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000080)={r3, 0x44}, &(0x7f0000000180)=0x8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x14, r5, 0x1, 0x1fff, 0x0, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)

1.870140821s ago: executing program 3 (id=2663):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='cdg', 0x6)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f00000000c0), 0xffffffffffffffef, 0xf401, 0x0, 0x0)

1.869235587s ago: executing program 0 (id=2665):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x40001}, 0x881)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000170900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}}, 0x2000c450)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000300000a2c000000060a010400000000000000000a00512f0900020073797832000015000973797a3100010000140000001100010000000000000000000e00000a"], 0x54}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000040)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0xe0}}, 0x0)
clock_gettime(0x1, &(0x7f0000004f40))
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)={0x14, 0x7, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x20004840}, 0x20008000)
inotify_init1(0x0)
r2 = dup(r0)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000080)={'syz0\x00', {0x3, 0x0, 0x0, 0x1}, 0x0, [0x1, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x1db, 0x1000, 0x10000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x20], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffd, 0x0, 0xfffffffe, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xf, 0x0, 0x0, 0x0, 0x1000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1000000, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x2, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffe, 0x5d1d8547]}, 0x45c)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r3, 0x4004556d, 0x0)
ioctl$UI_DEV_CREATE(r3, 0x5501)
write$uinput_user_dev(r3, &(0x7f0000000640)={'syz1\x00', {0x7, 0x6, 0x1ff, 0xfac}, 0x12, [0x6, 0x0, 0x8108, 0x7, 0xffffa184, 0x2c94cded, 0x4, 0x6, 0x2, 0x9, 0x4, 0x6, 0x4, 0xe1, 0x3ff, 0x8, 0x8, 0x9, 0x4, 0x40, 0xffffff01, 0x8, 0x8, 0x6, 0x7fffffff, 0xf618, 0x1, 0xfffffff9, 0x4, 0x10, 0x9, 0x101, 0x7, 0x9, 0xfffffffe, 0x3, 0x400000, 0xcf, 0x1, 0x0, 0xc0000, 0x2, 0x4, 0x7, 0x1, 0x9, 0xf, 0x6, 0x1, 0x200, 0x40ba, 0x3, 0xbd6, 0x7, 0x4, 0x80000000, 0x8, 0x101, 0x6, 0x6, 0xd53, 0x71, 0x5, 0xe1d], [0xb66, 0x1, 0xe2d, 0xa, 0x0, 0xfff, 0xfffff2d2, 0x4, 0x0, 0x8, 0x2, 0x5, 0x10001, 0x7bf, 0xa, 0xfffffffe, 0x3, 0xd6f, 0x5, 0xa, 0x9, 0x8, 0x1, 0x1, 0x3, 0x5, 0x2, 0xf, 0x0, 0x3b, 0x3, 0x475, 0x7, 0x10001, 0x128, 0x39, 0xff, 0x6, 0xedd7, 0x2, 0x5421, 0xaf, 0xffffffff, 0x5, 0x10001, 0x4, 0x5, 0x2, 0x9, 0x6, 0xe, 0x9, 0x5, 0x0, 0x20000007, 0x7fff, 0xeb1a, 0x0, 0x7, 0x4, 0x4, 0x8001, 0x10001, 0x5], [0xd, 0x4, 0x52c, 0xfb44, 0x7f, 0xe, 0xff, 0xfffffffa, 0x800, 0x9, 0x8001ff, 0x401, 0xfffffc21, 0x7, 0x7, 0x3b, 0xffffffff, 0x8, 0x800, 0x10001, 0x2, 0x18b, 0x8000, 0x508, 0x7, 0x10, 0x6, 0x6, 0x6, 0x9b0, 0x7, 0x4, 0xa, 0x60000000, 0x8001, 0x200, 0x7, 0x3, 0x9, 0x3f, 0x1, 0x4, 0x4, 0x6, 0x5, 0x10000, 0xfffffffb, 0xb, 0x0, 0x7ff, 0x9, 0x4, 0x8, 0x6, 0x7fff, 0x8001, 0x0, 0x80, 0xd0b, 0x800, 0x9, 0x1b, 0x5, 0xfffff432], [0x4, 0x2000000, 0x8, 0x2, 0xffffffff, 0xfffff5c9, 0x0, 0x1000, 0x0, 0x4, 0x6, 0x8, 0x6, 0x0, 0x2, 0x81, 0x100, 0xfffffff7, 0x5, 0x3, 0x10, 0x7c1d, 0x80, 0x8, 0x2, 0x7, 0x7, 0x0, 0x1d, 0x80000000, 0x3, 0xfb0, 0x9, 0x3, 0x3d9, 0xc27, 0x1, 0x2, 0x5, 0x81, 0x7, 0x6, 0x3, 0x2, 0x1ff, 0x7, 0x6c56, 0x4, 0x9, 0xfffffffd, 0x3, 0x8001, 0x5, 0x8, 0x2, 0x3, 0x4, 0x4, 0xfff, 0x8, 0x291, 0x101, 0x5]}, 0x45c)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x2, 0x5}}, 0x34000)

1.707665394s ago: executing program 1 (id=2666):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0040, 0x0)
fcntl$notify(r0, 0x402, 0x80000026)

1.616246114s ago: executing program 1 (id=2667):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=@newqdisc={0x838, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x80c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xfffffffe, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x4, 0xffff, 0x7, 0x0, 0x2, 0x101, 0x6, 0xfffffffc, 0x4, 0x1, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x2, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x80000001, 0x400, 0x8, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0x1, 0x7, 0x40, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xff, 0x9, 0xa7, 0x12, 0x2, 0x0, 0x3, 0x1000, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x200, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc00, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x0, 0x2, 0x5, 0x9, 0x3, 0x0, 0x800, 0x2, 0x8, 0x7ff, 0x1, 0x80000009, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0xcd34, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x8, 0x3, 0x9, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x1fd, 0x2]}, @TCA_TBF_PTAB={0x404, 0x3, [0x8, 0x200006, 0xd, 0x400, 0x0, 0x3, 0x5, 0x10000, 0x7, 0x4, 0x81, 0x0, 0x8, 0x0, 0x9, 0x5, 0xc0000, 0x8001, 0x1, 0x2000, 0x1, 0x8da5, 0x1, 0x4, 0x2, 0x6, 0x58, 0x7, 0x6f, 0x8, 0x3, 0x4, 0x9, 0x1000, 0x4, 0x80000000, 0x6, 0x80000001, 0x3, 0x1, 0x9bc, 0x100, 0xa, 0xfff, 0x8, 0x9, 0x7, 0x7fffffff, 0xf4b3, 0x1, 0x0, 0x8, 0x8, 0x6, 0xd815, 0xfffffff9, 0x2, 0x401, 0x9, 0x36, 0xf, 0x74, 0xbbc, 0x9, 0x0, 0x6, 0x8, 0x5, 0x6, 0xb, 0x5, 0x5, 0x4e3, 0x200, 0x0, 0x9, 0x8001, 0x2, 0x1000, 0x7fffffff, 0x46a3, 0x6, 0x2, 0x1dd50645, 0x401, 0x5, 0x101, 0xbf, 0x0, 0x9, 0x3, 0x65, 0xffffff13, 0x2, 0x30, 0x1a3f, 0x2, 0x389c, 0x4, 0x3, 0x3ff, 0x4, 0x4, 0x6, 0xf3bb, 0x1ff, 0x8, 0xf, 0xb, 0x401, 0x4, 0x1000, 0x1, 0x8, 0x1, 0x7ff, 0x7fff, 0x8, 0x408, 0x3ff, 0x4, 0x1, 0xffff, 0x7fff, 0x2, 0x9, 0x1, 0xfff, 0x0, 0xfffffffe, 0x4, 0x0, 0x101, 0x78f0, 0xf, 0x7, 0x0, 0x3, 0xf1c7, 0x100, 0x3, 0x4, 0xfffffffe, 0xffffff7f, 0x3, 0x0, 0x6, 0xd, 0x3, 0xa, 0x8, 0x200, 0x0, 0x400, 0x9, 0x6, 0x132f, 0xaba3, 0x1, 0x3, 0x1, 0x5, 0x6f788000, 0xc, 0x1ff, 0x40, 0x8, 0x3, 0x2, 0x1, 0x0, 0x71, 0xb13, 0x4, 0xbc5, 0x0, 0x7, 0xffff, 0x100, 0x7b58, 0x1, 0x807, 0x1ff, 0x3, 0x400, 0x80000000, 0x1040, 0x3, 0xfffffffa, 0x9a5, 0x8, 0x5, 0x1, 0x9, 0x3, 0x9, 0x7, 0x3, 0x1, 0x101, 0x2, 0x6, 0x598f, 0x5, 0x8e, 0x0, 0xa, 0x9, 0x1000, 0x8, 0xd00f, 0x2, 0x1, 0x6, 0x2a, 0x7, 0x100, 0x24e, 0xbd, 0x2, 0x2800000, 0x807, 0x0, 0x401, 0x6, 0x2, 0x9, 0x7039, 0x4, 0x1, 0x9, 0x1, 0xb18, 0x2, 0xfffffffe, 0x26e, 0x6, 0x5c, 0x8, 0x100, 0x3ff, 0x1, 0x0, 0xb, 0x10000, 0x8, 0x6, 0x2, 0x6, 0x7, 0x2, 0x7ff, 0x1, 0x4, 0x8001, 0x3]}]}}]}, 0x838}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000200)="2478546ca4fa3b0bfe4ddf30cc5a", 0xe, 0x4000050, 0x0, 0x0)
r8 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004)

1.291200363s ago: executing program 2 (id=2668):
open(0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0)
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae", 0x1e, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14)

1.215846248s ago: executing program 1 (id=2669):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0xe}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8}, @TCA_CODEL_TARGET={0x8, 0x1, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x55}, 0xc010)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0x29, 0x0, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632177fb7f0200017f020001be3e7d2a182fff", 0x0, 0x3e8, 0x6000000000000000, 0x104, 0x0, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a58"}, 0x50)

1.082459675s ago: executing program 2 (id=2670):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0281, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000080)=0xf18a) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x15) (async)
r2 = dup(r0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={0x14, 0x2, 0x6, 0x5}, 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x0)

1.082165179s ago: executing program 1 (id=2671):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x50, r1, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x50}, 0x4, 0x700000000000000}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100fdffffff000000001d00000008000300", @ANYRES32=r6, @ANYBLOB="40002f800c00020000000000000000000800010000000000280003801c0003800600010000000000080002000200000006000300a7aa0000080001"], 0x5c}}, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000000)={'wpan0\x00'})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r7, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)

995.889376ms ago: executing program 2 (id=2672):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.parent_freezing\x00', 0x275a, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa, @bcast, @bpq0, 0x0, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @bcast, @bcast]})
write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000b, 0x12, r0, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r3, 0x89f1, &(0x7f0000000000))

995.269998ms ago: executing program 1 (id=2673):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r1, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r2 = socket(0x2b, 0x80801, 0x1)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(streebog512-generic,ecb-twofish-avx)\x00'}, 0x58)
r4 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001300100000000000000000007374726565626f673531322d67656e65726963"], 0xe0}}, 0x0)
sendmsg$nl_crypto(r4, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xff, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0, 0x6, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000000880)=""/102384, 0x18ff0}], 0x1, 0x1903d}}], 0x48, 0x90}, 0x4000)
connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @empty, 0xfffffffe}, 0x1c)
r7 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)=<r8=>0x0)
pipe(&(0x7f0000000380)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940))
write$RDMA_USER_CM_CMD_BIND_IP(r10, &(0x7f0000000500)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x8, @mcast1, 0x2}}}, 0x30)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
splice(0xffffffffffffffff, 0x0, r11, 0x0, 0xf3a, 0x8)
lseek(r11, 0x8, 0x4)
sendmsg$IPCTNL_MSG_CT_DELETE(r9, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x74, 0x2, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0xa}, [@CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0xc, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0xfb}]}}, @CTA_SYNPROXY={0x14, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xb}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xffff}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000000}, 0x2010)
write$binfmt_misc(r11, &(0x7f0000000980), 0xfdef)
splice(r9, 0x0, r11, 0x0, 0x81, 0x2)
timer_settime(r8, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x8905, &(0x7f0000000140))

945.722834ms ago: executing program 3 (id=2674):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000cc0)=@newtaction={0x84, 0x30, 0x12f, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0xffffffe4}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x2}}}}]}]}, 0x84}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0xce22, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x1c) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0xffffffffffffffff, 0x6, 0x800000000000, 0x0, 0xfffffffffffffffd, 0xffd, 0x3, 0x0, 0x10000000000, 0x265b, 0x0, 0x1ff, 0x5, 0x0, 0x0, 0x6c], 0x0, 0xc11d0})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async, rerun: 64)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xff, 0x0, 0x7fff0000}]}) (rerun: 64)
close_range(r6, 0xffffffffffffffff, 0x0)

945.392183ms ago: executing program 0 (id=2675):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bind$rxrpc(r0, &(0x7f0000000100)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x4, @mcast2, 0x7da3}}, 0x24)
r4 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x717f, 0x100, 0x14, 0x7f}, &(0x7f0000000140)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000003c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd=r0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}})
io_uring_enter(r4, 0x3516, 0xffa7, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
get_robust_list(r1, 0x0, &(0x7f0000000500))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)

