last executing test programs:

11.270994281s ago: executing program 1 (id=339):
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x8000001, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xf9}}, 0x10}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac95ab194f93f8e795a9b29420fa62d", 0x11}], 0x1}}], 0x1, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000000000000000000000000000000ff9700", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd00ac6700000000000000000000c2888e7d52164ec480e79200000100", [0x0, 0x2000000000001]}})

11.249336736s ago: executing program 0 (id=340):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, r1, 0x1, 0x70bd2e}, 0x14}, 0x1, 0x0, 0x0, 0x104}, 0x0)

11.150396615s ago: executing program 0 (id=341):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000200)={0xdddd0000, 0x103000}) (async, rerun: 32)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000040)={0xfffffffffffff001, 0x10000}) (async, rerun: 32)
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000bc9cbf40480b032094710000000109022400010000000009040000224fc25200090503fe", @ANYRESOCT=r0, @ANYRESOCT, @ANYBLOB="e92171cb19ad14653e94a5e3aacf7da7f8c8f0db87e82bcd4b29077c47224a7f32a8ada33406bdb7e61851f486efc67acb08b182f40c255d7f9e4dda81965203f7e74d253f44fff2e8a57fa891a46c8b641ca11c6a39f1f852c52c1444842097876648deae8f8c6e2d6acd8778faf9d6490ee859f67c9b2b3b8487b94f001749ba31353199b425bdb564b30eb6d2125e792ec54d51fe30b44880f7f10145d22654b3d71b1477b9224f87fdd856b7b22e4d91f72b078c605daf"], 0x0)

10.979378803s ago: executing program 1 (id=342):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="180800000000000000f9ff000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

10.924133835s ago: executing program 1 (id=344):
r0 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0)
r1 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000005580)=""/102392, 0x18ff8)
mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00')
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000e56000/0x4000)=nil, 0x4000, 0x11)
ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40)
sendmmsg(r5, 0x0, 0x0, 0x0)
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}})

10.33814072s ago: executing program 1 (id=345):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$BLKRASET(0xffffffffffffffff, 0x1262, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000000240), 0x1)
sendto$inet6(r2, 0x0, 0x0, 0x2000c851, 0x0, 0x0)
syz_usb_connect$uac3(0x3, 0x0, 0x0, &(0x7f0000000400)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x200, 0x10, 0x5, 0x7f, 0xff, 0x5}, 0x23, &(0x7f0000000180)={0x5, 0xf, 0x23, 0x3, [@wireless={0xb, 0x10, 0x1, 0xc, 0x62, 0x6, 0x14, 0x9, 0x4}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0x1, 0xf00f, 0x4, [0x3ff0]}]}, 0x5, [{0x0, 0x0}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x480a}}, {0x0, 0x0}, {0x2, &(0x7f0000000280)=@string={0x2}}, {0x2, &(0x7f0000000340)=@string={0x2}}]})

8.146319418s ago: executing program 1 (id=348):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
r2 = syz_io_uring_setup(0x3ce2, &(0x7f00000077c0)={0x0, 0xac1b, 0x80, 0x1200000, 0x15b}, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/comedi3\x00', 0x1014c2, 0x0)
io_uring_register$IORING_REGISTER_RING_FDS(r2, 0x14, &(0x7f0000007700)=[{0x4, 0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)=""/175, 0xaf}, {&(0x7f0000000440)=""/133, 0x85}, {&(0x7f00000005c0)=""/100, 0x64}, {&(0x7f00000002c0)=""/39, 0x27}], &(0x7f00000006c0)=[0x6]}, {0xa, 0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000740)=""/205, 0xcd}, {&(0x7f0000000840)}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/188, 0xbc}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000002940)=""/41, 0x29}, {&(0x7f0000002980)=""/37, 0x25}, {&(0x7f00000029c0)=""/166, 0xa6}, {&(0x7f0000002a80)=""/145, 0x91}, {&(0x7f0000002b40)=""/2, 0x2}], &(0x7f0000002c40)=[0x5, 0x3, 0x3, 0x3, 0xffffffffffffffba, 0x1, 0x3, 0x3, 0x2]}, {0x1, 0x0, 0x0, &(0x7f0000004d40)=[{&(0x7f0000002cc0)=""/52, 0x34}], &(0x7f0000004d80)=[0x8, 0x5, 0xc261, 0x3ff, 0x8000, 0x3319f4b, 0x2]}, {0x5, 0x0, 0x0, &(0x7f0000005340)=[{0x0}, {&(0x7f0000005000)=""/199, 0xc7}, {&(0x7f0000005100)=""/189, 0xbd}, {&(0x7f00000051c0)=""/211, 0xd3}, {&(0x7f00000052c0)=""/110, 0x6e}], &(0x7f00000053c0)=[0x6, 0xffffffffffffffff, 0x5]}, {0x5, 0x0, 0x0, &(0x7f0000007640)=[{&(0x7f00000054c0)=""/34, 0x22}, {&(0x7f0000005500)=""/108, 0x6c}, {&(0x7f0000005580)=""/4096, 0x1000}, {&(0x7f0000006580)=""/4096, 0x1000}, {&(0x7f0000007580)=""/169, 0xa9}], &(0x7f00000076c0)=[0x1, 0x9, 0x2, 0x4, 0xc79a]}], 0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
get_mempolicy(0x0, &(0x7f0000000100), 0x3, &(0x7f0000ffb000/0x4000)=nil, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x40001)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x80, 0x0, 0x40, 0xe0, 0x1d, 0xffffffff, &(0x7f00000000c0)="d6e3a04c2ed12b1a90b6891c4796f5c0a61e8ea4f0e493a0da49b8106e"})
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x101180, 0x0)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0xc2180, 0x0)
ioctl$COMEDI_INSN(r6, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x4})
ioctl$SOUND_MIXER_WRITE_VOLUME(r5, 0xc0040d07, &(0x7f0000000040)=0x121)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
semget$private(0x0, 0x4000, 0x0)

6.572275935s ago: executing program 0 (id=352):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvmsg$unix(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2002)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TIOCGWINSZ(r5, 0x5413, &(0x7f0000000340))
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0)
r7 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
read$char_usb(r6, &(0x7f00000000c0)=""/104, 0x12)
sendfile(r7, r6, 0x0, 0x3fffff)
r8 = socket(0x10, 0x3, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r9 = syz_io_uring_setup(0x893, &(0x7f0000000180)={0x0, 0x40c999, 0x10000, 0xffffffdf, 0x179, 0x0, r6}, &(0x7f0000000300)=<r10=>0x0, &(0x7f0000000040)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r9, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000030400000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="f7e8010000000000140012800b0001006d61637365630000040002801400fcff6c616373656330000000000000000000"], 0x48}, 0x1, 0x0, 0x0, 0x20028082}, 0x24004000)

6.567833322s ago: executing program 3 (id=353):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000480)=0x7) (async)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) (async)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async, rerun: 32)
r5 = socket$alg(0x26, 0x5, 0x0) (rerun: 32)
bind$alg(r5, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, 0x0, 0x0, 0x40800) (async)
recvmsg$can_bcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)}, 0x10150) (async, rerun: 64)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x4) (rerun: 64)
r8 = syz_open_dev$dri(&(0x7f00000016c0), 0x0, 0x1)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r8, 0xc01064b5, &(0x7f0000001740)={&(0x7f0000001700)})
ioctl$TCXONC(r7, 0x540a, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000280), 0x0, &(0x7f0000000680)=""/4084, 0xff4}, 0x2061)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000100)={&(0x7f0000001680)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r9, 0x100, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4005) (async)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x28, r10, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x40000000, 0x61}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x20084000}, 0x4000)