686.159546ms ago: executing program 2 (id=2676):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=@newqdisc={0x838, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r7, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x80c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xfffffffe, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x4, 0xffff, 0x7, 0x0, 0x2, 0x101, 0x6, 0xfffffffc, 0x4, 0x1, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x2, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x80000001, 0x400, 0x8, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0x1, 0x7, 0x40, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xff, 0x9, 0xa7, 0x12, 0x2, 0x0, 0x3, 0x1000, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x200, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc00, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x0, 0x2, 0x5, 0x9, 0x3, 0x0, 0x800, 0x2, 0x8, 0x7ff, 0x1, 0x80000009, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0xcd34, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x8, 0x3, 0x9, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x1fd, 0x2]}, @TCA_TBF_PTAB={0x404, 0x3, [0x8, 0x200006, 0xd, 0x400, 0x0, 0x3, 0x5, 0x10000, 0x7, 0x4, 0x81, 0x0, 0x8, 0x0, 0x9, 0x5, 0xc0000, 0x8001, 0x1, 0x2000, 0x1, 0x8da5, 0x1, 0x4, 0x2, 0x6, 0x58, 0x7, 0x6f, 0x8, 0x3, 0x4, 0x9, 0x1000, 0x4, 0x80000000, 0x6, 0x80000001, 0x3, 0x1, 0x9bc, 0x100, 0xa, 0xfff, 0x8, 0x9, 0x7, 0x7fffffff, 0xf4b3, 0x1, 0x0, 0x8, 0x8, 0x6, 0xd815, 0xfffffff9, 0x2, 0x401, 0x9, 0x36, 0xf, 0x74, 0xbbc, 0x9, 0x0, 0x6, 0x8, 0x5, 0x6, 0xb, 0x5, 0x5, 0x4e3, 0x200, 0x0, 0x9, 0x8001, 0x2, 0x1000, 0x7fffffff, 0x46a3, 0x6, 0x2, 0x1dd50645, 0x401, 0x5, 0x101, 0xbf, 0x0, 0x9, 0x3, 0x65, 0xffffff13, 0x2, 0x30, 0x1a3f, 0x2, 0x389c, 0x4, 0x3, 0x3ff, 0x4, 0x4, 0x6, 0xf3bb, 0x1ff, 0x8, 0xf, 0xb, 0x401, 0x4, 0x1000, 0x1, 0x8, 0x1, 0x7ff, 0x7fff, 0x8, 0x408, 0x3ff, 0x4, 0x1, 0xffff, 0x7fff, 0x2, 0x9, 0x1, 0xfff, 0x0, 0xfffffffe, 0x4, 0x0, 0x101, 0x78f0, 0xf, 0x7, 0x0, 0x3, 0xf1c7, 0x100, 0x3, 0x4, 0xfffffffe, 0xffffff7f, 0x3, 0x0, 0x6, 0xd, 0x3, 0xa, 0x8, 0x200, 0x0, 0x400, 0x9, 0x6, 0x132f, 0xaba3, 0x1, 0x3, 0x1, 0x5, 0x6f788000, 0xc, 0x1ff, 0x40, 0x8, 0x3, 0x2, 0x1, 0x0, 0x71, 0xb13, 0x4, 0xbc5, 0x0, 0x7, 0xffff, 0x100, 0x7b58, 0x1, 0x807, 0x1ff, 0x3, 0x400, 0x80000000, 0x1040, 0x3, 0xfffffffa, 0x9a5, 0x8, 0x5, 0x1, 0x9, 0x3, 0x9, 0x7, 0x3, 0x1, 0x101, 0x2, 0x6, 0x598f, 0x5, 0x8e, 0x0, 0xa, 0x9, 0x1000, 0x8, 0xd00f, 0x2, 0x1, 0x6, 0x2a, 0x7, 0x100, 0x24e, 0xbd, 0x2, 0x2800000, 0x807, 0x0, 0x401, 0x6, 0x2, 0x9, 0x7039, 0x4, 0x1, 0x9, 0x1, 0xb18, 0x2, 0xfffffffe, 0x26e, 0x6, 0x5c, 0x8, 0x100, 0x3ff, 0x1, 0x0, 0xb, 0x10000, 0x8, 0x6, 0x2, 0x6, 0x7, 0x2, 0x7ff, 0x1, 0x4, 0x8001, 0x3]}]}}]}, 0x838}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r8 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r8, &(0x7f0000000200)="2478546ca4fa3b", 0x7, 0x4000050, 0x0, 0x0)
r9 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmmsg$inet(r1, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r10, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

97.0444ms ago: executing program 2 (id=2677):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x48}}, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000340)={0x0, 0x7af7, 0x80, 0x1, 0x3de}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000020000000000000000000850000003600000095"], &(0x7f00000000c0)='GPL\x00', 0x5}, 0x94)
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000600)=[r5], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x400000080001001, 0x0, 0x0, 0x32})
io_uring_enter(r2, 0x47f3, 0x0, 0x0, 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r6, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x9, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000170000000400", "f4bd000000801900", [0xffffffff, 0x8000000000000000]}})

0s ago: executing program 2 (id=2678):
open(0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0)
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc0", 0x23, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14)

kernel console output (not intermixed with test programs):