6.30761398s ago: executing program 2 (id=355):
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x1, 0x0, {0xa}}, 0x14}}, 0x0) (fail_nth: 3)

6.037918331s ago: executing program 3 (id=356):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x64, r1, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x3c, 0x2d, 0x0, 0x1, [{0x12, 0x0, @random="222f64072ca1b1a97589537eaf60"}, {0xa, 0x0, @default_ap_ssid}, {0xb, 0x0, @random="c676fcf08d9040"}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_MAC={0xa}]}, 0x64}}, 0x0)

5.604633812s ago: executing program 0 (id=357):
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
r2 = eventfd2(0x8, 0x0)
ppoll(&(0x7f0000000240), 0x0, 0x0, 0x0, 0x0)
write$eventfd(r2, &(0x7f0000000140)=0xfffffffffffffffc, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x802, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffd30}, 0x94)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d000014000000000000000000000005000600000000000a00000000000000fc0100000000000000000000ea2fa43c000000000000000005000500000000000a0000000000000000000000000000000000000000000000000000000000000008001200020002000000000000"], 0xa0}}, 0x0)
read(r2, &(0x7f0000000480)=""/82, 0x52)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r8=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r8, r1, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000001040)={0x28, 0x6, r1, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xfffffffffffffffb})
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r9, 0xffffffffffffffff, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

5.367201267s ago: executing program 2 (id=358):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$BLKRASET(0xffffffffffffffff, 0x1262, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r1, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000000240), 0x1)
sendto$inet6(r2, 0x0, 0x0, 0x2000c851, 0x0, 0x0)
syz_usb_connect$uac3(0x3, 0x0, 0x0, &(0x7f0000000400)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x200, 0x10, 0x5, 0x7f, 0xff, 0x5}, 0x23, &(0x7f0000000180)={0x5, 0xf, 0x23, 0x3, [@wireless={0xb, 0x10, 0x1, 0xc, 0x62, 0x6, 0x14, 0x9, 0x4}, @ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0x1, 0xf00f, 0x4, [0x3ff0]}]}, 0x5, [{0x0, 0x0}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x480a}}, {0x0, 0x0}, {0x2, &(0x7f0000000280)=@string={0x2}}, {0x2, &(0x7f0000000340)=@string={0x2}}]})

5.366767431s ago: executing program 4 (id=359):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000611924000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
close_range(r2, 0xffffffffffffffff, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48)
sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x20000000)
socket$kcm(0x29, 0x7, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x84, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e20, @rand_addr=0x64010100}}, 0x8, 0x9}, &(0x7f0000000000)=0x90)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r1)
sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x98, r7, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x101}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xffff}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x17}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x9aa5da920b93b776}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x2f}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10000}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x88, 0x2e, 0x401, 0xf0bd26, 0x25dfdbfc, {0x4}, [@nested={0x72, 0x7b, 0x0, 0x1, [@generic="db45068b61cc25d667ee44d9e6f424401d43ee415a144ef51ae7a0012952c18361c5d6e16d74311a2728ae0364c7e950cee1530ddc32676af62be4391fd1fadfcb431b13c491c063710c6ce6771102f88f31b5a451ae20680e05d1", @generic="0e1d76", @typed={0x4, 0xa9}, @typed={0x7, 0x12, 0x0, 0x0, @str='aa\x00'}, @typed={0x4, 0x125}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

5.343563965s ago: executing program 3 (id=360):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="0218000014000000000000000100000005000500000000000a00ffff00000000fe8000000000000000000000000000aa0000000000000000080012000000000003000000000000001000000000000000000000000000000002000002000000000000000000000000fc010000000000000000000000000000050006006c0000000a"], 0xa0}}, 0x0)

4.968540959s ago: executing program 4 (id=361):
r0 = socket(0x10, 0x803, 0x0) (async)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000000000014000000000000002900000034000000fdffffff00000000180000000000000029000000040000000400000000000000d80000000000000029000000360000005e17000000000000000100000100010800000000000000000728000000030800ff0f66090000000000000700000000000000010000000000000001000000000000000864c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff700710000000030203070004ffffffffffffff01082bdb86d1ce6a20c200000000180000000000000029000000370000007300000000000000180000000000000029000000390000000000000000000000380000000000000029000000390000003a04027000000000ff01"], 0x188}}], 0x1, 0x810) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000008c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x15, 0x3, "709c117c82b1095a6f232d638adc3de6b1"}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_NAME={0x9, 0x1, 'mark\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x98}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x20493859}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) (async)
r4 = accept4(r3, 0x0, 0x0, 0x800)
pwritev(0xffffffffffffffff, &(0x7f0000000d80)=[{&(0x7f0000000780)="42ebe7f5d8dde5f3e9c5c7e7bc09d8d80f373ae4dc85e6cb597bd322663b986ff272399bec41d811a763bcd2cdc221d2ac6cdeeca815ce250ce959444e7f296cb11433530cfccd0c6f450147b46eb5bbe281810c76577aaf554801815d1ee516cc0752832233d7610ce165a593e43cbaa4f52db28e5aead94767ad0d0ccf1cd422fcfd87e848c94a2be6e254d827012967", 0x91}, {&(0x7f0000000880)="3ed8269a24bf45844c983ea0eeeb58f212eeac22d35800c1a94b360b7b20a38c4009daad6421963cbcd5621f4aa4892eb9937191078bfbceee60ee759765c992659367fc8bd35cf5d87272d4c4bbccb6fe258a2bc4cf778776b91c3e1da4690fe0506ba67577475d", 0x68}, {&(0x7f0000000540)="b4e007f06d056aa0367c7356f83c", 0xe}, {&(0x7f0000000580)="1ab9a1fec95331b4b1bb5f840b0a198cb5add980a1e5cd402aaabeb7a27d1418376394238ae0a1ca9cc4187957fdca8dfa1151a311e577e1461a24", 0x3b}, {&(0x7f0000000700)="741f5b18fef5626f948b1919860417488e3e5141e17a3031271340b8ac67e4f5f7a2", 0x22}, {&(0x7f0000000a80)}, {&(0x7f0000000ac0)}], 0x7, 0x4d9e, 0x8) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a050000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a310000090000000480080002400000000008000140000000000900010000008000000000004c000000060a0104000000000000000001000000240004802000018007000100727400001400028008000240ce31b6cf080001400000000308000b40000000000900010073797a3000e9ffff130000000100010000000000000aeeb9c7da275615ac46ea6889d53c4ae599307c3ebec1699a88c01503d6fa07347deedf1ea28f6f72f6f980cf56d609aa0aa2aba830c53cbb6f3d7823e6d132c066dd4c9ee3ec9c0b34dbefe68fa35363bb4c4fdded806dd29f43897acc350256c77f4e6e63466d3481f6bc59325ad99a551a874b901ed7478d589452109e200940bc27d0efb7bbce0bf88495c5e550beba28b917ea48cbb953b7ddf6fe250ead7aa0091e4679f3c41016ea"], 0xd4}}, 0x0) (async)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) (async)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) (async)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) (async)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) (async)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007020000", @ANYRES32=r0, @ANYBLOB="200001"], 0x38}}, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001800090400000000800020000a001000000000020200000008001e0004000000"], 0x24}}, 0x0) (async)
r6 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$gtp(&(0x7f0000000700), r7)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x30, r8, 0x800, 0x70bd2a, 0x25dfdbfe, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010100}]}, 0x30}}, 0x8800) (async)
syz_usb_control_io(r6, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r9, 0xc0145b0e, &(0x7f0000000040))