17, bcdDevice=f5.2f
[  226.975610][  T830] usb 7-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  226.986081][  T830] usb 7-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  227.009089][  T830] usb 7-1: Manufacturer: syz
[  227.012047][  T830] usb 7-1: SerialNumber: Ќ
[  227.249796][T11330] loop6: detected capacity change from 0 to 2640
[  227.285148][T11330] ldm_validate_partition_table(): Disk read failed.
[  227.290706][T11330] Dev loop6: unable to read RDB block 0
[  227.294308][T11330]  loop6: unable to read partition table
[  227.342257][T11330] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  227.410413][T11337] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1917'.
[  227.438170][  T830] usbhid 7-1:1.0: couldn't find an input interrupt endpoint
[  227.449252][  T830] usb 7-1: USB disconnect, device number 33
[  227.675026][T11343] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  228.217855][T11365] loop6: detected capacity change from 0 to 2640
[  228.224019][T11365] ldm_validate_partition_table(): Disk read failed.
[  228.227627][T11365] Dev loop6: unable to read RDB block 0
[  228.238937][T11365]  loop6: unable to read partition table
[  228.241426][T11365] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  228.255629][T11367] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1926'.
[  228.276712][ T5336] ldm_validate_partition_table(): Disk read failed.
[  228.306971][ T5336] Dev loop6: unable to read RDB block 0
[  228.320050][ T5336]  loop6: unable to read partition table
[  228.963441][T11388] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1936'.
[  229.283375][ T3247] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  229.591155][ T3247] usb 6-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  229.602306][ T3247] usb 6-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  229.615724][ T3247] usb 6-1: config 1 interface 0 has no altsetting 0
[  229.628887][ T3247] usb 6-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  229.636571][ T3247] usb 6-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  229.673222][ T3247] usb 6-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  229.697063][ T3247] usb 6-1: Manufacturer: syz
[  229.701398][ T3247] usb 6-1: SerialNumber: Ќ
[  230.232471][ T3247] usbhid 6-1:1.0: couldn't find an input interrupt endpoint
[  230.246949][ T3247] usb 6-1: USB disconnect, device number 27
[  230.268709][ T5942] Bluetooth: hci1: unexpected event for opcode 0xffff
[  230.518019][T11422] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1947'.
[  231.573179][T11441] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1956'.
[  231.779384][T11445] loop6: detected capacity change from 0 to 2640
[  231.781460][ T5944] buffer_io_error: 69 callbacks suppressed
[  231.781480][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781512][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781535][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781559][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781582][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781621][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781658][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781683][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781697][ T5944] ldm_validate_partition_table(): Disk read failed.
[  231.781718][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781742][ T5944] Buffer I/O error on dev loop6, logical block 0, async page read
[  231.781777][ T5944] Dev loop6: unable to read RDB block 0
[  231.781906][ T5944]  loop6: unable to read partition table
[  231.969839][T11445] ldm_validate_partition_table(): Disk read failed.
[  231.974330][T11445] Dev loop6: unable to read RDB block 0
[  231.977353][T11445]  loop6: unable to read partition table
[  231.981152][T11445] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  231.992560][ T5336] ldm_validate_partition_table(): Disk read failed.
[  231.997076][T11456] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1954'.
[  232.008291][ T5336] Dev loop6: unable to read RDB block 0
[  232.008553][ T5336]  loop6: unable to read partition table
[  232.034872][T11456] vlan8: entered allmulticast mode
[  232.043901][T11456] bridge8: entered allmulticast mode
[  232.190939][T11462] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1965'.
[  232.256601][ T5942] Bluetooth: hci3: unexpected event for opcode 0xff03
[  233.279655][T11486] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1973'.
[  233.352616][T11488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1975'.
[  233.410161][T11490] vlan9: entered allmulticast mode
[  233.412966][T11490] bridge12: entered allmulticast mode
[  233.571663][T11501] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1976'.
[  233.672348][T11504] loop6: detected capacity change from 0 to 2640
[  233.685077][T11504] ldm_validate_partition_table(): Disk read failed.
[  233.698147][T11504] Dev loop6: unable to read RDB block 0
[  233.716102][T11504]  loop6: unable to read partition table
[  233.738842][T11504] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  233.781945][   T40] audit: type=1400 audit(1773523485.739:406): avc:  denied  { read } for  pid=11503 comm="syz.3.1982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  234.400967][T11518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1988'.
[  234.536890][T11526] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1992'.
[  234.801866][T11531] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  234.849406][T11536] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1993'.
[  234.954563][T11538] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1996'.
[  235.155811][T11549] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2001'.
[  235.598707][ T6773] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  235.771349][ T6773] usb 8-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  235.787682][ T6773] usb 8-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  235.794110][ T6773] usb 8-1: config 1 interface 0 has no altsetting 0
[  235.799930][ T6773] usb 8-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  235.811465][ T6773] usb 8-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  235.817665][ T6773] usb 8-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  235.833986][ T6773] usb 8-1: Manufacturer: syz
[  235.838161][ T6773] usb 8-1: SerialNumber: Ќ
[  236.121417][ T6773] usbhid 8-1:1.0: couldn't find an input interrupt endpoint
[  236.131537][ T6773] usb 8-1: USB disconnect, device number 14
[  236.324811][T11569] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  236.345058][T11570] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2007'.
[  236.432306][T11573] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2009'.
[  236.583877][T11577] vlan9: entered allmulticast mode
[  236.589972][T11577] bridge9: entered allmulticast mode
[  238.138185][T11607] vlan10: entered allmulticast mode
[  238.146379][T11607] bridge10: entered allmulticast mode
[  238.380271][ T6773] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  238.471847][T11618] __nla_validate_parse: 5 callbacks suppressed
[  238.471865][T11618] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2028'.
[  238.571444][ T6773] usb 6-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  238.578159][ T6773] usb 6-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  238.590358][ T6773] usb 6-1: config 1 interface 0 has no altsetting 0
[  238.626509][ T6773] usb 6-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  238.637476][ T6773] usb 6-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  238.646188][ T6773] usb 6-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  238.677636][ T6773] usb 6-1: Manufacturer: syz
[  238.699559][ T6773] usb 6-1: SerialNumber: Ќ
[  238.800920][  T830] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  239.011446][  T830] usb 7-1: Using ep0 maxpacket: 32
[  239.043747][  T830] usb 7-1: too many configurations: 35, using maximum allowed: 8
[  239.053761][  T830] usb 7-1: unable to read config index 0 descriptor/start: -61
[  239.076487][  T830] usb 7-1: can't read configurations, error -61
[  239.106206][ T6773] usbhid 6-1:1.0: couldn't find an input interrupt endpoint
[  239.123271][T11630] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2032'.
[  239.130181][ T6773] usb 6-1: USB disconnect, device number 28
[  239.164789][T11630] vlan11: entered allmulticast mode
[  239.188702][T11630] bridge11: entered allmulticast mode
[  239.207817][T11630] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2032'.
[  239.245359][  T830] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  239.456999][T11634] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2034'.
[  239.475812][  T830] usb 7-1: Using ep0 maxpacket: 32
[  239.507222][  T830] usb 7-1: too many configurations: 35, using maximum allowed: 8
[  239.519351][  T830] usb 7-1: unable to read config index 0 descriptor/start: -61
[  239.544677][  T830] usb 7-1: can't read configurations, error -61
[  239.552395][  T830] usb usb7-port1: attempt power cycle
[  239.913933][  T830] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  239.923470][T11647] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2037'.
[  239.944692][  T830] usb 7-1: Using ep0 maxpacket: 32
[  239.957095][  T830] usb 7-1: too many configurations: 35, using maximum allowed: 8
[  239.967120][  T830] usb 7-1: unable to read config index 0 descriptor/start: -61
[  239.976850][  T830] usb 7-1: can't read configurations, error -61
[  240.033549][T11650] syzkaller0: entered promiscuous mode
[  240.046972][T11650] syzkaller0: entered allmulticast mode
[  240.123634][  T830] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  240.619986][  T830] usb 7-1: Using ep0 maxpacket: 32
[  240.622708][  T830] usb 7-1: too many configurations: 35, using maximum allowed: 8
[  240.624290][T11656] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2041'.
[  240.629562][  T830] usb 7-1: unable to read config index 0 descriptor/start: -61
[  240.639327][  T830] usb 7-1: can't read configurations, error -61
[  240.644564][  T830] usb usb7-port1: unable to enumerate USB device
[  240.650175][T11656] vlan10: entered allmulticast mode
[  240.654208][T11656] bridge13: entered allmulticast mode
[  240.662077][T11656] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2041'.
[  241.670348][T11664] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2044'.
[  242.021200][T11671] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2045'.
[  242.061372][T11669] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2046'.
[  242.410789][T11679] syzkaller0: entered promiscuous mode
[  242.415030][T11679] syzkaller0: entered allmulticast mode
[  243.340777][T11691] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  243.360449][ T6773] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  243.519993][T11695] __nla_validate_parse: 1 callbacks suppressed
[  243.520013][T11695] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2056'.
[  243.547223][T11695] vlan6: entered allmulticast mode
[  243.578569][T11695] bridge9: entered allmulticast mode
[  243.579466][ T6773] usb 7-1: Using ep0 maxpacket: 32
[  243.589567][ T6773] usb 7-1: too many configurations: 35, using maximum allowed: 8
[  243.685118][ T6773] usb 7-1: unable to read config index 0 descriptor/start: -61
[  243.727448][ T6773] usb 7-1: can't read configurations, error -61
[  243.836385][T11699] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2058'.
[  243.850267][ T6773] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  244.061757][T11703] syzkaller0: entered promiscuous mode
[  244.065380][T11703] syzkaller0: entered allmulticast mode
[  244.084191][ T6773] usb 7-1: Using ep0 maxpacket: 32
[  244.101624][ T6773] usb 7-1: too many configurations: 35, using maximum allowed: 8
[  244.110257][ T6773] usb 7-1: unable to read config index 0 descriptor/start: -61
[  244.138874][ T6773] usb 7-1: can't read configurations, error -61
[  244.143348][ T6773] usb usb7-port1: attempt power cycle
[  244.623520][ T6773] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[  245.309765][ T6773] usb 7-1: Using ep0 maxpacket: 32
[  245.326774][ T6773] usb 7-1: too many configurations: 35, using maximum allowed: 8
[  245.337010][ T6773] usb 7-1: unable to read config index 0 descriptor/start: -61
[  245.347811][T11719] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2066'.
[  245.365897][ T6773] usb 7-1: can't read configurations, error -61
[  245.435605][T11719] vlan7: entered allmulticast mode
[  245.459953][T11719] bridge10: entered allmulticast mode
[  245.515144][ T6773] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  245.560588][T11724] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2068'.
[  245.561980][ T6773] usb 7-1: Using ep0 maxpacket: 32
[  245.596910][ T6773] usb 7-1: too many configurations: 35, using maximum allowed: 8
[  245.625652][ T6773] usb 7-1: unable to read config index 0 descriptor/start: -61
[  245.629386][ T6773] usb 7-1: can't read configurations, error -61
[  245.632229][ T6773] usb usb7-port1: unable to enumerate USB device
[  245.743712][T11730] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2071'.
[  245.858637][ T6014] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  245.966530][T11734] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2073'.
[  246.040984][ T6014] usb 8-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  246.047101][ T6014] usb 8-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  246.056293][ T6014] usb 8-1: config 1 interface 0 has no altsetting 0
[  246.079577][ T6014] usb 8-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  246.083101][ T6014] usb 8-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  246.086200][ T6014] usb 8-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  246.119910][ T6014] usb 8-1: Manufacturer: syz
[  246.122130][ T6014] usb 8-1: SerialNumber: Ќ
[  246.197569][T11741] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2074'.
[  246.730526][ T6014] usbhid 8-1:1.0: couldn't find an input interrupt endpoint
[  246.764703][ T6014] usb 8-1: USB disconnect, device number 15
[  246.993173][T11751] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  247.001206][T11753] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2078'.
[  247.078022][T11753] vlan12: entered allmulticast mode
[  247.087194][T11753] bridge12: entered allmulticast mode
[  247.142420][T11755] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2079'.
[  247.588575][ T6014] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  247.758550][ T6014] usb 6-1: Using ep0 maxpacket: 32
[  247.764057][ T6014] usb 6-1: too many configurations: 35, using maximum allowed: 8
[  247.776363][ T6014] usb 6-1: unable to read config index 0 descriptor/start: -61
[  247.792950][ T6014] usb 6-1: can't read configurations, error -61
[  247.938632][ T6014] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  247.969101][T11780] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2084'.
[  248.101584][ T6014] usb 6-1: Using ep0 maxpacket: 32
[  248.105429][ T6014] usb 6-1: too many configurations: 35, using maximum allowed: 8
[  248.149122][ T6014] usb 6-1: unable to read config index 0 descriptor/start: -61
[  248.155421][ T6014] usb 6-1: can't read configurations, error -61
[  248.161241][ T6014] usb usb6-port1: attempt power cycle
[  248.517008][T11791] vlan11: entered allmulticast mode
[  248.520907][ T6014] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  248.527438][T11791] bridge11: entered allmulticast mode
[  248.548902][ T6014] usb 6-1: Using ep0 maxpacket: 32
[  248.553507][ T6014] usb 6-1: too many configurations: 35, using maximum allowed: 8
[  248.562226][ T6014] usb 6-1: unable to read config index 0 descriptor/start: -61
[  248.589527][ T6014] usb 6-1: can't read configurations, error -61
[  248.788586][ T6014] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  248.822074][ T6014] usb 6-1: Using ep0 maxpacket: 32
[  248.825798][ T6014] usb 6-1: too many configurations: 35, using maximum allowed: 8
[  248.841078][ T6014] usb 6-1: unable to read config index 0 descriptor/start: -61
[  248.847990][ T6014] usb 6-1: can't read configurations, error -61
[  248.851705][ T6014] usb usb6-port1: unable to enumerate USB device
[  249.028546][  T830] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[  249.181923][  T830] usb 7-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  249.188143][  T830] usb 7-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  249.201840][  T830] usb 7-1: config 1 interface 0 has no altsetting 0
[  249.220160][  T830] usb 7-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  249.224331][  T830] usb 7-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  249.249881][  T830] usb 7-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  249.267889][  T830] usb 7-1: Manufacturer: syz
[  249.270464][  T830] usb 7-1: SerialNumber: Ќ
[  249.625665][  T830] usbhid 7-1:1.0: couldn't find an input interrupt endpoint
[  249.662897][  T830] usb 7-1: USB disconnect, device number 42
[  250.030674][T11812] __nla_validate_parse: 1 callbacks suppressed
[  250.030690][T11812] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2095'.
[  250.450611][T11819] syzkaller0: entered promiscuous mode
[  250.454120][T11819] syzkaller0: entered allmulticast mode
[  250.482824][T11821] syzkaller0: entered promiscuous mode
[  250.501282][T11821] syzkaller0: entered allmulticast mode
[  250.955833][T11833] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2106'.
[  250.959310][T11831] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  251.007797][T11835] netlink: 'syz.0.2105': attribute type 3 has an invalid length.
[  251.018774][T11835] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2105'.
[  251.023950][T11833] vlan11: entered allmulticast mode
[  251.048756][T11833] bridge14: entered allmulticast mode
[  251.054166][T11833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2106'.
[  251.398469][ T3247] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  251.548594][ T3247] usb 7-1: Using ep0 maxpacket: 32
[  251.555367][ T3247] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  251.569256][ T3247] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  251.593050][ T3247] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  251.598034][ T3247] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.604817][ T3247] usb 7-1: Product: syz
[  251.607831][ T3247] usb 7-1: Manufacturer: syz
[  251.627293][ T3247] usb 7-1: SerialNumber: syz
[  251.638930][ T3247] usb 7-1: config 0 descriptor??
[  252.118505][T11852] syzkaller0: entered promiscuous mode
[  252.127515][T11852] syzkaller0: entered allmulticast mode
[  252.606556][T11862] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  252.610950][T11861] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2115'.
[  252.822794][T11866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2118'.
[  253.670645][T11880] syzkaller0: entered promiscuous mode
[  253.673880][T11880] syzkaller0: entered allmulticast mode
[  253.781917][T11882] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2124'.
[  254.130846][   T10] usb 7-1: USB disconnect, device number 43
[  254.271172][T11894] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2129'.
[  254.295845][T11896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2128'.
[  254.306792][T11894] vlan12: entered allmulticast mode
[  254.315404][T11894] bridge15: entered allmulticast mode
[  254.326930][T11894] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2129'.
[  254.625265][T11906] syzkaller0: entered promiscuous mode
[  254.629285][T11906] syzkaller0: entered allmulticast mode
[  255.038343][T11916] vlan13: entered allmulticast mode
[  255.047571][   T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  255.058896][T11916] bridge16: entered allmulticast mode
[  255.065652][T11916] __nla_validate_parse: 3 callbacks suppressed
[  255.065671][T11916] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2140'.
[  255.113508][T11918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2141'.
[  255.230231][   T10] usb 5-1: Using ep0 maxpacket: 32
[  255.254359][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  255.284103][   T10] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  255.290637][   T10] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  255.292080][T11924] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2144'.
[  255.322387][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.322412][   T10] usb 5-1: Product: syz
[  255.322424][   T10] usb 5-1: Manufacturer: syz
[  255.322436][   T10] usb 5-1: SerialNumber: syz
[  255.354876][   T10] usb 5-1: config 0 descriptor??
[  255.460908][ T1025] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  255.506526][T11929] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2146'.
[  255.664417][ T1025] usb 8-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  255.669534][ T1025] usb 8-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  255.689006][ T1025] usb 8-1: config 1 interface 0 has no altsetting 0
[  255.703328][ T1025] usb 8-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  255.707899][ T1025] usb 8-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  255.712040][ T1025] usb 8-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  255.748955][ T1025] usb 8-1: Manufacturer: syz
[  255.755047][ T1025] usb 8-1: SerialNumber: Ќ
[  256.149527][ T1025] usbhid 8-1:1.0: couldn't find an input interrupt endpoint
[  256.200291][ T1025] usb 8-1: USB disconnect, device number 16
[  257.001006][T11946] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2151'.
[  257.034660][T11946] vlan14: entered allmulticast mode
[  257.039490][T11946] bridge17: entered allmulticast mode
[  257.043754][T11945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2152'.
[  257.049668][T11946] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2151'.
[  257.137734][T11950] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2155'.
[  257.712784][T11969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2164'.
[  257.817407][   T10] usb 5-1: USB disconnect, device number 31
[  258.005863][T11975] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2165'.
[  258.196394][T11984] syzkaller0: entered promiscuous mode
[  258.202882][T11984] syzkaller0: entered allmulticast mode
[  258.552689][T11989] syzkaller0: entered promiscuous mode
[  258.554904][T11989] syzkaller0: entered allmulticast mode
[  259.124065][T12009] syzkaller0: entered promiscuous mode
[  259.126704][T12009] syzkaller0: entered allmulticast mode
[  259.323485][T12018] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  259.389911][T12018] bond0: (slave rose0): Releasing backup interface
[  259.450236][T12021] syzkaller0: entered promiscuous mode
[  259.453694][T12021] syzkaller0: entered allmulticast mode
[  260.060512][T12050] syzkaller0: entered promiscuous mode
[  260.063022][T12050] syzkaller0: entered allmulticast mode
[  260.283655][T12059] __nla_validate_parse: 2 callbacks suppressed
[  260.283673][T12059] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2199'.
[  260.335361][T12059] vlan8: entered allmulticast mode
[  260.354813][T12059] bridge11: entered allmulticast mode
[  260.360446][T12059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2199'.
[  260.469910][T12066] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  260.652659][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  260.659313][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  260.848600][ T6773] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  261.160302][ T6773] usb 8-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  261.166382][ T6773] usb 8-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  261.232322][ T6773] usb 8-1: config 1 interface 0 has no altsetting 0
[  261.256782][ T6773] usb 8-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  261.260326][ T6773] usb 8-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  261.279622][T12074] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2204'.
[  261.285205][ T6773] usb 8-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  261.285230][ T6773] usb 8-1: Manufacturer: syz
[  261.285239][ T6773] usb 8-1: SerialNumber: Ќ
[  261.554286][T12080] syzkaller0: entered promiscuous mode
[  261.576958][T12080] syzkaller0: entered allmulticast mode
[  261.721977][T12085] bond0: (slave rose0): Enslaving as an active interface with an up link
[  261.796061][ T6773] usbhid 8-1:1.0: couldn't find an input interrupt endpoint
[  261.820533][ T6773] usb 8-1: USB disconnect, device number 17
[  261.883286][T12091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2210'.
[  262.788082][T12109] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2216'.
[  262.862979][T12109] vlan9: entered allmulticast mode
[  262.865385][T12109] bridge12: entered allmulticast mode
[  262.906383][T12109] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2216'.
[  263.225942][   T40] audit: type=1400 audit(1773523515.169:407): avc:  denied  { execute } for  pid=12117 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  263.263871][   T40] audit: type=1400 audit(1773523515.169:408): avc:  denied  { execute_no_trans } for  pid=12117 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  263.744345][ T5937] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  263.769088][ T5937] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  263.816605][ T5937] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  263.861934][ T5937] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  263.862428][ T8707] bridge0: port 3(syz_tun) entered disabled state
[  263.879455][ T5937] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  263.917510][ T8707] syz_tun (unregistering): left allmulticast mode
[  263.917535][ T8707] syz_tun (unregistering): left promiscuous mode
[  263.917594][ T8707] bridge0: port 3(syz_tun) entered disabled state
[  264.052963][T12121] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2221'.
[  264.122606][T12118] wlan0 speed is unknown, defaulting to 1000
[  264.126589][T12118] lo speed is unknown, defaulting to 1000
[  264.184692][T12126] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2223'.
[  264.377505][T12134] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  264.403581][T12118] chnl_net:caif_netlink_parms(): no params data found
[  264.519332][ T6014] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  264.636710][T12118] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.641200][T12118] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.660792][T12118] bridge_slave_0: entered allmulticast mode
[  264.665761][T12118] bridge_slave_0: entered promiscuous mode
[  264.671623][T12118] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.678012][T12118] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.686067][T12118] bridge_slave_1: entered allmulticast mode
[  264.695801][T12118] bridge_slave_1: entered promiscuous mode
[  264.696024][ T6014] usb 6-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  264.724609][ T6014] usb 6-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  264.730636][ T6014] usb 6-1: config 1 interface 0 has no altsetting 0
[  264.736546][ T6014] usb 6-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  264.740850][ T6014] usb 6-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  264.744415][ T6014] usb 6-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  264.754671][ T6014] usb 6-1: Manufacturer: syz
[  264.757152][ T6014] usb 6-1: SerialNumber: Ќ
[  264.758236][T12118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  264.778954][T12118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  264.841989][T12118] team0: Port device team_slave_0 added
[  264.848034][T12118] team0: Port device team_slave_1 added
[  264.899401][T12118] batman_adv: batadv0: Adding interface: batadv_slave_0
[  264.902852][T12118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  264.932264][T12118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  264.940926][T12118] batman_adv: batadv0: Adding interface: batadv_slave_1
[  264.945052][T12118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  264.963013][T12118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  265.017050][T12118] hsr_slave_0: entered promiscuous mode
[  265.024363][T12118] hsr_slave_1: entered promiscuous mode
[  265.032253][T12118] debugfs: 'hsr0' already exists in 'hsr'
[  265.068553][T12118] Cannot create hsr debugfs directory
[  265.080470][T12144] netlink: 'syz.0.2229': attribute type 3 has an invalid length.
[  265.083533][T12144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2229'.
[  265.185642][ T6014] usbhid 6-1:1.0: couldn't find an input interrupt endpoint
[  265.200236][ T6014] usb 6-1: USB disconnect, device number 33
[  265.443014][T12118] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.650612][T12118] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.820946][T12118] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.018702][ T5937] Bluetooth: hci4: command tx timeout
[  266.113780][T12118] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.269027][T12154] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2232'.
[  266.446180][T12158] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  266.481162][T12118] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  266.506868][T12118] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  266.522687][T12118] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  266.582765][T12118] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  266.952486][T12118] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.998232][T12118] 8021q: adding VLAN 0 to HW filter on device team0
[  267.042856][  T167] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.055245][  T167] bridge0: port 1(bridge_slave_0) entered forwarding state
[  267.090343][  T167] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.095840][  T167] bridge0: port 2(bridge_slave_1) entered forwarding state
[  267.579639][T12118] 8021q: adding VLAN 0 to HW filter on device batadv0
[  267.655649][T12118] veth0_vlan: entered promiscuous mode
[  267.665073][T12118] veth1_vlan: entered promiscuous mode
[  267.727231][T12118] veth0_macvtap: entered promiscuous mode
[  267.735140][T12118] veth1_macvtap: entered promiscuous mode
[  267.843483][T12118] batman_adv: batadv0: Interface activated: batadv_slave_0
[  267.871734][T12118] batman_adv: batadv0: Interface activated: batadv_slave_1
[  267.905979][T12178] netlink: 'syz.0.2237': attribute type 3 has an invalid length.
[  267.912502][   T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  267.932009][T12178] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2237'.
[  267.943282][   T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  267.994760][   T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  267.999052][   T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  268.089889][T12182] syzkaller0: entered promiscuous mode
[  268.093177][T12182] syzkaller0: entered allmulticast mode
[  268.120060][ T5937] Bluetooth: hci4: command tx timeout
[  268.237751][T12187] syzkaller0: entered promiscuous mode
[  268.241861][T12187] syzkaller0: entered allmulticast mode
[  268.270281][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  268.283968][ T6014] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  268.288533][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  268.491701][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  268.497647][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  268.541814][ T6014] usb 6-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  268.547828][ T6014] usb 6-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  268.560806][ T6014] usb 6-1: config 1 interface 0 has no altsetting 0
[  268.576472][ T6014] usb 6-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  268.580558][ T6014] usb 6-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  268.584252][ T6014] usb 6-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  268.613110][ T6014] usb 6-1: Manufacturer: syz
[  268.623823][   T40] audit: type=1400 audit(1773523520.569:409): avc:  denied  { mounton } for  pid=12118 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  268.642919][ T6014] usb 6-1: SerialNumber: Ќ
[  269.121183][   T40] audit: type=1400 audit(1773523521.079:410): avc:  denied  { read } for  pid=12204 comm="syz.2.2246" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  269.137840][   T40] audit: type=1400 audit(1773523521.079:411): avc:  denied  { open } for  pid=12204 comm="syz.2.2246" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  269.231740][ T6014] usbhid 6-1:1.0: couldn't find an input interrupt endpoint
[  269.291325][ T6014] usb 6-1: USB disconnect, device number 34
[  270.168812][ T5937] Bluetooth: hci4: command tx timeout
[  270.179858][T12216] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  270.387936][T12220] syzkaller0: entered promiscuous mode
[  270.396059][T12220] syzkaller0: entered allmulticast mode
[  271.336481][T12228] loop6: detected capacity change from 0 to 2640
[  271.375703][T12228] buffer_io_error: 64 callbacks suppressed
[  271.375717][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.395517][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.415371][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.419276][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.423495][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.443672][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.450840][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.455826][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.462627][T12228] ldm_validate_partition_table(): Disk read failed.
[  271.466608][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.473294][T12228] Buffer I/O error on dev loop6, logical block 0, async page read
[  271.480126][T12228] Dev loop6: unable to read RDB block 0
[  271.483873][T12228]  loop6: unable to read partition table
[  271.490694][T12228] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  271.757064][T12237] syzkaller0: entered promiscuous mode
[  271.759566][T12237] syzkaller0: entered allmulticast mode
[  272.258974][ T5937] Bluetooth: hci4: command tx timeout
[  272.299251][T12249] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2261'.
[  272.426914][  T830] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  272.484449][T12256] loop6: detected capacity change from 0 to 2640
[  272.489008][T12256] ldm_validate_partition_table(): Disk read failed.
[  272.491720][T12256] Dev loop6: unable to read RDB block 0
[  272.494305][T12256]  loop6: unable to read partition table
[  272.497821][T12256] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  272.562677][ T5336] ldm_validate_partition_table(): Disk read failed.
[  272.565759][ T5336] Dev loop6: unable to read RDB block 0
[  272.569010][ T5336]  loop6: unable to read partition table
[  272.619697][  T830] usb 8-1: Using ep0 maxpacket: 32
[  272.689149][  T830] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  272.695904][  T830] usb 8-1: config 0 has no interface number 0
[  272.698993][  T830] usb 8-1: config 0 interface 1 has no altsetting 0
[  272.705050][  T830] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  272.767081][  T830] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.778678][  T830] usb 8-1: Product: syz
[  272.781655][  T830] usb 8-1: Manufacturer: syz
[  272.786336][  T830] usb 8-1: SerialNumber: syz
[  272.830001][  T830] usb 8-1: config 0 descriptor??
[  272.837591][  T830] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  272.865387][  T830] usb 8-1: selecting invalid altsetting 1
[  272.885513][  T830] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  272.912750][  T830] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  272.917799][  T830] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  272.940752][  T830] usb 8-1: media controller created
[  273.017194][  T830] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  273.090382][  T830] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  273.119544][  T830] zl10353_read_register: readreg error (reg=127, ret==-32)
[  273.131487][  T830] usb 8-1: selecting invalid altsetting 0
[  273.140144][  T830] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  273.965673][T12264] syzkaller0: entered promiscuous mode
[  273.978559][T12264] syzkaller0: entered allmulticast mode
[  274.169581][T12243] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  274.214082][  T830] usb 8-1: USB disconnect, device number 18
[  274.427518][T12269] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2269'.
[  274.760416][T12275] syzkaller0: entered promiscuous mode
[  274.762892][T12275] syzkaller0: entered allmulticast mode
[  274.803722][T12278] loop6: detected capacity change from 0 to 2640
[  274.823949][T12278] ldm_validate_partition_table(): Disk read failed.
[  274.840401][T12278] Dev loop6: unable to read RDB block 0
[  274.844273][T12278]  loop6: unable to read partition table
[  274.848594][T12278] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  275.264414][T12286] syzkaller0: entered promiscuous mode
[  275.267335][T12286] syzkaller0: entered allmulticast mode
[  275.366992][  T830] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  275.476724][T12289] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  275.528421][T12291] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2278'.
[  275.573165][  T830] usb 8-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  275.578154][  T830] usb 8-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  275.588552][  T830] usb 8-1: config 1 interface 0 has no altsetting 0
[  275.618057][  T830] usb 8-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  275.643760][  T830] usb 8-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  275.650551][  T830] usb 8-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  275.661097][  T830] usb 8-1: Manufacturer: syz
[  275.664679][  T830] usb 8-1: SerialNumber: Ќ
[  276.034624][  T830] usbhid 8-1:1.0: couldn't find an input interrupt endpoint
[  276.040249][  T830] usb 8-1: USB disconnect, device number 19
[  276.118663][ T6092] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  276.251703][T12303] loop6: detected capacity change from 0 to 2640
[  276.256889][T12303] ldm_validate_partition_table(): Disk read failed.
[  276.261120][T12303] Dev loop6: unable to read RDB block 0
[  276.263733][T12303]  loop6: unable to read partition table
[  276.274413][T12303] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  276.303814][ T6092] usb 5-1: Using ep0 maxpacket: 32
[  276.355942][ T6092] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  276.359328][ T6092] usb 5-1: config 0 has no interface number 0
[  276.361841][ T6092] usb 5-1: config 0 interface 1 has no altsetting 0
[  276.371162][ T6092] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  276.375310][ T6092] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.379872][ T6092] usb 5-1: Product: syz
[  276.382629][ T6092] usb 5-1: Manufacturer: syz
[  276.386108][ T6092] usb 5-1: SerialNumber: syz
[  276.393007][ T6092] usb 5-1: config 0 descriptor??
[  276.401754][ T6092] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  276.401978][ T5336] buffer_io_error: 90 callbacks suppressed
[  276.401991][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.407315][ T6092] usb 5-1: selecting invalid altsetting 1
[  276.407336][ T6092] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  276.412271][ T6092] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  276.416013][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.420918][ T6092] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  276.423681][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.423711][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.423742][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.427105][ T6092] usb 5-1: media controller created
[  276.433224][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.442417][ T6092] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  276.448623][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.463352][T12308] syzkaller0: entered promiscuous mode
[  276.469782][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.481062][T12308] syzkaller0: entered allmulticast mode
[  276.495519][ T5336] ldm_validate_partition_table(): Disk read failed.
[  276.500461][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.505252][ T5336] Buffer I/O error on dev loop6, logical block 0, async page read