4.199165245s ago: executing program 3 (id=362):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x328000, 0x81f}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0xffffffff)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000240)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10000000}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x1)
syz_fuse_handle_req(r4, 0x0, 0x0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)={0x78, 0x0, 0xfffffffffffffffe, {0xffffffffffffeffd, 0x2000002, 0x0, {0x2, 0xe200, 0x1, 0x2c58c9da, 0x1e93, 0x7, 0x327, 0x8002, 0xffffff81, 0x8000, 0x4, 0x0, 0x0, 0xcb, 0xd6f1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lseek(r6, 0x9, 0x2)
r7 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="540000001200010000000000000000000a00000000004e2100000000ffffffff0100000000000000feffffff00000000f0ffffffffffff00dfe01daf2215441e03158d13a460e04aa48aad311933615a35945a2f97e078b020976e61aaa94dd1facf1b69d2863201cfe193f8c5db5d4e9103e43a58025bf2a7cca3575c001dbf7889eeaf8926cde76c038ebe9d1b05f77466b6b0f169f466b6ea5508ffc89c55a204b0c0083c7122b1e198b7bb1eddda27b25feab64872c3346b2c00824609975f8c9cfdde7d1b3afbbfd2f62041e53b818e02b69b145f5de26b6feefd7e2ab908f0675f3cbb20332a03815e286f13cffb871cdef45578ca34dd360db3706f77c629b1dd07", @ANYRES32=0x0, @ANYBLOB="010000000300000000000000000000000800"], 0x54}, 0x1, 0x0, 0x0, 0x44044}, 0x20004010)

4.022460927s ago: executing program 4 (id=363):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
read$FUSE(r1, &(0x7f0000012300)={0x2020}, 0x54)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, 0x0, &(0x7f0000000340))
sendmmsg$unix(r2, &(0x7f00000000c0), 0x0, 0x20000810)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket(0x18, 0x1, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
syz_io_uring_setup(0xc299, &(0x7f0000000280)={0x0, 0x4a24, 0x80, 0x0, 0x240, 0x0, r3}, &(0x7f0000000000), &(0x7f0000000040))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
clock_adjtime(0x3, &(0x7f0000000140)={0xcaf8, 0x9, 0x3, 0x7, 0x8ad, 0x4, 0x10000, 0x1, 0xffffffffffffffff, 0x7f, 0x4, 0x0, 0x1, 0x5, 0x9, 0xf8, 0x0, 0x10000, 0x100000001, 0x7, 0x3, 0x1, 0x38000000, 0x401, 0x8, 0x5})
write$binfmt_script(r4, &(0x7f0000000080), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

3.328598634s ago: executing program 1 (id=364):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010002ee3b25205a06090065600102030109021b0001040840000904080101b9d7420209058a028d"], 0x0)
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x4008004)
write(r3, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000040), 0x5, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, 0x0, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x1, 0x0, {0xa}}, 0x14}}, 0x0)

3.193541458s ago: executing program 2 (id=365):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000440)=""/162, 0xa2}, {&(0x7f0000000200)=""/108, 0x6c}, {&(0x7f0000000500)=""/156, 0x9c}], 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
r8 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {}, {}, {0xffe0, 0x5}}, [@filter_kind_options=@f_u32={{0x8}, {0xfffffed3, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0xffffffff}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r7, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)
r10 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000003c0)={'virt_wifi0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r11=>0x0})
r12 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_mreq(r12, 0x29, 0x1b, &(0x7f0000000140)={@remote}, 0x14)
setsockopt$inet6_mreq(r12, 0x29, 0x1b, &(0x7f0000000080)={@remote, r11}, 0x14)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)

2.66481958s ago: executing program 4 (id=366):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001900010027bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000080)={0x84, @local, 0x15, 0x3, 'sh\x00', 0x19, 0x5, 0x71}, 0x2c)
r4 = socket$kcm(0xa, 0x2, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e24, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xc, 0x2}}, 0x44)
sendmsg$sock(r4, 0x0, 0x0)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@sco={0x1f, @none}, 0x80, 0x0, 0x50, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)={0x20, 0x1a, 0x1, 0x0, 0x0, "", [@typed={0xa, 0x3ffc, 0x0, 0x0, @str=':*^${\x00'}, @nested={0x4, 0x1b}]}, 0x20}], 0x1}, 0x0)
capset(0x0, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2})
openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(0x0, r7)
sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES16=r8, @ANYBLOB="01002dbd70027100c1582100000018"], 0x2c}, 0x1, 0x0, 0x0, 0x2001}, 0x4010000)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000040)=0x3, 0x4)
recvmmsg(r0, &(0x7f0000001900)=[{{0x0, 0x0, 0x0}, 0x8000}], 0x1, 0x100, 0x0)

2.031662314s ago: executing program 0 (id=367):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x4008004)
landlock_create_ruleset(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x3}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000059c0)=[{{&(0x7f0000000300)=@ethernet={0x0, @local}, 0x80, &(0x7f0000001640)=[{&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000000180)=""/5, 0x5}, {&(0x7f0000001380)=""/151, 0x97}, {&(0x7f0000001440)=""/75, 0x4b}, {&(0x7f00000014c0)=""/220, 0xdc}, {&(0x7f0000000240)=""/55, 0x37}, {&(0x7f00000015c0)=""/49, 0x31}, {&(0x7f0000001600)=""/61, 0x3d}], 0x8, &(0x7f00000016c0)=""/139, 0x8b}, 0xfffffff8}, {{&(0x7f0000001780)=@xdp, 0x80, &(0x7f0000001980)=[{&(0x7f0000001800)=""/37, 0x25}, {&(0x7f0000001840)=""/2, 0x2}, {&(0x7f0000001880)=""/50, 0x32}, {&(0x7f00000018c0)=""/135, 0x87}], 0x4, &(0x7f00000019c0)=""/45, 0x2d}, 0x40}, {{&(0x7f0000001a00)=@nfc, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001a80)=""/125, 0x7d}, {&(0x7f0000001b00)=""/97, 0x61}, {&(0x7f0000001b80)=""/208, 0xd0}, {&(0x7f0000001c80)=""/3, 0x3}, {&(0x7f0000001cc0)=""/157, 0x9d}, {&(0x7f0000001d80)=""/224, 0xe0}], 0x6, &(0x7f0000001f00)=""/4096, 0x1000}}, {{&(0x7f0000002f00)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000003480)=[{&(0x7f0000002f80)=""/197, 0xc5}, {&(0x7f0000003080)=""/110, 0x6e}, {&(0x7f0000003100)=""/97, 0x61}, {&(0x7f0000003180)=""/114, 0x72}, {&(0x7f0000003200)=""/123, 0x7b}, {&(0x7f0000003280)=""/209, 0xd1}, {&(0x7f0000003380)=""/206, 0xce}], 0x7, &(0x7f0000003500)=""/4096, 0x1000}, 0x6}, {{&(0x7f0000004500)=@phonet, 0x80, &(0x7f0000005840)=[{&(0x7f0000004580)=""/4096, 0x1000}, {&(0x7f0000005580)=""/97, 0x61}, {&(0x7f0000005600)=""/85, 0x55}, {&(0x7f0000005680)=""/168, 0xa8}, {&(0x7f0000005740)=""/219, 0xdb}], 0x5, &(0x7f00000058c0)=""/255, 0xff}, 0x2}], 0x5, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x44001)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x28}}, 0x80)
unshare(0x26020480)