[  276.510075][ T5336] Dev loop6: unable to read RDB block 0
[  276.514081][ T5336]  loop6: unable to read partition table
[  276.606917][ T6092] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  276.611706][ T6092] zl10353_read_register: readreg error (reg=127, ret==-32)
[  276.615261][ T6092] usb 5-1: selecting invalid altsetting 0
[  276.618301][ T6092] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  276.709705][T12312] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  277.268062][T12333] syzkaller0: entered promiscuous mode
[  277.286372][T12333] syzkaller0: entered allmulticast mode
[  277.517361][   T10] IPVS: starting estimator thread 0...
[  277.640316][T12338] IPVS: using max 28 ests per chain, 67200 per kthread
[  277.688899][T12298] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  277.728123][T12344] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  277.736456][ T6092] usb 5-1: USB disconnect, device number 32
[  278.087373][T12364] syzkaller0: entered promiscuous mode
[  278.090442][T12364] syzkaller0: entered allmulticast mode
[  278.351642][T12373] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  278.390370][T12372] syzkaller0: entered promiscuous mode
[  278.397099][T12372] syzkaller0: entered allmulticast mode
[  278.693740][T12385] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2321'.
[  278.945927][T12391] syzkaller0: entered promiscuous mode
[  278.955589][T12391] syzkaller0: entered allmulticast mode
[  279.004048][T12398] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  279.246613][T12406] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2331'.
[  279.316543][T12410] syzkaller0: entered promiscuous mode
[  279.323730][T12410] syzkaller0: entered allmulticast mode
[  279.650475][T12420] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  279.852442][T12426] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2341'.
[  279.866527][T12428] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2342'.
[  280.006973][T12436] syzkaller0: entered promiscuous mode
[  280.011025][T12436] syzkaller0: entered allmulticast mode
[  280.150536][T12442] syzkaller0: entered promiscuous mode
[  280.187050][T12442] syzkaller0: entered allmulticast mode
[  280.769045][T12456] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2353'.
[  280.822462][T12457] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2354'.
[  281.035890][T12463] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  281.149317][T12469] syzkaller0: entered promiscuous mode
[  281.161987][T12469] syzkaller0: entered allmulticast mode
[  281.248135][T12475] syzkaller0: entered promiscuous mode
[  281.250223][T12475] syzkaller0: entered allmulticast mode
[  281.430919][T12479] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2363'.
[  281.765096][T12486] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2366'.
[  282.190514][T12501] syzkaller0: entered promiscuous mode
[  282.196458][T12501] syzkaller0: entered allmulticast mode
[  282.220547][   T60] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  282.439539][   T60] usb 8-1: Using ep0 maxpacket: 32
[  282.476138][   T60] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  282.480273][   T60] usb 8-1: config 0 has no interface number 0
[  282.484338][   T60] usb 8-1: config 0 interface 1 has no altsetting 0
[  282.516328][   T60] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  282.525940][   T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.549063][   T60] usb 8-1: Product: syz
[  282.551317][   T60] usb 8-1: Manufacturer: syz
[  282.554426][   T60] usb 8-1: SerialNumber: syz
[  282.568713][   T60] usb 8-1: config 0 descriptor??
[  282.581074][   T60] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  282.587477][   T60] usb 8-1: selecting invalid altsetting 1
[  282.595002][   T60] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  282.609755][   T60] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  282.616709][   T60] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  282.625271][   T60] usb 8-1: media controller created
[  282.636498][   T60] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  282.696601][T12511] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2377'.
[  282.771917][T12513] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  282.781773][   T60] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  282.786527][   T60] zl10353_read_register: readreg error (reg=127, ret==-32)
[  282.792473][   T60] usb 8-1: selecting invalid altsetting 0
[  282.795861][   T60] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  282.848604][   T39] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[  282.860747][   T60] usb 8-1: USB disconnect, device number 20
[  283.013809][   T39] usb 7-1: Using ep0 maxpacket: 32
[  283.019397][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  283.025485][   T39] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  283.030952][   T39] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.035012][   T39] usb 7-1: Product: syz
[  283.037328][   T39] usb 7-1: Manufacturer: syz
[  283.039848][   T39] usb 7-1: SerialNumber: syz
[  283.043850][   T39] usb 7-1: config 0 descriptor??
[  283.254964][T12526] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2384'.
[  283.383706][T12530] syzkaller0: entered promiscuous mode
[  283.405970][T12530] syzkaller0: entered allmulticast mode
[  283.435634][T12532] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  284.543810][T12555] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  284.721096][T12557] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  284.905111][T12567] syzkaller0: entered promiscuous mode
[  284.908518][T12567] syzkaller0: entered allmulticast mode
[  285.002339][ T6773] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  285.171688][ T6773] usb 8-1: Using ep0 maxpacket: 32
[  285.176462][ T6773] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  285.182771][ T6773] usb 8-1: config 0 has no interface number 0
[  285.188122][ T6773] usb 8-1: config 0 interface 1 has no altsetting 0
[  285.246623][ T6773] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  285.264889][ T6773] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.310811][ T6773] usb 8-1: Product: syz
[  285.313287][ T6773] usb 8-1: Manufacturer: syz
[  285.319046][ T6773] usb 8-1: SerialNumber: syz
[  285.363596][ T6773] usb 8-1: config 0 descriptor??
[  285.383114][ T6773] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  285.420937][ T6773] usb 8-1: selecting invalid altsetting 1
[  285.423367][ T6773] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  285.434668][ T6773] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  285.456770][ T6773] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  285.463817][ T6773] usb 8-1: media controller created
[  285.485144][ T6773] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  285.608520][ T6773] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  285.611402][ T6773] zl10353_read_register: readreg error (reg=127, ret==-71)
[  285.628453][   T60] usb 7-1: USB disconnect, device number 44
[  285.630748][ T6773] usb 8-1: selecting invalid altsetting 0
[  285.636052][ T6773] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  285.700532][ T6773] usb 8-1: USB disconnect, device number 21
[  285.870744][T12597] loop6: detected capacity change from 0 to 2640
[  285.881125][T12597] buffer_io_error: 6 callbacks suppressed
[  285.881142][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.891461][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.895946][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.900738][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.905168][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.911826][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.916565][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.931427][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.935358][T12597] ldm_validate_partition_table(): Disk read failed.
[  285.941575][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.949741][T12597] Buffer I/O error on dev loop6, logical block 0, async page read
[  285.957708][T12597] Dev loop6: unable to read RDB block 0
[  285.962332][T12597]  loop6: unable to read partition table
[  285.966904][T12597] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  286.154350][T12600] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2410'.
[  286.415998][T12608] wlan0 speed is unknown, defaulting to 1000
[  286.426431][T12608] lo speed is unknown, defaulting to 1000
[  286.498593][   T40] audit: type=1400 audit(1773523538.449:412): avc:  denied  { getopt } for  pid=12607 comm="syz.3.2413" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  286.809329][  T830] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[  286.961132][T12625] loop6: detected capacity change from 0 to 2640
[  286.964721][T12625] ldm_validate_partition_table(): Disk read failed.
[  286.987682][T12625] Dev loop6: unable to read RDB block 0
[  286.989003][  T830] usb 7-1: Using ep0 maxpacket: 32
[  287.004916][T12625]  loop6: unable to read partition table
[  287.014956][T12625] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  287.047693][ T5942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  287.055647][ T5942] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  287.073900][ T5942] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  287.095781][ T5942] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  287.102526][ T5942] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  287.151991][  T830] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  287.156858][  T830] usb 7-1: config 0 has no interface number 0
[  287.160219][  T830] usb 7-1: config 0 interface 1 has no altsetting 0
[  287.226636][  T830] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  287.229047][ T6092] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  287.231364][  T830] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.237629][  T830] usb 7-1: Product: syz
[  287.243475][  T830] usb 7-1: Manufacturer: syz
[  287.245712][  T830] usb 7-1: SerialNumber: syz
[  287.251703][  T830] usb 7-1: config 0 descriptor??
[  287.258867][  T830] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  287.266059][  T830] usb 7-1: selecting invalid altsetting 1
[  287.269308][  T830] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  287.297886][  T830] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  287.331261][  T830] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  287.335145][  T830] usb 7-1: media controller created
[  287.427182][  T830] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  287.436116][ T6092] usb 5-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  287.464540][ T6092] usb 5-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  287.472856][ T6092] usb 5-1: config 1 interface 0 has no altsetting 0
[  287.494441][ T6092] usb 5-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  287.501041][  T830] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  287.512019][ T6092] usb 5-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  287.513854][  T830] zl10353_read_register: readreg error (reg=127, ret==-32)
[  287.516918][ T7746] bond0: (slave syz_tun): Releasing backup interface
[  287.520944][  T830] usb 7-1: selecting invalid altsetting 0
[  287.520965][  T830] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  287.541077][ T6092] usb 5-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  287.555433][ T6092] usb 5-1: Manufacturer: syz
[  287.557857][ T6092] usb 5-1: SerialNumber: Ќ
[  287.648472][T12627] wlan0 speed is unknown, defaulting to 1000
[  287.668537][T12627] lo speed is unknown, defaulting to 1000
[  287.957718][T12627] chnl_net:caif_netlink_parms(): no params data found
[  287.962849][ T6092] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[  288.002702][ T6092] usb 5-1: USB disconnect, device number 33
[  288.184311][T12627] bridge0: port 1(bridge_slave_0) entered blocking state
[  288.186700][T12627] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.204520][T12627] bridge_slave_0: entered allmulticast mode
[  288.210092][T12627] bridge_slave_0: entered promiscuous mode
[  288.216937][T12627] bridge0: port 2(bridge_slave_1) entered blocking state
[  288.220788][T12627] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.224274][T12627] bridge_slave_1: entered allmulticast mode
[  288.229088][T12627] bridge_slave_1: entered promiscuous mode
[  288.295067][T12627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  288.327199][T12627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  288.368092][T12627] team0: Port device team_slave_0 added
[  288.376521][T12627] team0: Port device team_slave_1 added
[  288.418075][T12627] batman_adv: batadv0: Adding interface: batadv_slave_0
[  288.423612][T12627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  288.437652][T12627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  288.448319][T12627] batman_adv: batadv0: Adding interface: batadv_slave_1
[  288.455196][T12627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  288.476821][T12627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  288.534815][T12627] hsr_slave_0: entered promiscuous mode
[  288.539513][T12627] hsr_slave_1: entered promiscuous mode
[  288.543791][T12627] debugfs: 'hsr0' already exists in 'hsr'
[  288.546961][T12627] Cannot create hsr debugfs directory
[  288.711191][T12627] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.808197][T12651] syzkaller0: entered promiscuous mode
[  288.816933][T12651] syzkaller0: entered allmulticast mode
[  288.882082][T12627] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.933561][T12654] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  289.138801][T12627] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.314461][T12627] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  289.349387][T12661] syzkaller0: entered promiscuous mode
[  289.361247][T12661] syzkaller0: entered allmulticast mode
[  289.382497][ T5937] Bluetooth: hci3: command tx timeout
[  289.529947][ T6773] usb 7-1: USB disconnect, device number 45
[  289.600090][T12669] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2434'.
[  289.864748][T12627] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  289.902671][T12627] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  289.918826][T12627] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  289.940373][T12627] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  289.959950][T12676] syzkaller0: entered promiscuous mode
[  289.974438][T12676] syzkaller0: entered allmulticast mode
[  290.451248][T12627] 8021q: adding VLAN 0 to HW filter on device bond0
[  290.487086][T12627] 8021q: adding VLAN 0 to HW filter on device team0
[  290.522268][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.525217][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  290.589951][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.593787][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  290.641156][T12627] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  290.667295][T12627] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  290.702468][T12695] syzkaller0: entered promiscuous mode
[  290.730624][T12695] syzkaller0: entered allmulticast mode
[  290.782182][T12701] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  290.807835][T12701] bond0: (slave rose0): Releasing backup interface
[  290.815030][T12703] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2445'.
[  291.351480][T12627] 8021q: adding VLAN 0 to HW filter on device batadv0
[  291.497354][ T5937] Bluetooth: hci3: command tx timeout
[  291.524177][T12627] veth0_vlan: entered promiscuous mode
[  291.544552][T12627] veth1_vlan: entered promiscuous mode
[  291.614457][T12627] veth0_macvtap: entered promiscuous mode
[  291.641239][T12627] veth1_macvtap: entered promiscuous mode
[  291.689244][T12627] batman_adv: batadv0: Interface activated: batadv_slave_0
[  291.727877][T12627] batman_adv: batadv0: Interface activated: batadv_slave_1
[  291.746050][ T1243] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  291.750286][ T1243] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  291.754161][ T1243] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  291.807309][ T1243] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  292.082568][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.126851][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.186775][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.190292][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.373176][T12739] bond0: (slave rose0): Enslaving as an active interface with an up link
[  292.544629][T12749] bond0: (slave rose0): Releasing backup interface
[  292.565254][T12748] overlayfs: failed to resolve 'nfs_export=on': -2
[  292.638017][   T40] audit: type=1400 audit(1773523544.579:413): avc:  denied  { unmount } for  pid=12118 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  292.738873][ T6013] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  292.811925][T12760] syzkaller0: entered promiscuous mode
[  292.815658][T12760] syzkaller0: entered allmulticast mode
[  292.892057][ T5942] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  292.908949][ T5942] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  292.913806][ T5942] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  292.919922][ T5942] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  292.925101][ T5942] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  292.929311][ T6013] usb 6-1: Using ep0 maxpacket: 32
[  292.936596][ T6013] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  292.941545][ T6013] usb 6-1: config 0 has no interface number 0
[  292.944567][ T6013] usb 6-1: config 0 interface 1 has no altsetting 0
[  292.950451][ T6013] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  292.955307][ T6013] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.961649][ T6013] usb 6-1: Product: syz
[  292.964335][ T6013] usb 6-1: Manufacturer: syz
[  292.967547][ T6013] usb 6-1: SerialNumber: syz
[  292.974077][ T6013] usb 6-1: config 0 descriptor??
[  292.982976][ T6013] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  292.989696][ T6013] usb 6-1: selecting invalid altsetting 1
[  292.993799][ T6013] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  293.012156][ T6013] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  293.020853][ T6013] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  293.028724][ T6013] usb 6-1: media controller created
[  293.046998][ T6013] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  293.079513][   T60] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  293.135309][T12763] wlan0 speed is unknown, defaulting to 1000
[  293.141793][T12763] lo speed is unknown, defaulting to 1000
[  293.187044][ T6013] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  293.191941][ T6013] zl10353_read_register: readreg error (reg=127, ret==-32)
[  293.197441][ T6013] usb 6-1: selecting invalid altsetting 0
[  293.203307][ T6013] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  293.237723][ T6013] usb 6-1: USB disconnect, device number 35
[  293.307138][   T60] usb 8-1: Using ep0 maxpacket: 16
[  293.312874][   T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.330255][   T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.338074][   T60] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  293.416197][   T60] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  293.429413][   T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.437528][   T60] usb 8-1: config 0 descriptor??
[  293.485452][T12763] chnl_net:caif_netlink_parms(): no params data found
[  293.528711][ T5937] Bluetooth: hci3: command tx timeout