1.931024194s ago: executing program 2 (id=368):
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
r2 = eventfd2(0x8, 0x0)
ppoll(&(0x7f0000000240), 0x0, 0x0, 0x0, 0x0)
write$eventfd(r2, &(0x7f0000000140)=0xfffffffffffffffc, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x802, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffd30}, 0x94)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
fcntl$setown(0xffffffffffffffff, 0x8, r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
getrlimit(0xf, &(0x7f0000000000))
mkdir(0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r7, r1, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r8, 0xffffffffffffffff, 0x0)

1.660709409s ago: executing program 4 (id=369):
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
r2 = eventfd2(0x8, 0x0)
ppoll(&(0x7f0000000240), 0x0, 0x0, 0x0, 0x0)
write$eventfd(r2, &(0x7f0000000140)=0xfffffffffffffffc, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x802, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffd30}, 0x94)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
fcntl$setown(0xffffffffffffffff, 0x8, r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r7, r1, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r8, 0xffffffffffffffff, 0x0)

966.024069ms ago: executing program 3 (id=370):
socket$packet(0x11, 0x3, 0x300)
r0 = creat(&(0x7f00000006c0)='./file0\x00', 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x1000002, @empty, 0x186}, 0x1c)
listen(r1, 0x1)
mount$9p_tcp(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x400, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e22'])
close_range(r0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "a64b9f", 0xc, 0x11, 0x0, @remote, @local, {[], {0x0, 0x4e22, 0xc, 0x0, @opaque="03000000"}}}}}}, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/sctp\x00')
sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xd4, 0x1, 0x9, 0x401, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x4}}, @NFCTH_TUPLE={0x54, 0x2, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1a}, @NFCTH_TUPLE={0x58, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @private2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x800}, 0x8001)

363.094301ms ago: executing program 0 (id=371):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_dev$video(&(0x7f0000000100), 0x3, 0x2000)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="375e27bd7000fedbdf25140000001c0007800c000300000000000000e4ff0b0004"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x50)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_emit_ethernet(0x4e, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x3c, 0x40, 0x67, 0x0, 0x3, 0x6, 0x0, @rand_addr=0x64010100, @local}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x2, 0x5, 0x0, 0x1, 0x1, 0x0, 0x1, 0x800, 0x1, 0x1, 0x4e21, 0x4e22}, 0x1}, 0x3}, 0x1}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = syz_open_dev$vcsa(0x0, 0x100000001, 0x202001)
r7 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
setsockopt$RXRPC_SECURITY_KEY(r6, 0x110, 0x1, &(0x7f00000000c0)='/dev/kvm\x00', 0x9)
socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0)
sendmsg$key(r8, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="020300090a00000000000000000000000300060000000e0002000000e00000090000000d82b8670002000100000000000000000200000000030005000000000002000000e0000001000000001800000056680e1e20ad4f432a57095e3369475ad2afa891c689b84edd8733235d26fb6e332e6bd1c32c30bd485ed639be3029903b44d133067b9bc46cf0be387e47e1813195b5a3cb732f7dbd5ac37b58079a1fa51c76aea5d9582951144ee6983de2704de072"], 0x50}}, 0x0)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f00000003c0)={0x9e6, 0x3000, 0x4, 0xffffffffffffffff, 0x4})

292.86175ms ago: executing program 2 (id=372):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x19, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000200000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x6}, 0x94)

76.978876ms ago: executing program 2 (id=373):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x2}, 0x50)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="84010000100013070000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000a00000000000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c001400636d61632861657329"], 0x184}}, 0x0)

73.997322ms ago: executing program 3 (id=374):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, 0x0, 0x4c840)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x38, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0x7}, {0x0, 0xfff3}, {0xd, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_EMATCHES={0x4}]}}]}, 0x38}, 0x1, 0xf2ff000000000000, 0x0, 0x20041090}, 0x0)

0s ago: executing program 4 (id=375):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={0x0, 0x18}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x100)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
kexec_load(0x0, 0x0, 0x0, 0x0)
getpid()
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
lsm_get_self_attr(0x64, 0x0, &(0x7f0000001280), 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = openat$vsock(0xffffffffffffff9c, 0x0, 0x40, 0x0)
ioctl$KVM_GET_XSAVE2(r4, 0x9000aecf, &(0x7f00002c8000/0x2000)=nil)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$TUNSETOWNER(r4, 0x400454cc, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x3a84821, 0x0)

kernel console output (not intermixed with test programs):

atadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   61.903898][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.915144][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.922260][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   61.948921][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.975397][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.982463][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.008497][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.019741][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.026883][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   62.052879][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.071832][ T5808] Bluetooth: hci0: command tx timeout
[   62.130093][ T5813] hsr_slave_0: entered promiscuous mode
[   62.136271][ T5813] hsr_slave_1: entered promiscuous mode
[   62.142313][ T5813] debugfs: 'hsr0' already exists in 'hsr'
[   62.148014][ T5813] Cannot create hsr debugfs directory
[   62.151930][ T5808] Bluetooth: hci3: command tx timeout
[   62.153598][ T5129] Bluetooth: hci1: command tx timeout
[   62.158900][ T5808] Bluetooth: hci2: command tx timeout
[   62.164469][ T5819] Bluetooth: hci4: command tx timeout
[   62.207097][ T5811] hsr_slave_0: entered promiscuous mode
[   62.213163][ T5811] hsr_slave_1: entered promiscuous mode
[   62.218962][ T5811] debugfs: 'hsr0' already exists in 'hsr'
[   62.224919][ T5811] Cannot create hsr debugfs directory
[   62.294835][ T5809] hsr_slave_0: entered promiscuous mode
[   62.300793][ T5809] hsr_slave_1: entered promiscuous mode
[   62.306918][ T5809] debugfs: 'hsr0' already exists in 'hsr'
[   62.312759][ T5809] Cannot create hsr debugfs directory
[   62.442316][ T5803] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.452651][ T5803] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.480282][ T5803] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.513774][ T5803] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.610605][ T5804] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   62.638595][ T5804] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   62.648376][ T5804] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   62.663563][ T5804] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.712437][ T5813] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   62.724594][ T5813] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   62.733382][ T5813] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   62.743585][ T5813] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   62.836521][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.847740][ T5811] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   62.857113][ T5811] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   62.866400][ T5811] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   62.877418][ T5811] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   62.927834][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.950750][ T5803] 8021q: adding VLAN 0 to HW filter on device team0
[   62.968254][   T66] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.975499][   T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.993512][ T5809] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   63.005177][ T5809] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   63.021038][ T5804] 8021q: adding VLAN 0 to HW filter on device team0
[   63.028211][ T5809] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   63.038035][ T5809] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   63.048733][ T2962] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.055797][ T2962] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.074158][ T2962] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.081214][ T2962] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.106942][   T66] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.114029][   T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.156777][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.234645][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.246796][ T5813] 8021q: adding VLAN 0 to HW filter on device team0
[   63.253811][   T29] kauditd_printk_skb: 12 callbacks suppressed
[   63.253823][   T29] audit: type=1400 audit(1773145838.247:84): avc:  denied  { sys_module } for  pid=5803 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   63.292348][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.299424][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.330761][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.337897][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.357123][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[   63.379160][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.386290][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.407467][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.419450][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.426546][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.475463][ T5809] 8021q: adding VLAN 0 to HW filter on device team0
[   63.494567][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.524352][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.531488][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.559512][ T5811] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   63.570199][ T5811] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.596299][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.603428][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.634570][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.755041][ T5803] veth0_vlan: entered promiscuous mode
[   63.804933][ T5804] veth0_vlan: entered promiscuous mode
[   63.813796][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.825828][ T5803] veth1_vlan: entered promiscuous mode
[   63.848928][ T5804] veth1_vlan: entered promiscuous mode
[   63.905733][ T5803] veth0_macvtap: entered promiscuous mode
[   63.933979][ T5803] veth1_macvtap: entered promiscuous mode
[   63.942935][ T5804] veth0_macvtap: entered promiscuous mode
[   63.977905][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.986027][ T5804] veth1_macvtap: entered promiscuous mode
[   64.006320][ T5813] veth0_vlan: entered promiscuous mode
[   64.027595][ T5813] veth1_vlan: entered promiscuous mode
[   64.041186][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.056660][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.074689][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.093311][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.109898][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.126711][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.135025][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.144848][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.161178][ T5129] Bluetooth: hci0: command tx timeout
[   64.183211][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.203367][ T5811] veth0_vlan: entered promiscuous mode
[   64.213102][ T3000] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.222976][ T5813] veth0_macvtap: entered promiscuous mode
[   64.231502][ T5129] Bluetooth: hci2: command tx timeout
[   64.232314][ T5819] Bluetooth: hci3: command tx timeout
[   64.236877][ T5129] Bluetooth: hci1: command tx timeout
[   64.242541][ T5819] Bluetooth: hci4: command tx timeout
[   64.262428][ T3000] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.271777][ T3000] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.280470][ T3000] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.293472][ T5813] veth1_macvtap: entered promiscuous mode
[   64.317519][ T5811] veth1_vlan: entered promiscuous mode
[   64.340805][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.382640][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.435988][   T85] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.444856][   T85] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.474258][ T5811] veth0_macvtap: entered promiscuous mode
[   64.486398][   T85] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.496794][   T85] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.515516][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.524145][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.530372][ T5811] veth1_macvtap: entered promiscuous mode
[   64.590891][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.604025][ T3000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.623868][ T3000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.633260][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.633572][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.649647][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.674787][   T29] audit: type=1400 audit(1773145839.667:85): avc:  denied  { mounton } for  pid=5804 comm="syz-executor" path="/root/syzkaller.jI8Nqz/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   64.680009][ T5809] veth0_vlan: entered promiscuous mode
[   64.719631][   T29] audit: type=1400 audit(1773145839.707:86): avc:  denied  { mount } for  pid=5804 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   64.749585][   T29] audit: type=1400 audit(1773145839.707:87): avc:  denied  { mounton } for  pid=5804 comm="syz-executor" path="/root/syzkaller.jI8Nqz/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   64.756218][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.782022][   T29] audit: type=1400 audit(1773145839.707:88): avc:  denied  { mount } for  pid=5804 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   64.793331][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.811456][   T29] audit: type=1400 audit(1773145839.717:89): avc:  denied  { mounton } for  pid=5804 comm="syz-executor" path="/root/syzkaller.jI8Nqz/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   64.844054][ T5804] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   64.846587][ T5809] veth1_vlan: entered promiscuous mode
[   64.869202][   T29] audit: type=1400 audit(1773145839.717:90): avc:  denied  { mounton } for  pid=5804 comm="syz-executor" path="/root/syzkaller.jI8Nqz/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7475 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   64.911347][   T29] audit: type=1400 audit(1773145839.737:91): avc:  denied  { unmount } for  pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   64.936808][ T3000] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.953747][   T29] audit: type=1400 audit(1773145839.747:92): avc:  denied  { mounton } for  pid=5804 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2786 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   64.981170][   T29] audit: type=1400 audit(1773145839.747:93): avc:  denied  { mount } for  pid=5804 comm="syz-executor" name="/" dev="gadgetfs" ino=7476 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   65.019148][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.040185][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.051434][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.059511][ T3000] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.068418][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.078968][ T3000] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.089300][ T3000] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.135545][ T5809] veth0_macvtap: entered promiscuous mode
[   65.144699][ T5809] veth1_macvtap: entered promiscuous mode
[   65.522026][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.616538][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.725430][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.735457][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.762482][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.781933][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[   65.790421][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[   65.857584][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.939119][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.036816][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.092679][ T5932] Zero length message leads to an empty skb
[   66.206640][ T5931] bond1 (unregistering): Released all slaves
[   66.231498][ T5819] Bluetooth: hci0: command tx timeout
[   66.311709][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   66.323795][   T51] Bluetooth: hci3: command tx timeout
[   66.323813][ T5808] Bluetooth: hci4: command tx timeout
[   66.329211][ T5819] Bluetooth: hci1: command tx timeout
[   66.340627][ T5129] Bluetooth: hci2: command tx timeout
[   66.363585][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.372229][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.402059][   T10] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   66.436468][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.455118][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.541155][   T10] usb 2-1: device descriptor read/64, error -71
[   66.575265][ T3000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.583690][ T3000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.612190][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   66.654667][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   66.756486][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   66.756973][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   66.831147][   T10] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   66.856448][ T5947] =======================================================
[   66.856448][ T5947] WARNING: The mand mount option has been deprecated and
[   66.856448][ T5947]          and is ignored by this kernel. Remove the mand
[   66.856448][ T5947]          option from the mount to silence this warning.
[   66.856448][ T5947] =======================================================
[   66.904891][ T5951] netdevsim netdevsim2: Direct firmware load for .
[   66.904891][ T5951]  failed with error -2
[   66.917367][ T5951] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[   66.917367][ T5951] 
[   66.991132][   T10] usb 2-1: device descriptor read/64, error -71
[   67.103309][   T10] usb usb2-port1: attempt power cycle
[   67.151378][ T5814] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   67.331121][ T5814] usb 4-1: Using ep0 maxpacket: 8
[   67.376844][ T5814] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[   67.385177][ T5814] usb 4-1: config 0 has no interface number 0
[   67.391703][ T5814] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   67.403339][ T5814] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   67.413568][ T5814] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[   67.425536][ T5814] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[   67.441380][ T5814] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[   67.456846][ T5814] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[   67.469345][   T10] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[   67.479980][ T5814] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   67.489305][ T5814] usb 4-1: Product: syz
[   67.494374][ T5814] usb 4-1: Manufacturer: syz
[   67.499154][   T10] usb 2-1: device descriptor read/8, error -71
[   67.505713][ T5814] usb 4-1: SerialNumber: syz
[   67.526720][ T5814] usb 4-1: config 0 descriptor??
[   67.741418][   T10] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[   67.750897][ T5814] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[   67.794130][   T10] usb 2-1: device descriptor read/8, error -71
[   67.911236][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   67.931396][   T10] usb usb2-port1: unable to enumerate USB device
[   68.071539][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   68.080442][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   68.151843][    T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!!
[   68.160469][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   68.282340][   T29] kauditd_printk_skb: 49 callbacks suppressed
[   68.282370][   T29] audit: type=1400 audit(1773145843.137:143): avc:  denied  { read write } for  pid=5948 comm="syz.3.8" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   68.351524][ T5819] Bluetooth: hci0: command tx timeout
[   68.398191][ T5971] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   68.446764][ T5129] Bluetooth: hci2: command tx timeout
[   68.446879][   T51] Bluetooth: hci3: command tx timeout
[   68.457717][ T5808] Bluetooth: hci4: command tx timeout
[   68.463576][ T5819] Bluetooth: hci1: command tx timeout
[   68.511699][   T29] audit: type=1400 audit(1773145843.267:144): avc:  denied  { open } for  pid=5948 comm="syz.3.8" path="/dev/dri/renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   68.924885][ T5872] usb 4-1: USB disconnect, device number 2
[   69.038744][   T29] audit: type=1400 audit(1773145844.037:145): avc:  denied  { nlmsg_write } for  pid=5972 comm="syz.2.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   69.170105][ T5978] loop2: detected capacity change from 0 to 7
[   69.230706][ T5978]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[   69.268263][ T5983] loop5: detected capacity change from 0 to 7
[   69.327607][ T5978] loop2: partition table partially beyond EOD, truncated
[   69.353164][ T5983]  loop5:
[   69.373054][ T5983] loop5: partition table partially beyond EOD, truncated
[   69.399717][ T5978] loop2: p1 size 2574515542 extends beyond EOD, truncated
[   69.544302][ T5978] loop2: p2 start 445263249 is beyond EOD, truncated
[   69.708254][ T5794] udevd[5794]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   69.744721][   T29] audit: type=1400 audit(1773145844.747:146): avc:  denied  { write } for  pid=5991 comm="syz.1.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   69.823410][ T5995] mmap: syz.4.18 (5995) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   70.167070][   T29] audit: type=1400 audit(1773145845.167:147): avc:  denied  { read } for  pid=5989 comm="syz.0.19" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   71.238162][   T29] audit: type=1400 audit(1773145845.197:148): avc:  denied  { open } for  pid=5989 comm="syz.0.19" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   71.269785][   T29] audit: type=1400 audit(1773145845.197:149): avc:  denied  { ioctl } for  pid=5989 comm="syz.0.19" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   71.298331][   T29] audit: type=1400 audit(1773145845.327:150): avc:  denied  { read write } for  pid=5991 comm="syz.1.20" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   71.327383][   T29] audit: type=1400 audit(1773145845.327:151): avc:  denied  { open } for  pid=5991 comm="syz.1.20" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   71.756089][   T29] audit: type=1400 audit(1773145846.047:152): avc:  denied  { create } for  pid=6011 comm="syz.2.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   72.120347][ T6034] xt_hashlimit: size too large, truncated to 1048576
[   72.236376][ T6039] loop5: detected capacity change from 0 to 7
[   72.243076][ T6039]  loop5:
[   72.250312][ T6039] loop5: partition table partially beyond EOD, truncated
[   73.365911][   T29] kauditd_printk_skb: 11 callbacks suppressed