[  293.564989][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.827629][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.885248][   T60] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  293.909154][   T60] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  293.914005][   T60] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  293.918039][   T60] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  293.949074][   T40] audit: type=1400 audit(1773523545.889:414): avc:  denied  { ioctl } for  pid=12780 comm="syz.0.2465" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0xe502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  293.960856][   T60] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  293.964814][   T40] audit: type=1400 audit(1773523545.889:415): avc:  denied  { write } for  pid=12780 comm="syz.0.2465" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  293.991512][T12781] binder: 12780:12781 ioctl c0306201 200000000040 returned -11
[  294.031984][   T60] input: HID 0955:7214 Haptics as /devices/virtual/input/input13
[  294.079886][T12761] FAULT_INJECTION: forcing a failure.
[  294.079886][T12761] name failslab, interval 1, probability 0, space 0, times 1
[  294.085395][T12761] CPU: 3 UID: 0 PID: 12761 Comm: syz.3.2457 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  294.085420][T12761] Tainted: [L]=SOFTLOCKUP
[  294.085425][T12761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  294.085434][T12761] Call Trace:
[  294.085440][T12761]  <TASK>
[  294.085446][T12761]  dump_stack_lvl+0x100/0x190
[  294.085491][T12761]  should_fail_ex.cold+0x5/0xa
[  294.085511][T12761]  ? tomoyo_encode2+0xfb/0x3c0
[  294.085535][T12761]  should_failslab+0xc2/0x120
[  294.085549][T12761]  __kmalloc_noprof+0xe0/0x850
[  294.085574][T12761]  ? d_absolute_path+0x136/0x1b0
[  294.085598][T12761]  tomoyo_encode2+0xfb/0x3c0
[  294.085620][T12761]  tomoyo_encode+0x29/0x50
[  294.085639][T12761]  tomoyo_realpath_from_path+0x18c/0x690
[  294.085664][T12761]  tomoyo_check_open_permission+0x2af/0x3c0
[  294.085682][T12761]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  294.085719][T12761]  ? do_raw_spin_lock+0x128/0x260
[  294.085738][T12761]  ? path_get+0x61/0x80
[  294.085756][T12761]  tomoyo_file_open+0x6b/0x90
[  294.085770][T12761]  security_file_open+0xb5/0x1e0
[  294.085791][T12761]  do_dentry_open+0x5aa/0x1660
[  294.085815][T12761]  ? security_inode_permission+0xbf/0x250
[  294.085836][T12761]  vfs_open+0x82/0x3f0
[  294.085856][T12761]  path_openat+0x208c/0x31a0
[  294.085878][T12761]  ? __pfx_path_openat+0x10/0x10
[  294.085900][T12761]  do_file_open+0x20e/0x430
[  294.085917][T12761]  ? __pfx_do_file_open+0x10/0x10
[  294.086014][T12761]  ? alloc_fd+0x476/0x790
[  294.086031][T12761]  ? do_getname+0x191/0x390
[  294.086051][T12761]  do_sys_openat2+0x10d/0x1e0
[  294.086068][T12761]  ? __pfx_do_sys_openat2+0x10/0x10
[  294.086084][T12761]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  294.086117][T12761]  ? __fget_files+0x21f/0x3d0
[  294.086135][T12761]  __x64_sys_openat+0x12d/0x210
[  294.086153][T12761]  ? __pfx___x64_sys_openat+0x10/0x10
[  294.086170][T12761]  ? ksys_write+0x1ac/0x250
[  294.086198][T12761]  do_syscall_64+0x106/0xf80
[  294.086216][T12761]  ? clear_bhb_loop+0x40/0x90
[  294.086234][T12761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.086248][T12761] RIP: 0033:0x7f7a69b9c799
[  294.086262][T12761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  294.086276][T12761] RSP: 002b:00007f7a67dee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  294.086291][T12761] RAX: ffffffffffffffda RBX: 00007f7a69e15fa0 RCX: 00007f7a69b9c799
[  294.086301][T12761] RDX: 0000000000028c81 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  294.086310][T12761] RBP: 00007f7a67dee090 R08: 0000000000000000 R09: 0000000000000000
[  294.086318][T12761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  294.086327][T12761] R13: 00007f7a69e16038 R14: 00007f7a69e15fa0 R15: 00007fff7e379818
[  294.086346][T12761]  </TASK>
[  294.086363][T12761] ERROR: Out of memory at tomoyo_realpath_from_path.
[  294.090016][   T40] audit: type=1400 audit(1773523546.029:416): avc:  denied  { append } for  pid=12759 comm="syz.3.2457" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  294.108158][T12761] random: crng reseeded on system resumption
[  294.291172][   T60] shield 0003:0955:7214.0005: Registered Thunderstrike controller
[  294.331316][   T60] shield 0003:0955:7214.0005: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.3-1/input0
[  294.513761][   T60] usb 8-1: USB disconnect, device number 22
[  294.524433][ T6014] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  294.554155][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.556706][ T6014] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  294.575645][ T6014] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  294.590365][ T6014] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  294.617173][T12787] bond0: (slave rose0): Enslaving as an active interface with an up link
[  294.669894][T12763] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.686885][T12763] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.712222][T12763] bridge_slave_0: entered allmulticast mode
[  294.740861][T12763] bridge_slave_0: entered promiscuous mode
[  294.748862][T12791] bond0: (slave rose0): Releasing backup interface
[  294.772653][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  294.817908][T12763] bridge0: port 2(bridge_slave_1) entered blocking state
[  294.839907][T12763] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.918778][T12763] bridge_slave_1: entered allmulticast mode
[  294.922513][T12763] bridge_slave_1: entered promiscuous mode
[  294.969707][ T5937] Bluetooth: hci2: command tx timeout
[  295.067470][T12763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  295.090696][T12798] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  295.102349][T12763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  295.215285][T12763] team0: Port device team_slave_0 added
[  295.238617][T12763] team0: Port device team_slave_1 added
[  295.292792][ T6092] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  295.311643][T12763] batman_adv: batadv0: Adding interface: batadv_slave_0
[  295.318449][T12763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  295.338942][T12763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  295.353621][T12763] batman_adv: batadv0: Adding interface: batadv_slave_1
[  295.358307][T12763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  295.381332][T12763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  295.443593][T12806] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2474'.
[  295.485306][   T12] bridge_slave_1: left allmulticast mode
[  295.491321][ T6092] usb 8-1: Using ep0 maxpacket: 32
[  295.492144][   T12] bridge_slave_1: left promiscuous mode
[  295.497730][ T6092] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  295.502839][ T6092] usb 8-1: config 0 has no interface number 0
[  295.507865][ T6092] usb 8-1: config 0 interface 1 has no altsetting 0
[  295.510699][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.523240][ T6092] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  295.523273][ T6092] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.523290][ T6092] usb 8-1: Product: syz
[  295.523305][ T6092] usb 8-1: Manufacturer: syz
[  295.523319][ T6092] usb 8-1: SerialNumber: syz
[  295.548978][ T6092] usb 8-1: config 0 descriptor??
[  295.566693][ T6092] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  295.572654][ T6092] usb 8-1: selecting invalid altsetting 1
[  295.576539][ T6092] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  295.587633][   T12] bridge_slave_0: left allmulticast mode
[  295.591735][   T12] bridge_slave_0: left promiscuous mode
[  295.594761][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.599219][ T6092] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  295.606574][ T6092] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  295.615277][ T5937] Bluetooth: hci3: command tx timeout
[  295.620371][ T6092] usb 8-1: media controller created
[  295.633231][ T6092] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  295.789966][ T6092] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  295.807546][ T6092] zl10353_read_register: readreg error (reg=127, ret==-32)
[  295.811222][ T6092] usb 8-1: selecting invalid altsetting 0
[  295.815226][ T6092] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  297.063320][ T5937] Bluetooth: hci2: command tx timeout
[  297.216947][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  297.245211][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  297.267544][   T12] bond0 (unregistering): Released all slaves
[  297.380655][T12811] bond0: (slave rose0): Enslaving as an active interface with an up link
[  297.421126][T12818] bond0: (slave rose0): Releasing backup interface
[  297.485837][T12763] hsr_slave_0: entered promiscuous mode
[  297.493820][T12763] hsr_slave_1: entered promiscuous mode
[  297.497297][T12763] debugfs: 'hsr0' already exists in 'hsr'
[  297.504378][T12763] Cannot create hsr debugfs directory
[  297.882829][T12826] syzkaller0: entered promiscuous mode
[  297.935627][T12826] syzkaller0: entered allmulticast mode
[  298.113598][ T6014] usb 8-1: USB disconnect, device number 23
[  298.166729][   T60] wlan0 speed is unknown, defaulting to 1000
[  298.185780][   T60] infiniband syz1: ib_query_port failed (-19)
[  298.302584][T12842] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2482'.
[  298.653961][   T12] hsr_slave_0: left promiscuous mode
[  298.659229][   T12] hsr_slave_1: left promiscuous mode
[  298.662249][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.665454][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.696424][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.700631][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.723968][   T12] veth1_macvtap: left promiscuous mode
[  298.727410][   T12] veth0_macvtap: left promiscuous mode
[  298.731342][   T12] veth1_vlan: left promiscuous mode
[  298.734806][   T12] veth0_vlan: left promiscuous mode
[  298.888527][ T6092] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  299.011478][   T12] team0 (unregistering): Port device batadv1 removed
[  299.090072][ T6092] usb 8-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  299.099007][ T6092] usb 8-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  299.108096][ T6092] usb 8-1: config 1 interface 0 has no altsetting 0
[  299.166793][ T5937] Bluetooth: hci2: command tx timeout
[  299.183924][ T6092] usb 8-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  299.188042][ T6092] usb 8-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  299.192315][ T6092] usb 8-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  299.207814][ T6092] usb 8-1: Manufacturer: syz
[  299.220897][ T6092] usb 8-1: SerialNumber: Ќ
[  299.359777][   T12] team0 (unregistering): Port device team_slave_1 removed
[  299.373595][   T12] team0 (unregistering): Port device team_slave_0 removed
[  299.463529][   T12] smc: removing net device bridge_slave_0 with user defined pnetid SYZ1
[  299.659507][T12852] bond0: (slave rose0): Enslaving as an active interface with an up link
[  299.670186][ T6092] usbhid 8-1:1.0: couldn't find an input interrupt endpoint
[  299.689722][ T6092] usb 8-1: USB disconnect, device number 24
[  299.719848][T12856] bond0: (slave rose0): Releasing backup interface
[  300.740102][ T5937] Bluetooth: hci4: connection err: -111
[  300.971636][T12891] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  301.022950][   T40] audit: type=1400 audit(1773523552.979:417): avc:  denied  { bind } for  pid=12889 comm="syz.0.2493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  301.118132][   T12] IPVS: stop unused estimator thread 0...
[  301.210119][ T5937] Bluetooth: hci2: command tx timeout
[  301.256230][T12899] bond0: (slave rose0): Enslaving as an active interface with an up link
[  301.288582][ T6773] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  301.295116][T12900] bond0: (slave rose0): Releasing backup interface
[  301.399761][T12763] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  301.412887][T12763] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  301.433576][T12763] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  301.452378][T12763] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  301.472897][ T6773] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  301.491023][ T6773] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  301.496173][ T6773] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  301.516319][ T6773] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 99, setting to 64
[  301.532021][ T6773] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  301.548191][ T6773] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  301.555429][ T6773] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.568454][ T6773] usb 5-1: Product: syz
[  301.570339][ T6773] usb 5-1: Manufacturer: syz
[  301.572381][ T6773] usb 5-1: SerialNumber: syz
[  301.576779][ T6773] usb 5-1: config 0 descriptor??
[  301.582490][T12892] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  301.589932][ T6773] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input14
[  301.717619][T12763] 8021q: adding VLAN 0 to HW filter on device bond0
[  301.785952][T12763] 8021q: adding VLAN 0 to HW filter on device team0
[  301.803117][T12920] tipc: Started in network mode
[  301.811914][T12920] tipc: Node identity 84e, cluster identity 4711
[  301.816843][T12920] tipc: Node number set to 2126
[  301.838101][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.841655][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.875202][ T6773] usb 5-1: USB disconnect, device number 34
[  301.876059][T12918] syzkaller0: entered promiscuous mode
[  301.877601][   T40] audit: type=1400 audit(1773523553.829:418): avc:  denied  { append } for  pid=12923 comm="syz.1.2503" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  301.885680][   T40] audit: type=1400 audit(1773523553.839:419): avc:  denied  { create } for  pid=12923 comm="syz.1.2503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  301.887024][T12918] syzkaller0: entered allmulticast mode
[  301.950362][T12924] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2503'.
[  301.960554][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.965790][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  302.034984][T12763] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  302.059472][T12763] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  302.450578][T12763] 8021q: adding VLAN 0 to HW filter on device batadv0
[  302.488071][T12934] bond0: (slave rose0): Enslaving as an active interface with an up link
[  302.584996][T12935] bond0: (slave rose0): Releasing backup interface
[  302.688069][T12763] veth0_vlan: entered promiscuous mode
[  302.762545][T12763] veth1_vlan: entered promiscuous mode
[  302.856275][T12763] veth0_macvtap: entered promiscuous mode
[  302.936680][T12763] veth1_macvtap: entered promiscuous mode
[  303.059929][T12958] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  303.131719][T12763] batman_adv: batadv0: Interface activated: batadv_slave_0
[  303.167980][T12763] batman_adv: batadv0: Interface activated: batadv_slave_1
[  303.218778][   T40] audit: type=1400 audit(1773523555.159:420): avc:  denied  { connect } for  pid=12962 comm="syz.3.2514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  303.243631][T12963] syzkaller0: entered promiscuous mode
[  303.246278][T12963] syzkaller0: entered allmulticast mode
[  303.260342][ T1147] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  303.319196][ T1147] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  303.323584][ T1147] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  303.456472][T12972] futex_wake_op: syz.3.2516 tries to shift op by -1; fix this program
[  303.473322][ T1147] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  303.596229][T12972] dummy0: entered promiscuous mode
[  303.600843][T12972] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  303.607043][T12972] hsr1: entered allmulticast mode
[  303.611196][T12972] dummy0: entered allmulticast mode
[  303.613323][T12972] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  303.659208][ T1243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.687225][ T1243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.721739][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.735448][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  304.112736][ T5942] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  304.118244][ T5942] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  304.130595][ T5942] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  304.140540][ T5942] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  304.165950][ T5942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  304.291967][T12988] lo speed is unknown, defaulting to 1000
[  304.449178][   T39] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  304.580635][T12988] chnl_net:caif_netlink_parms(): no params data found
[  304.655012][   T39] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  304.679326][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  304.690207][   T39] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  304.731892][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  304.756974][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  304.769973][   T39] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  304.778517][T12988] bridge0: port 1(bridge_slave_0) entered blocking state
[  304.783273][T12988] bridge0: port 1(bridge_slave_0) entered disabled state
[  304.787400][T12988] bridge_slave_0: entered allmulticast mode
[  304.808003][T12988] bridge_slave_0: entered promiscuous mode
[  304.809386][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  304.831917][T12988] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.835290][T12988] bridge0: port 2(bridge_slave_1) entered disabled state
[  304.839142][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  304.851743][T12988] bridge_slave_1: entered allmulticast mode
[  304.867179][   T39] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  304.887363][T12988] bridge_slave_1: entered promiscuous mode
[  304.911449][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  304.924596][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  304.940686][T12988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  304.948695][   T39] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  304.952706][T12988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.973442][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  304.990831][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  304.998078][   T39] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  305.008434][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  305.013146][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  305.019788][   T39] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  305.025341][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  305.031634][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  305.032072][T12988] team0: Port device team_slave_0 added
[  305.037596][   T39] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  305.037626][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  305.040767][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  305.040811][   T39] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  305.040835][   T39] usb 7-1: config 0 interface 0 has no altsetting 0
[  305.042810][   T39] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  305.042836][   T39] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  305.042852][   T39] usb 7-1: Product: syz
[  305.042864][   T39] usb 7-1: Manufacturer: syz
[  305.042876][   T39] usb 7-1: SerialNumber: syz
[  305.047941][   T39] usb 7-1: config 0 descriptor??
[  305.057387][   T39] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0
[  305.170147][T12988] team0: Port device team_slave_1 added
[  305.201275][T13016] mkiss: ax0: crc mode is auto.
[  305.303347][T12988] batman_adv: batadv0: Adding interface: batadv_slave_0
[  305.328513][T12988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  305.351959][T12988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  305.385237][T12988] batman_adv: batadv0: Adding interface: batadv_slave_1
[  305.398798][T12988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  305.432201][T12988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  305.461880][    C2] usb 7-1: yurex_control_callback - control failed: -71
[  305.462111][   T60] usb 7-1: USB disconnect, device number 46
[  305.478838][T13023] yurex 7-1:0.0: yurex_write - failed to send bulk msg, error -19
[  305.531081][   T60] yurex 7-1:0.0: USB YUREX #0 now disconnected
[  305.539347][   T40] audit: type=1400 audit(1773523557.489:421): avc:  denied  { read } for  pid=13019 comm="syz.1.2531" path="socket:[42521]" dev="sockfs" ino=42521 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  305.649175][   T40] audit: type=1400 audit(1773523557.609:422): avc:  denied  { getopt } for  pid=13019 comm="syz.1.2531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  305.727851][T12988] hsr_slave_0: entered promiscuous mode
[  305.732394][T12988] hsr_slave_1: entered promiscuous mode
[  306.004384][T12988] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.029632][ T3247] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  306.138604][T12988] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.188489][ T3247] usb 8-1: Using ep0 maxpacket: 8
[  306.198955][ T3247] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  306.203677][ T3247] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  306.225465][ T3247] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  306.232444][ T3247] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  306.268754][ T5942] Bluetooth: hci1: command tx timeout
[  306.278558][ T3247] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  306.282917][ T3247] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.356312][T12988] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.583469][T12988] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.643319][ T3247] usb 8-1: usb_control_msg returned -71
[  306.651416][ T3247] usbtmc 8-1:16.0: can't read capabilities
[  306.656781][T13048] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2539'.
[  306.675247][T13048] overlayfs: workdir and upperdir must be separate subtrees
[  306.712966][ T3247] usb 8-1: USB disconnect, device number 25
[  306.718515][   T39] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  306.955701][   T39] usb 6-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  307.006475][   T39] usb 6-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  307.016277][   T39] usb 6-1: config 1 interface 0 has no altsetting 0
[  307.037938][   T39] usb 6-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  307.043567][   T39] usb 6-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  307.054836][   T39] usb 6-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  307.080486][T12988] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  307.151056][   T39] usb 6-1: Manufacturer: syz
[  307.153518][   T39] usb 6-1: SerialNumber: Ќ
[  307.160941][T12988] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  307.195709][T12988] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  307.209689][T12988] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  307.210493][T13062] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2546'.
[  307.436752][T13072] netlink: 212924 bytes leftover after parsing attributes in process `syz.2.2548'.
[  307.522026][T12988] 8021q: adding VLAN 0 to HW filter on device bond0
[  307.550800][T12988] 8021q: adding VLAN 0 to HW filter on device team0
[  307.568708][ T1243] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.583967][ T1243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  307.592722][ T1243] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.598801][ T1243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  307.655754][T13080] FAULT_INJECTION: forcing a failure.
[  307.655754][T13080] name failslab, interval 1, probability 0, space 0, times 0
[  307.673060][T13080] CPU: 2 UID: 0 PID: 13080 Comm: syz.3.2551 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  307.673109][T13080] Tainted: [L]=SOFTLOCKUP
[  307.673115][T13080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  307.673125][T13080] Call Trace:
[  307.673131][T13080]  <TASK>
[  307.673137][T13080]  dump_stack_lvl+0x100/0x190
[  307.673169][T13080]  should_fail_ex.cold+0x5/0xa
[  307.673193][T13080]  should_failslab+0xc2/0x120
[  307.673210][T13080]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  307.673234][T13080]  ? __alloc_skb+0x140/0x710
[  307.673259][T13080]  __alloc_skb+0x140/0x710
[  307.673274][T13080]  ? __alloc_skb+0x5b7/0x710
[  307.673293][T13080]  ? __pfx___alloc_skb+0x10/0x10
[  307.673318][T13080]  netlink_alloc_large_skb+0x69/0x150
[  307.673343][T13080]  netlink_sendmsg+0x680/0xda0
[  307.673371][T13080]  ? __pfx_netlink_sendmsg+0x10/0x10
[  307.673392][T13080]  ? __might_fault+0x20/0x140
[  307.673423][T13080]  ____sys_sendmsg+0x9e1/0xb70
[  307.673447][T13080]  ? __pfx_netlink_sendmsg+0x10/0x10
[  307.673472][T13080]  ? __pfx_____sys_sendmsg+0x10/0x10
[  307.673507][T13080]  ___sys_sendmsg+0x190/0x1e0
[  307.673535][T13080]  ? __pfx____sys_sendmsg+0x10/0x10
[  307.673585][T13080]  __sys_sendmsg+0x170/0x220
[  307.673604][T13080]  ? __pfx___sys_sendmsg+0x10/0x10
[  307.673620][T12988] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  307.673637][T13080]  do_syscall_64+0x106/0xf80
[  307.673659][T13080]  ? clear_bhb_loop+0x40/0x90
[  307.673678][T13080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.673693][T13080] RIP: 0033:0x7f7a69b9c799
[  307.673708][T13080] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  307.673722][T13080] RSP: 002b:00007f7a67dee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  307.673739][T13080] RAX: ffffffffffffffda RBX: 00007f7a69e15fa0 RCX: 00007f7a69b9c799
[  307.673749][T13080] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[  307.673759][T13080] RBP: 00007f7a67dee090 R08: 0000000000000000 R09: 0000000000000000
[  307.673770][T13080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  307.673778][T13080] R13: 00007f7a69e16038 R14: 00007f7a69e15fa0 R15: 00007fff7e379818
[  307.673797][T13080]  </TASK>
[  307.846435][T13084] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2552'.
[  307.857481][T12988] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  307.932408][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2552'.
[  307.940383][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2552'.
[  307.972442][T13084] overlay: Unknown parameter 'audit'
[  307.992539][   T39] usbhid 6-1:1.0: couldn't find an input interrupt endpoint
[  308.019510][   T39] usb 6-1: USB disconnect, device number 36
[  308.185229][T13094] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2555'.
[  308.254194][T12988] 8021q: adding VLAN 0 to HW filter on device batadv0
[  308.329627][ T5942] Bluetooth: hci1: command tx timeout
[  308.338512][T12988] veth0_vlan: entered promiscuous mode
[  308.346764][T12988] veth1_vlan: entered promiscuous mode
[  308.407178][T12988] veth0_macvtap: entered promiscuous mode
[  308.424521][T12988] veth1_macvtap: entered promiscuous mode
[  308.478160][T12988] batman_adv: batadv0: Interface activated: batadv_slave_0
[  308.506637][T12988] batman_adv: batadv0: Interface activated: batadv_slave_1
[  308.523950][  T101] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  308.528216][  T101] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  308.554531][  T101] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  308.559566][  T101] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  308.721493][ T5983] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  308.732751][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  308.738691][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  308.804126][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  308.808149][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  308.871562][T13111] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  308.892731][ T5983] usb 8-1: Using ep0 maxpacket: 8
[  308.950542][ T5983] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  308.960599][ T5983] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  308.973530][ T5983] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  308.988753][ T5983] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  309.000760][ T5983] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  309.003433][   T39] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  309.007136][ T5983] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.190557][   T39] usb 7-1: Using ep0 maxpacket: 32
[  309.201909][   T39] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  309.208178][   T39] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  309.224930][   T39] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  309.248539][   T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  309.256435][   T39] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  309.270953][T13101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  309.280946][   T39] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 102
[  309.287073][T13101] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  309.307402][   T39] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  309.321108][   T39] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  309.332615][ T5983] usb 8-1: usb_control_msg returned -71
[  309.344817][   T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.346811][   T39] usb 7-1: config 0 descriptor??
[  309.347735][T13109] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  309.404375][ T5983] usbtmc 8-1:16.0: can't read capabilities
[  309.435398][ T5983] usb 8-1: USB disconnect, device number 26
[  309.462920][   T29] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  309.554857][   T39] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 47 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  309.631741][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.661329][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  309.684076][   T29] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  309.696837][   T29] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  309.701500][   T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.720530][   T40] audit: type=1400 audit(1773523561.669:423): avc:  denied  { bind } for  pid=13122 comm="syz.0.2567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  309.752085][   T40] audit: type=1400 audit(1773523561.699:424): avc:  denied  { read } for  pid=13122 comm="syz.0.2567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  309.771636][    C2] usblp0: nonzero read bulk status received: -71
[  309.779579][T13109] usblp0: error -71 reading from printer
[  309.785912][    C2] usblp0: nonzero read bulk status received: -71
[  309.794144][   T29] usb 6-1: config 0 descriptor??
[  309.798305][   T40] audit: type=1400 audit(1773523561.719:425): avc:  denied  { read write } for  pid=13108 comm="syz.2.2561" name="lp0" dev="devtmpfs" ino=3212 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  309.801404][   T39] usb 7-1: USB disconnect, device number 47
[  309.813833][   T40] audit: type=1400 audit(1773523561.729:426): avc:  denied  { open } for  pid=13108 comm="syz.2.2561" path="/dev/usb/lp0" dev="devtmpfs" ino=3212 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  309.830738][   T39] usblp0: removed
[  309.835443][   T40] audit: type=1400 audit(1773523561.729:427): avc:  denied  { write } for  pid=13122 comm="syz.0.2567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  310.042839][T13126] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2569'.
[  310.048068][T13126] FAULT_INJECTION: forcing a failure.
[  310.048068][T13126] name failslab, interval 1, probability 0, space 0, times 0
[  310.060726][T13126] CPU: 0 UID: 0 PID: 13126 Comm: syz.3.2569 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  310.060755][T13126] Tainted: [L]=SOFTLOCKUP
[  310.060761][T13126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  310.060771][T13126] Call Trace:
[  310.060777][T13126]  <TASK>
[  310.060784][T13126]  dump_stack_lvl+0x100/0x190
[  310.060818][T13126]  should_fail_ex.cold+0x5/0xa
[  310.060841][T13126]  should_failslab+0xc2/0x120
[  310.060859][T13126]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  310.060884][T13126]  ? __alloc_skb+0x140/0x710
[  310.060907][T13126]  __alloc_skb+0x140/0x710
[  310.060923][T13126]  ? __alloc_skb+0x5b7/0x710
[  310.060942][T13126]  ? __pfx___alloc_skb+0x10/0x10
[  310.060975][T13126]  netlink_ack+0x117/0xb80
[  310.061007][T13126]  netlink_rcv_skb+0x333/0x420
[  310.061030][T13126]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  310.061054][T13126]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  310.061085][T13126]  ? netlink_deliver_tap+0x1ae/0xcc0
[  310.061108][T13126]  netlink_unicast+0x5aa/0x870
[  310.061131][T13126]  ? __pfx_netlink_unicast+0x10/0x10
[  310.061158][T13126]  netlink_sendmsg+0x8b0/0xda0
[  310.061183][T13126]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.061204][T13126]  ? __might_fault+0x20/0x140
[  310.061231][T13126]  ____sys_sendmsg+0x9e1/0xb70
[  310.061254][T13126]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.061277][T13126]  ? __pfx_____sys_sendmsg+0x10/0x10
[  310.061310][T13126]  ___sys_sendmsg+0x190/0x1e0
[  310.061338][T13126]  ? __pfx____sys_sendmsg+0x10/0x10
[  310.061394][T13126]  __sys_sendmsg+0x170/0x220
[  310.061416][T13126]  ? __pfx___sys_sendmsg+0x10/0x10
[  310.061448][T13126]  do_syscall_64+0x106/0xf80
[  310.061469][T13126]  ? clear_bhb_loop+0x40/0x90
[  310.061490][T13126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.061507][T13126] RIP: 0033:0x7f7a69b9c799
[  310.061523][T13126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  310.061538][T13126] RSP: 002b:00007f7a67dee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  310.061555][T13126] RAX: ffffffffffffffda RBX: 00007f7a69e15fa0 RCX: 00007f7a69b9c799
[  310.061566][T13126] RDX: 00000000200080c0 RSI: 0000200000000000 RDI: 0000000000000003
[  310.061580][T13126] RBP: 00007f7a67dee090 R08: 0000000000000000 R09: 0000000000000000
[  310.061589][T13126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.061598][T13126] R13: 00007f7a69e16038 R14: 00007f7a69e15fa0 R15: 00007fff7e379818
[  310.061620][T13126]  </TASK>
[  310.274057][   T29] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  310.419290][ T5942] Bluetooth: hci1: command tx timeout
[  310.425661][   T40] audit: type=1400 audit(1773523562.369:428): avc:  denied  { read } for  pid=13128 comm="syz.3.2570" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  310.477411][   T40] audit: type=1400 audit(1773523562.369:429): avc:  denied  { open } for  pid=13128 comm="syz.3.2570" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  310.507256][   T40] audit: type=1400 audit(1773523562.369:430): avc:  denied  { ioctl } for  pid=13128 comm="syz.3.2570" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  310.526932][   T40] audit: type=1400 audit(1773523562.369:431): avc:  denied  { setopt } for  pid=13128 comm="syz.3.2570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  311.385192][T13163] 9pnet_virtio: no channels available for device syz
[  311.482144][T13165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2581'.
[  311.566958][T13168] tipc: Started in network mode
[  311.569951][T13168] tipc: Node identity 84e, cluster identity 4711
[  311.572943][T13168] tipc: Node number set to 2126
[  311.779155][T13174] syzkaller0: entered promiscuous mode
[  311.782461][T13174] syzkaller0: entered allmulticast mode
[  311.839342][ T6773] usb 6-1: reset high-speed USB device number 37 using dummy_hcd
[  312.023012][ T6773] usb 6-1: device descriptor read/64, error -32
[  312.161346][T13186] openvswitch: netlink: IP tunnel dst address not specified
[  312.278573][ T6773] usb 6-1: reset high-speed USB device number 37 using dummy_hcd
[  312.500944][ T5942] Bluetooth: hci1: command tx timeout
[  312.580758][ T5932] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[  312.723887][   T29] usb 6-1: USB disconnect, device number 37
[  312.800716][ T5932] usb 7-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  312.806041][ T5932] usb 7-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  312.816169][ T5932] usb 7-1: config 1 interface 0 has no altsetting 0
[  312.823642][ T5932] usb 7-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  312.831668][ T5932] usb 7-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  312.836275][ T5932] usb 7-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  312.853262][ T5932] usb 7-1: Manufacturer: syz
[  312.856361][ T5932] usb 7-1: SerialNumber: Ќ
[  312.902047][   T40] audit: type=1400 audit(1773523564.859:432): avc:  denied  { accept } for  pid=13203 comm="syz.0.2596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  312.928598][   T29] usb 6-1: new low-speed USB device number 38 using dummy_hcd
[  313.198589][   T29] usb 6-1: device descriptor read/64, error -71
[  313.446934][ T5932] usbhid 7-1:1.0: couldn't find an input interrupt endpoint
[  313.458741][   T29] usb 6-1: new low-speed USB device number 39 using dummy_hcd
[  313.474425][ T5932] usb 7-1: USB disconnect, device number 48
[  313.608956][   T29] usb 6-1: device descriptor read/64, error -71
[  313.727915][   T29] usb usb6-port1: attempt power cycle
[  313.981501][T13225] syzkaller0: entered promiscuous mode
[  313.985127][T13225] syzkaller0: entered allmulticast mode
[  314.068624][   T29] usb 6-1: new low-speed USB device number 40 using dummy_hcd
[  314.089288][   T29] usb 6-1: device descriptor read/8, error -71
[  314.256141][T13229] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  314.418490][   T29] usb 6-1: new low-speed USB device number 41 using dummy_hcd
[  314.469615][   T29] usb 6-1: device descriptor read/8, error -71
[  314.580785][   T29] usb usb6-port1: unable to enumerate USB device
[  314.634952][T13244] loop6: detected capacity change from 0 to 2640
[  314.640648][T13244] buffer_io_error: 32 callbacks suppressed
[  314.640663][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.649315][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.654313][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.659949][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.665231][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.671050][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.675158][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.679799][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.684051][T13244] ldm_validate_partition_table(): Disk read failed.
[  314.704922][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.719854][T13244] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.724773][T13244] Dev loop6: unable to read RDB block 0
[  314.738556][T13244]  loop6: unable to read partition table
[  314.770079][T13244] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  315.191434][ T6014] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  315.421034][ T6014] usb 5-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  315.452935][ T6014] usb 5-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  315.480039][ T6014] usb 5-1: config 1 interface 0 has no altsetting 0
[  315.500527][ T6014] usb 5-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  315.504241][ T6014] usb 5-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  315.518101][ T6014] usb 5-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[  315.547978][ T6014] usb 5-1: Manufacturer: syz
[  315.558002][ T6014] usb 5-1: SerialNumber: Ќ
[  315.610876][T13262] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  315.884930][T13266] FAULT_INJECTION: forcing a failure.
[  315.884930][T13266] name failslab, interval 1, probability 0, space 0, times 0
[  315.891773][T13266] CPU: 0 UID: 0 PID: 13266 Comm: syz.3.2621 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  315.891798][T13266] Tainted: [L]=SOFTLOCKUP
[  315.891803][T13266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  315.891811][T13266] Call Trace:
[  315.891817][T13266]  <TASK>
[  315.891824][T13266]  dump_stack_lvl+0x100/0x190
[  315.891851][T13266]  should_fail_ex.cold+0x5/0xa
[  315.891869][T13266]  ? tomoyo_encode2+0xfb/0x3c0
[  315.891889][T13266]  should_failslab+0xc2/0x120
[  315.891903][T13266]  __kmalloc_noprof+0xe0/0x850
[  315.891927][T13266]  tomoyo_encode2+0xfb/0x3c0
[  315.891949][T13266]  tomoyo_encode+0x29/0x50
[  315.891967][T13266]  tomoyo_realpath_from_path+0x18c/0x690
[  315.891992][T13266]  tomoyo_path_number_perm+0x23c/0x580