[   73.365925][   T29] audit: type=1400 audit(1773145848.337:164): avc:  denied  { read write } for  pid=6053 comm="syz.2.34" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   73.416289][ T6063] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[   73.491106][   T29] audit: type=1400 audit(1773145848.337:165): avc:  denied  { open } for  pid=6053 comm="syz.2.34" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   73.730758][   T29] audit: type=1400 audit(1773145848.367:166): avc:  denied  { create } for  pid=6062 comm="syz.3.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   73.841374][   T29] audit: type=1400 audit(1773145848.367:167): avc:  denied  { read } for  pid=6062 comm="syz.3.35" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   73.933175][   T29] audit: type=1400 audit(1773145848.367:168): avc:  denied  { open } for  pid=6062 comm="syz.3.35" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   74.062419][   T29] audit: type=1400 audit(1773145848.577:169): avc:  denied  { create } for  pid=6068 comm="syz.4.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   74.151414][ T5858] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[   74.159205][   T29] audit: type=1400 audit(1773145848.697:170): avc:  denied  { create } for  pid=6068 comm="syz.4.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   74.282401][   T29] audit: type=1400 audit(1773145848.697:171): avc:  denied  { create } for  pid=6068 comm="syz.4.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   74.404391][ T5858] usb 2-1: unable to get BOS descriptor or descriptor too short
[   74.414204][   T29] audit: type=1400 audit(1773145848.807:172): avc:  denied  { read write } for  pid=6068 comm="syz.4.38" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   74.449213][ T5858] usb 2-1: not running at top speed; connect to a high speed hub
[   74.472666][ T5858] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[   74.485630][   T29] audit: type=1400 audit(1773145848.807:173): avc:  denied  { open } for  pid=6068 comm="syz.4.38" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   74.514839][ T5858] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[   74.532225][ T5858] usb 2-1: Manufacturer: syz
[   74.541169][ T5858] usb 2-1: SerialNumber: syz
[   75.002917][ T5858] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[   75.023514][ T5858] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[   75.061366][ T5858] usb 2-1: USB disconnect, device number 6
[   76.041677][  T924] cfg80211: failed to load regulatory.db
[   77.231212][ T6130] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6130 comm=syz.4.53
[   79.052293][   T29] kauditd_printk_skb: 32 callbacks suppressed
[   79.052308][   T29] audit: type=1400 audit(1773145854.057:206): avc:  denied  { load_policy } for  pid=6138 comm="syz.4.57" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   79.053511][ T6139] SELinux: failed to load policy
[   79.102920][   T29] audit: type=1400 audit(1773145854.107:207): avc:  denied  { setopt } for  pid=6138 comm="syz.4.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   79.173266][   T29] audit: type=1400 audit(1773145854.137:208): avc:  denied  { accept } for  pid=6138 comm="syz.4.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   79.198500][ T6151] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   79.293914][   T29] audit: type=1400 audit(1773145854.137:209): avc:  denied  { write } for  pid=6138 comm="syz.4.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   79.541518][   T29] audit: type=1400 audit(1773145854.137:210): avc:  denied  { read } for  pid=6138 comm="syz.4.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   79.637292][   T29] audit: type=1400 audit(1773145854.587:211): avc:  denied  { create } for  pid=6150 comm="syz.1.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   79.859771][   T29] audit: type=1400 audit(1773145854.857:212): avc:  denied  { getopt } for  pid=6157 comm="syz.0.62" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   79.887408][   T29] audit: type=1400 audit(1773145854.887:213): avc:  denied  { create } for  pid=6157 comm="syz.0.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   79.920400][ T6165] netlink: 'syz.3.61': attribute type 3 has an invalid length.
[   80.338640][ T6173] netlink: 8 bytes leftover after parsing attributes in process `syz.3.65'.
[   80.758251][  T924] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   80.784292][   T29] audit: type=1400 audit(1773145855.777:214): avc:  denied  { write } for  pid=6182 comm="syz.0.68" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   81.070106][   T29] audit: type=1400 audit(1773145856.047:215): avc:  denied  { watch watch_reads } for  pid=6183 comm="syz.1.67" path="/12" dev="tmpfs" ino=77 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   81.098029][ T6189] loop5: detected capacity change from 0 to 7
[   81.144591][ T5996]  loop5:
[   81.147658][ T5996] loop5: partition table partially beyond EOD, truncated
[   81.157181][ T6189]  loop5:
[   81.160239][ T6189] loop5: partition table partially beyond EOD, truncated
[   81.181549][  T924] usb 4-1: Using ep0 maxpacket: 16
[   81.204916][  T924] usb 4-1: config index 0 descriptor too short (expected 16456, got 72)
[   81.221212][  T924] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[   81.239588][  T924] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   81.280238][  T924] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[   81.317111][  T924] usb 4-1: config 0 has no interface number 0
[   81.348557][  T924] usb 4-1: config 0 interface 125 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[   81.392134][ T6194] usb usb7: usbfs: process 6194 (syz.2.71) did not claim interface 0 before use
[   81.841852][ T5814] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   81.874170][  T924] usb 4-1: config 0 interface 125 has no altsetting 0
[   81.901784][  T924] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[   81.910820][  T924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.926905][  T924] usb 4-1: Product: syz
[   81.931444][  T924] usb 4-1: Manufacturer: syz
[   81.936060][  T924] usb 4-1: SerialNumber: syz
[   81.943106][  T924] usb 4-1: config 0 descriptor??
[   82.012983][ T5814] usb 2-1: config 1 has an invalid interface number: 7 but max is 0
[   82.022327][ T5814] usb 2-1: config 1 has no interface number 0
[   82.028416][ T5814] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[   82.039962][ T5814] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[   82.049814][ T5814] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   82.062624][ T5814] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[   82.071944][ T5814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.087075][ T5814] usb 2-1: Product: syz
[   82.091406][ T5814] usb 2-1: Manufacturer: syz
[   82.101477][ T5814] usb 2-1: SerialNumber: syz
[   82.257559][ T6184] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   82.329439][   T10] usb 4-1: USB disconnect, device number 4
[   82.504400][ T6184] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   83.153506][ T5819] Bluetooth: hci5: Opcode 0x1003 failed: -110
[   83.244539][ T6209] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nbd2": -EINTR
[   83.408943][ T5814] usb 2-1: Incompatible driver and firmware versions
[   83.545859][ T5814] usb 2-1: USB disconnect, device number 7
[   83.827910][ T6226] syz.3.77 uses obsolete (PF_INET,SOCK_PACKET)
[   84.093696][ T6229] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   84.496029][   T29] kauditd_printk_skb: 11 callbacks suppressed
[   84.496042][   T29] audit: type=1400 audit(1773145859.497:227): avc:  denied  { write } for  pid=6221 comm="syz.3.77" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   84.742759][   T29] audit: type=1400 audit(1773145859.647:228): avc:  denied  { create } for  pid=6231 comm="syz.1.79" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   85.261164][ T5858] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[   85.657332][ T5858] usb 5-1: Invalid ep0 maxpacket: 64
[   86.081756][ T6256] FAULT_INJECTION: forcing a failure.
[   86.081756][ T6256] name failslab, interval 1, probability 0, space 0, times 1
[   86.094571][ T6256] CPU: 0 UID: 0 PID: 6256 Comm: syz.0.83 Not tainted syzkaller #0 PREEMPT(full) 
[   86.094592][ T6256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   86.094614][ T6256] Call Trace:
[   86.094620][ T6256]  <TASK>
[   86.094626][ T6256]  dump_stack_lvl+0x100/0x190
[   86.094658][ T6256]  should_fail_ex.cold+0x5/0xa
[   86.094681][ T6256]  should_failslab+0xc2/0x120
[   86.094698][ T6256]  kmem_cache_alloc_noprof+0x7b/0x6e0
[   86.094722][ T6256]  ? skb_clone+0x190/0x400
[   86.094746][ T6256]  skb_clone+0x190/0x400
[   86.094765][ T6256]  pfkey_process+0xc0/0x810
[   86.094781][ T6256]  ? trace_contention_end+0x140/0x180
[   86.094805][ T6256]  ? __mutex_lock+0x26a/0x1b90
[   86.094825][ T6256]  ? __pfx_pfkey_process+0x10/0x10
[   86.094842][ T6256]  ? pfkey_sendmsg+0x41a/0x840
[   86.094873][ T6256]  ? __pfx___alloc_skb+0x10/0x10
[   86.094897][ T6256]  pfkey_sendmsg+0x428/0x840
[   86.094919][ T6256]  ____sys_sendmsg+0x9e1/0xb70
[   86.094942][ T6256]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   86.094961][ T6256]  ? __pfx_____sys_sendmsg+0x10/0x10
[   86.094996][ T6256]  ___sys_sendmsg+0x190/0x1e0
[   86.095022][ T6256]  ? __pfx____sys_sendmsg+0x10/0x10
[   86.095075][ T6256]  __sys_sendmsg+0x170/0x220
[   86.095094][ T6256]  ? __pfx___sys_sendmsg+0x10/0x10
[   86.095128][ T6256]  do_syscall_64+0x106/0xf80
[   86.095146][ T6256]  ? clear_bhb_loop+0x40/0x90
[   86.095168][ T6256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.095185][ T6256] RIP: 0033:0x7f8e01d9c799
[   86.095199][ T6256] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.095214][ T6256] RSP: 002b:00007f8e02c64028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.095231][ T6256] RAX: ffffffffffffffda RBX: 00007f8e02016180 RCX: 00007f8e01d9c799
[   86.095241][ T6256] RDX: 0000000000000000 RSI: 00002000000014c0 RDI: 0000000000000005