[  315.892009][T13266]  ? tomoyo_path_number_perm+0x22e/0x580
[  315.892027][T13266]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  315.892069][T13266]  ? find_held_lock+0x2b/0x80
[  315.892087][T13266]  ? __fget_files+0x215/0x3d0
[  315.892100][T13266]  ? hook_file_ioctl_common+0x146/0x410
[  315.892128][T13266]  ? __fget_files+0x21f/0x3d0
[  315.892146][T13266]  security_file_ioctl+0xd3/0x230
[  315.892167][T13266]  __x64_sys_ioctl+0xb7/0x210
[  315.892189][T13266]  do_syscall_64+0x106/0xf80
[  315.892207][T13266]  ? clear_bhb_loop+0x40/0x90
[  315.892225][T13266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.892240][T13266] RIP: 0033:0x7f7a69b9c799
[  315.892252][T13266] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  315.892265][T13266] RSP: 002b:00007f7a67dee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  315.892282][T13266] RAX: ffffffffffffffda RBX: 00007f7a69e15fa0 RCX: 00007f7a69b9c799
[  315.892291][T13266] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  315.892300][T13266] RBP: 00007f7a67dee090 R08: 0000000000000000 R09: 0000000000000000
[  315.892309][T13266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.892317][T13266] R13: 00007f7a69e16038 R14: 00007f7a69e15fa0 R15: 00007fff7e379818
[  315.892337][T13266]  </TASK>
[  315.892353][T13266] ERROR: Out of memory at tomoyo_realpath_from_path.
[  316.104952][   T40] kauditd_printk_skb: 7 callbacks suppressed
[  316.104968][   T40] audit: type=1400 audit(1773523568.059:440): avc:  denied  { remount } for  pid=13271 comm="syz.2.2623" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  316.380627][ T6014] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[  316.398098][ T6014] usb 5-1: USB disconnect, device number 35
[  316.778741][   T60] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  317.106370][   T60] usb 8-1: too many configurations: 9, using maximum allowed: 8
[  317.123769][   T60] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  317.134814][   T60] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  317.148930][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  317.160686][   T60] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  317.183125][   T60] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  317.196896][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  317.205823][   T60] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  317.213405][   T60] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  317.220532][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  317.225337][   T60] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  317.228944][T13284] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  317.248674][   T60] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  317.248700][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  317.250500][   T60] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  317.291575][   T60] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  317.310695][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  317.336154][   T60] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  317.352954][   T60] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  317.359479][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  317.364121][   T60] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  317.373238][   T60] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  317.378109][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  317.382447][   T60] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9
[  317.402333][   T60] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  317.409730][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  317.417060][   T60] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  317.422802][   T60] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  317.427326][   T60] usb 8-1: Product: syz
[  317.462160][   T60] usb 8-1: Manufacturer: syz
[  317.485147][   T60] usb 8-1: SerialNumber: syz
[  317.510169][   T60] usb 8-1: config 0 descriptor??
[  317.529349][   T60] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0
[  317.993673][   T40] audit: type=1400 audit(1773523569.939:441): avc:  denied  { load_policy } for  pid=13303 comm="syz.2.2633" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  318.009977][T13304] SELinux:  unknown common r
[  318.042338][T13304] SELinux: failed to load policy
[  318.353519][T13309] 9pnet_virtio: no channels available for device syz
[  318.479485][T13313] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  318.636085][   T40] audit: type=1400 audit(1773523570.589:442): avc:  denied  { getopt } for  pid=13316 comm="syz.0.2640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  318.675181][   T40] audit: type=1400 audit(1773523570.629:443): avc:  denied  { listen } for  pid=13316 comm="syz.0.2640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  318.954734][T13324] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2642'.
[  319.177848][T13336] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  319.303308][T13342] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  319.409556][   T40] audit: type=1400 audit(1773523571.349:444): avc:  denied  { remount } for  pid=13349 comm="syz.0.2653" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  319.492432][T13354] syzkaller0: entered promiscuous mode
[  319.494374][T13354] syzkaller0: entered allmulticast mode
[  319.500527][    C3] usb 8-1: yurex_control_callback - control failed: -2
[  319.501802][    C3] usb 8-1: yurex_control_callback - control failed: -2
[  319.559404][   T60] usb 8-1: USB disconnect, device number 27
[  319.567639][   T60] yurex 8-1:0.0: USB YUREX #0 now disconnected
[  319.583757][T13352] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2654'.
[  319.669002][T13352] xfrm1: entered promiscuous mode
[  319.671311][T13352] xfrm1: entered allmulticast mode
[  319.916337][T13363] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  320.052469][   T40] audit: type=1804 audit(1773523572.009:445): pid=13366 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.2660" name="/newroot/49/file0" dev="fuse" ino=1 res=1 errno=0
[  320.295627][T13379] input: syz0 as /devices/virtual/input/input15
[  320.300723][T13377] syzkaller0: entered promiscuous mode
[  320.328836][T13377] syzkaller0: entered allmulticast mode
[  320.453621][T13384] syzkaller0: entered promiscuous mode
[  320.484287][T13384] syzkaller0: entered allmulticast mode
[  320.905733][T13388] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  321.120823][T13397] bond0: (slave rose0): Enslaving as an active interface with an up link
[  321.223270][T13408] bond0: (slave rose0): Releasing backup interface
[  321.489595][T13414] syzkaller0: entered promiscuous mode
[  321.494398][T13414] syzkaller0: entered allmulticast mode
[  321.586551][   T40] audit: type=1400 audit(1773523573.539:446): avc:  denied  { create } for  pid=13398 comm="syz.1.2673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  321.633506][T13399] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2673'.
[  321.650113][   T40] audit: type=1400 audit(1773523573.579:447): avc:  denied  { write } for  pid=13398 comm="syz.1.2673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  321.728456][   T40] audit: type=1400 audit(1773523573.649:448): avc:  denied  { bind } for  pid=13400 comm="syz.0.2675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  322.097731][    C1] ------------[ cut here ]------------
[  322.104808][    C1] ODEBUG: free active (active state 0) object: ffff8880397e7c90 object type: timer_list hint: rose_t0timer_expiry+0x0/0x150
[  322.128606][    C1] WARNING: lib/debugobjects.c:629 at debug_print_object+0x18e/0x2a0, CPU#1: syz.2.2678/13427
[  322.130640][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  322.153054][    C1] Modules linked in:
[  322.153118][    C1] CPU: 1 UID: 0 PID: 13427 Comm: syz.2.2678 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  322.153147][    C1] Tainted: [L]=SOFTLOCKUP
[  322.153155][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  322.153164][    C1] RIP: 0010:debug_print_object+0x19b/0x2a0
[  322.153195][    C1] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d 32 8d e5 0b 41 56 48 8b 14 dd 60 17 1b 8c 4c 89 e6 <67> 48 0f b9 3a 58 83 05 0c 4d db 0b 01 48 83 c4 18 5b 5d 41 5c 41
[  322.153213][    C1] RSP: 0018:ffffc900006a0a38 EFLAGS: 00010246
[  322.153230][    C1] RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000
[  322.153243][    C1] RDX: ffffffff8c1b16a0 RSI: ffffffff8c1b12c0 RDI: ffffffff90e40420
[  322.153256][    C1] RBP: 0000000000000001 R08: ffff8880397e7c90 R09: ffffffff8bb2b920
[  322.153268][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8c1b12c0
[  322.153280][    C1] R13: ffffffff8bb2b960 R14: ffffffff8a7bcfe0 R15: ffffc900006a0b38
[  322.153293][    C1] FS:  0000000000000000(0000) GS:ffff8880d6442000(0000) knlGS:0000000000000000
[  322.153329][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  322.153344][    C1] CR2: 000000110c3f75e2 CR3: 000000003b9a2000 CR4: 0000000000352ef0
[  322.153358][    C1] Call Trace:
[  322.153365][    C1]  <IRQ>
[  322.153373][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  322.153400][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  322.153428][    C1]  debug_check_no_obj_freed+0x4da/0x630
[  322.153463][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  322.153490][    C1]  ? __lock_acquire+0x4a5/0x2630
[  322.153575][    C1]  ? rose_timer_expiry+0x53f/0x630
[  322.153592][    C1]  kfree+0x38f/0x6b0
[  322.153616][    C1]  rose_timer_expiry+0x53f/0x630
[  322.153633][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  322.153648][    C1]  call_timer_fn+0x19a/0x670
[  322.153670][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  322.153694][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  322.153709][    C1]  ? mark_held_locks+0x40/0x70
[  322.153734][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  322.153748][    C1]  __run_timers+0x757/0xb30
[  322.153775][    C1]  ? __pfx___run_timers+0x10/0x10
[  322.153804][    C1]  ? _raw_spin_lock_irq+0x45/0x50
[  322.153824][    C1]  run_timer_base+0x114/0x190
[  322.153845][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  322.153869][    C1]  run_timer_softirq+0x1a/0x50
[  322.153894][    C1]  handle_softirqs+0x1eb/0x9e0
[  322.153917][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  322.153940][    C1]  __irq_exit_rcu+0xef/0x150
[  322.153957][    C1]  irq_exit_rcu+0x9/0x30
[  322.153973][    C1]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  322.153992][    C1]  </IRQ>
[  322.153997][    C1]  <TASK>
[  322.154004][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  322.154021][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[  322.154042][    C1] Code: 66 f7 5a 00 48 89 df 5b e9 dd 71 60 00 be 03 00 00 00 5b e9 e2 90 ed 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 65 8b 05 e5 24 05 12 48 8b 34 24 65 48 8b 15 c1 24 05
[  322.154056][    C1] RSP: 0018:ffffc90004737760 EFLAGS: 00000246
[  322.154069][    C1] RAX: 0000000000000000 RBX: 00007f996bbff000 RCX: ffffffff8258ef39
[  322.154079][    C1] RDX: 00007f996bbff000 RSI: 00007f996bbff000 RDI: ffff888053c224c0
[  322.154089][    C1] RBP: 00007f996bbff000 R08: 0000000000000006 R09: 00007f996bbff000
[  322.154098][    C1] R10: 00007f996bbff000 R11: 0000000000000000 R12: ffff88805b98c330
[  322.154108][    C1] R13: 00007f996bbff000 R14: 00007f996bbff000 R15: 00007f996bbff000
[  322.154124][    C1]  ? unmap_page_range+0x1709/0x4840
[  322.154144][    C1]  unmap_page_range+0x2b7/0x4840
[  322.154177][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  322.154195][    C1]  ? mas_next_slot+0x1003/0x18b0
[  322.154219][    C1]  ? uprobe_munmap+0x9e/0x700
[  322.154243][    C1]  unmap_single_vma+0x153/0x240
[  322.154261][    C1]  unmap_vmas+0x295/0x590
[  322.154280][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  322.154296][    C1]  ? mas_next_slot+0x1003/0x18b0
[  322.154328][    C1]  exit_mmap+0x1ef/0xa30
[  322.154346][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  322.154361][    C1]  ? trace_contention_end+0x140/0x180
[  322.154381][    C1]  ? uprobe_clear_state+0x5f/0x360
[  322.154402][    C1]  ? uprobe_clear_state+0x5f/0x360
[  322.154427][    C1]  ? __lock_acquire+0x4a5/0x2630
[  322.154459][    C1]  ? arch_uprobe_clear_state+0x107/0x150
[  322.154479][    C1]  __mmput+0x12a/0x410
[  322.154499][    C1]  mmput+0x67/0x80
[  322.154515][    C1]  do_exit+0x819/0x2b60
[  322.154537][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  322.154583][    C1]  ? __pfx_do_exit+0x10/0x10
[  322.154605][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  322.154629][    C1]  do_group_exit+0xd5/0x2a0
[  322.154652][    C1]  __x64_sys_exit_group+0x3e/0x50
[  322.154674][    C1]  x64_sys_call+0x102c/0x1530
[  322.154691][    C1]  do_syscall_64+0x106/0xf80
[  322.154709][    C1]  ? clear_bhb_loop+0x40/0x90
[  322.154728][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.154743][    C1] RIP: 0033:0x7f996bd9c799
[  322.154755][    C1] Code: Unable to access opcode bytes at 0x7f996bd9c76f.
[  322.154762][    C1] RSP: 002b:00007ffce8982fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  322.154777][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f996bd9c799
[  322.154787][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  322.154795][    C1] RBP: 00007ffce898300c R08: 0000000000000000 R09: 00000000000927c0
[  322.154804][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000038
[  322.154813][    C1] R13: 00000000000927c0 R14: 000000000004e934 R15: 00007ffce8983060
[  322.154834][    C1]  </TASK>
[  322.154842][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  322.154853][    C1] CPU: 1 UID: 0 PID: 13427 Comm: syz.2.2678 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  322.154872][    C1] Tainted: [L]=SOFTLOCKUP
[  322.154877][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  322.154885][    C1] Call Trace:
[  322.154895][    C1]  <IRQ>
[  322.154900][    C1]  dump_stack_lvl+0x100/0x190
[  322.154923][    C1]  vpanic+0x552/0x970
[  322.154937][    C1]  ? __pfx_vpanic+0x10/0x10
[  322.154957][    C1]  panic+0xd1/0xe0
[  322.154970][    C1]  ? __pfx_panic+0x10/0x10
[  322.154990][    C1]  ? check_panic_on_warn+0x1f/0x90
[  322.155014][    C1]  check_panic_on_warn.cold+0x19/0x34
[  322.155029][    C1]  ? debug_print_object+0x18e/0x2a0
[  322.155046][    C1]  __warn.cold+0x191/0x348
[  322.155062][    C1]  __report_bug+0x296/0x3d0
[  322.155078][    C1]  ? debug_print_object+0x18e/0x2a0
[  322.155098][    C1]  ? __pfx___report_bug+0x10/0x10
[  322.155114][    C1]  ? __lock_acquire+0x4a5/0x2630
[  322.155146][    C1]  report_bug_entry+0xe1/0x290
[  322.155162][    C1]  ? debug_print_object+0x19b/0x2a0
[  322.155180][    C1]  handle_bug+0x1cd/0x2a0
[  322.155201][    C1]  exc_invalid_op+0x17/0x50
[  322.155221][    C1]  asm_exc_invalid_op+0x1a/0x20
[  322.155235][    C1] RIP: 0010:debug_print_object+0x19b/0x2a0
[  322.155253][    C1] Code: b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 48 8d 3d 32 8d e5 0b 41 56 48 8b 14 dd 60 17 1b 8c 4c 89 e6 <67> 48 0f b9 3a 58 83 05 0c 4d db 0b 01 48 83 c4 18 5b 5d 41 5c 41
[  322.155266][    C1] RSP: 0018:ffffc900006a0a38 EFLAGS: 00010246
[  322.155277][    C1] RAX: dffffc0000000000 RBX: 0000000000000003 RCX: 0000000000000000
[  322.155286][    C1] RDX: ffffffff8c1b16a0 RSI: ffffffff8c1b12c0 RDI: ffffffff90e40420
[  322.155296][    C1] RBP: 0000000000000001 R08: ffff8880397e7c90 R09: ffffffff8bb2b920
[  322.155305][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8c1b12c0
[  322.155314][    C1] R13: ffffffff8bb2b960 R14: ffffffff8a7bcfe0 R15: ffffc900006a0b38
[  322.155324][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  322.155353][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  322.155372][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  322.155392][    C1]  debug_check_no_obj_freed+0x4da/0x630
[  322.155419][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  322.155440][    C1]  ? __lock_acquire+0x4a5/0x2630
[  322.155468][    C1]  ? rose_timer_expiry+0x53f/0x630
[  322.155482][    C1]  kfree+0x38f/0x6b0
[  322.155503][    C1]  rose_timer_expiry+0x53f/0x630
[  322.155519][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  322.155532][    C1]  call_timer_fn+0x19a/0x670
[  322.155552][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  322.155575][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  322.155589][    C1]  ? mark_held_locks+0x40/0x70
[  322.155613][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  322.155626][    C1]  __run_timers+0x757/0xb30
[  322.155651][    C1]  ? __pfx___run_timers+0x10/0x10
[  322.155679][    C1]  ? _raw_spin_lock_irq+0x45/0x50
[  322.155698][    C1]  run_timer_base+0x114/0x190
[  322.155718][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  322.155740][    C1]  run_timer_softirq+0x1a/0x50
[  322.155759][    C1]  handle_softirqs+0x1eb/0x9e0
[  322.155779][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  322.155801][    C1]  __irq_exit_rcu+0xef/0x150
[  322.155818][    C1]  irq_exit_rcu+0x9/0x30
[  322.155834][    C1]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  322.155851][    C1]  </IRQ>
[  322.155856][    C1]  <TASK>
[  322.155862][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  322.155877][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[  322.155900][    C1] Code: 66 f7 5a 00 48 89 df 5b e9 dd 71 60 00 be 03 00 00 00 5b e9 e2 90 ed 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 65 8b 05 e5 24 05 12 48 8b 34 24 65 48 8b 15 c1 24 05
[  322.155914][    C1] RSP: 0018:ffffc90004737760 EFLAGS: 00000246
[  322.155924][    C1] RAX: 0000000000000000 RBX: 00007f996bbff000 RCX: ffffffff8258ef39
[  322.155934][    C1] RDX: 00007f996bbff000 RSI: 00007f996bbff000 RDI: ffff888053c224c0
[  322.155943][    C1] RBP: 00007f996bbff000 R08: 0000000000000006 R09: 00007f996bbff000
[  322.155952][    C1] R10: 00007f996bbff000 R11: 0000000000000000 R12: ffff88805b98c330
[  322.155961][    C1] R13: 00007f996bbff000 R14: 00007f996bbff000 R15: 00007f996bbff000
[  322.155976][    C1]  ? unmap_page_range+0x1709/0x4840
[  322.155994][    C1]  unmap_page_range+0x2b7/0x4840
[  322.156026][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  322.156043][    C1]  ? mas_next_slot+0x1003/0x18b0
[  322.156065][    C1]  ? uprobe_munmap+0x9e/0x700
[  322.156088][    C1]  unmap_single_vma+0x153/0x240
[  322.156105][    C1]  unmap_vmas+0x295/0x590
[  322.156123][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  322.156139][    C1]  ? mas_next_slot+0x1003/0x18b0
[  322.156170][    C1]  exit_mmap+0x1ef/0xa30
[  322.156187][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  322.156201][    C1]  ? trace_contention_end+0x140/0x180
[  322.156220][    C1]  ? uprobe_clear_state+0x5f/0x360
[  322.156239][    C1]  ? uprobe_clear_state+0x5f/0x360
[  322.156264][    C1]  ? __lock_acquire+0x4a5/0x2630
[  322.156295][    C1]  ? arch_uprobe_clear_state+0x107/0x150
[  322.156314][    C1]  __mmput+0x12a/0x410
[  322.156332][    C1]  mmput+0x67/0x80
[  322.156349][    C1]  do_exit+0x819/0x2b60
[  322.156370][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  322.156391][    C1]  ? __pfx_do_exit+0x10/0x10
[  322.156411][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  322.156434][    C1]  do_group_exit+0xd5/0x2a0
[  322.156456][    C1]  __x64_sys_exit_group+0x3e/0x50
[  322.156478][    C1]  x64_sys_call+0x102c/0x1530
[  322.156493][    C1]  do_syscall_64+0x106/0xf80
[  322.156510][    C1]  ? clear_bhb_loop+0x40/0x90
[  322.156527][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.156542][    C1] RIP: 0033:0x7f996bd9c799
[  322.156552][    C1] Code: Unable to access opcode bytes at 0x7f996bd9c76f.
[  322.156559][    C1] RSP: 002b:00007ffce8982fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  322.156572][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f996bd9c799
[  322.156581][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  322.156589][    C1] RBP: 00007ffce898300c R08: 0000000000000000 R09: 00000000000927c0
[  322.156598][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000038
[  322.156606][    C1] R13: 00000000000927c0 R14: 000000000004e934 R15: 00007ffce8983060
[  322.156626][    C1]  </TASK>
[  322.167348][    C1] Kernel Offset: disabled