[   86.095251][ T6256] RBP: 00007f8e02c64090 R08: 0000000000000000 R09: 0000000000000000
[   86.095261][ T6256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   86.095271][ T6256] R13: 00007f8e02016218 R14: 00007f8e02016180 R15: 00007fff2811ef68
[   86.095295][ T6256]  </TASK>
[   87.023898][ T5858] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[   87.291262][ T5858] usb 5-1: Invalid ep0 maxpacket: 64
[   87.374219][ T5858] usb usb5-port1: attempt power cycle
[   87.484155][ T6262] random: crng reseeded on system resumption
[   87.502009][   T29] audit: type=1400 audit(1773145862.437:229): avc:  denied  { ioctl } for  pid=6259 comm="syz.3.86" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   87.533470][   T29] audit: type=1400 audit(1773145862.487:230): avc:  denied  { write } for  pid=6259 comm="syz.3.86" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   87.533504][   T29] audit: type=1400 audit(1773145862.487:231): avc:  denied  { open } for  pid=6259 comm="syz.3.86" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   87.565176][ T6262] FAT-fs (nbd3): unable to read boot sector
[   87.635567][   T29] audit: type=1400 audit(1773145862.637:232): avc:  denied  { mounton } for  pid=6259 comm="syz.3.86" path="/16/file0" dev="tmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   87.681432][   T29] audit: type=1400 audit(1773145862.677:233): avc:  denied  { ioctl } for  pid=6266 comm="syz.1.88" path="socket:[9597]" dev="sockfs" ino=9597 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   87.756955][   T29] audit: type=1400 audit(1773145862.757:234): avc:  denied  { write } for  pid=6270 comm="syz.4.89" name="ip6_tables_names" dev="proc" ino=4026533250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   87.769419][   T29] audit: type=1400 audit(1773145862.767:235): avc:  denied  { mount } for  pid=6270 comm="syz.4.89" name="/" dev="ramfs" ino=9672 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   87.859067][   T29] audit: type=1400 audit(1773145862.857:236): avc:  denied  { read } for  pid=6266 comm="syz.1.88" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   87.860328][ T6269] binder: 6266:6269 ioctl c0306201 0 returned -14
[   87.868550][ T6268] usb usb7: usbfs: process 6268 (syz.0.87) did not claim interface 0 before use
[   88.185639][ T6277] netlink: 40 bytes leftover after parsing attributes in process `syz.0.87'.
[   88.731403][ T6281] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.721279][   T29] kauditd_printk_skb: 8 callbacks suppressed
[   89.721291][   T29] audit: type=1400 audit(1773145864.727:245): avc:  denied  { bind } for  pid=6289 comm="syz.4.93" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   89.757451][   T29] audit: type=1400 audit(1773145864.747:246): avc:  denied  { bind } for  pid=6289 comm="syz.4.93" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   89.834978][ T6298] openvswitch: netlink: Duplicate or invalid key (type 1).
[   89.852250][ T6298] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   89.912790][   T29] audit: type=1400 audit(1773145864.907:247): avc:  denied  { name_bind } for  pid=6299 comm="syz.0.95" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[   90.063141][ T6300] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[   90.075000][   T29] audit: type=1400 audit(1773145864.917:248): avc:  denied  { connect } for  pid=6299 comm="syz.0.95" laddr=127.0.0.1 lport=20001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   90.102950][   T29] audit: type=1400 audit(1773145864.917:249): avc:  denied  { name_connect } for  pid=6299 comm="syz.0.95" dest=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[   90.129803][ T5884] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[   90.148176][ T6307] FAULT_INJECTION: forcing a failure.
[   90.148176][ T6307] name failslab, interval 1, probability 0, space 0, times 0
[   90.160896][ T6307] CPU: 0 UID: 0 PID: 6307 Comm: syz.4.97 Not tainted syzkaller #0 PREEMPT(full) 
[   90.160917][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   90.160926][ T6307] Call Trace:
[   90.160932][ T6307]  <TASK>
[   90.160939][ T6307]  dump_stack_lvl+0x100/0x190
[   90.160969][ T6307]  should_fail_ex.cold+0x5/0xa
[   90.160991][ T6307]  should_failslab+0xc2/0x120
[   90.161009][ T6307]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[   90.161034][ T6307]  ? __alloc_skb+0x140/0x710
[   90.161058][ T6307]  __alloc_skb+0x140/0x710
[   90.161073][ T6307]  ? __alloc_skb+0x5b7/0x710
[   90.161089][ T6307]  ? __pfx___alloc_skb+0x10/0x10
[   90.161113][ T6307]  pfkey_sendmsg+0x46c/0x840
[   90.161135][ T6307]  ____sys_sendmsg+0x9e1/0xb70
[   90.161156][ T6307]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   90.161175][ T6307]  ? __pfx_____sys_sendmsg+0x10/0x10
[   90.161203][ T6307]  ? ___sys_sendmsg+0xe6/0x1e0
[   90.161230][ T6307]  ___sys_sendmsg+0x190/0x1e0
[   90.161255][ T6307]  ? __pfx____sys_sendmsg+0x10/0x10
[   90.161306][ T6307]  __sys_sendmsg+0x170/0x220
[   90.161325][ T6307]  ? __pfx___sys_sendmsg+0x10/0x10
[   90.161350][ T6307]  ? rcu_is_watching+0x12/0xc0
[   90.161377][ T6307]  do_syscall_64+0x106/0xf80
[   90.161395][ T6307]  ? clear_bhb_loop+0x40/0x90
[   90.161416][ T6307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.161433][ T6307] RIP: 0033:0x7fb35599c799
[   90.161448][ T6307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   90.161464][ T6307] RSP: 002b:00007fb3568f2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   90.161481][ T6307] RAX: ffffffffffffffda RBX: 00007fb355c16180 RCX: 00007fb35599c799
[   90.161492][ T6307] RDX: 0000000000000000 RSI: 00002000000014c0 RDI: 0000000000000005
[   90.161502][ T6307] RBP: 00007fb3568f2090 R08: 0000000000000000 R09: 0000000000000000
[   90.161512][ T6307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.161522][ T6307] R13: 00007fb355c16218 R14: 00007fb355c16180 R15: 00007ffc7d953ff8
[   90.161545][ T6307]  </TASK>
[   90.381826][   T29] audit: type=1400 audit(1773145865.367:250): avc:  denied  { getopt } for  pid=6297 comm="syz.2.96" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   90.522852][ T5884] usb 2-1: config 246 has an invalid interface number: 166 but max is 0
[   90.530859][ T6310] loop5: detected capacity change from 0 to 7
[   90.531240][ T5884] usb 2-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config
[   90.538122][ T6310]  loop5:
[   90.547555][ T5884] usb 2-1: config 246 has no interface number 0
[   90.547593][ T5884] usb 2-1: config 246 interface 166 altsetting 118 endpoint 0xB has invalid wMaxPacketSize 0
[   90.547615][ T5884] usb 2-1: config 246 interface 166 altsetting 118 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   90.547640][ T5884] usb 2-1: config 246 interface 166 has no altsetting 0
[   90.554886][ T6310] loop5: partition table partially beyond EOD, 
[   90.591558][ T5884] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63
[   90.606901][ T6310] truncated
[   90.611643][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.620869][ T5884] usb 2-1: Product: syz
[   90.697067][ T5884] usb 2-1: Manufacturer: syz
[   90.702040][ T5884] usb 2-1: SerialNumber: syz
[   90.921156][   T47] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[   91.244858][   T47] usb 4-1: unable to get BOS descriptor or descriptor too short
[   91.256076][   T47] usb 4-1: not running at top speed; connect to a high speed hub
[   91.291983][   T47] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 120, changing to 4
[   91.308063][   T47] usb 4-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice= 0.40
[   91.320733][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.414061][   T47] usb 4-1: Product: syz
[   91.422831][   T47] usb 4-1: Manufacturer: syz
[   91.432185][   T47] usb 4-1: SerialNumber: syz
[   91.452584][ T6296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.466391][ T6296] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.552533][ T5884] usb 2-1: Cannot retrieve CPort count: -71
[   91.578765][ T5884] usb 2-1: Cannot retrieve CPort count: -71
[   91.597647][ T5884] es2_ap_driver 2-1:246.166: probe with driver es2_ap_driver failed with error -71
[   91.628442][ T5884] usb 2-1: USB disconnect, device number 8
[   91.665501][ T6341] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.694606][ T6312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.701365][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   91.703546][ T6312] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.712339][   T29] audit: type=1400 audit(1773145866.717:251): avc:  denied  { create } for  pid=6340 comm="syz.1.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   91.766006][   T47] usb 4-1: 1:1 : unknown format tag 0x5 is detected.  processed as MPEG.
[   91.869606][   T47] usb 4-1: found format II with max.bitrate = 512, frame size=4095
[   91.951158][   T10] usb 5-1: Using ep0 maxpacket: 32
[   91.960582][   T10] usb 5-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[   91.970179][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.998554][   T10] usb 5-1: selecting invalid altsetting 3
[   92.008368][   T10] comedi comedi5: could not set alternate setting 3 in high speed
[   92.020232][   T10] usbduxsigma 5-1:128.0: driver 'usbduxsigma' failed to auto-configure device.
[   92.110927][   T47] usb 4-1: 1:1 : unknown format tag 0x5 is detected.  processed as MPEG.
[   92.119405][   T47] usb 4-1: found format II with max.bitrate = 512, frame size=4095
[   92.132102][   T47] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   92.210427][ T6337] netlink: 260 bytes leftover after parsing attributes in process `syz.4.105'.
[   92.262133][   T10] usbduxsigma 5-1:128.0: probe with driver usbduxsigma failed with error -22
[   92.272555][ T6337] misc userio: The device must be registered before sending interrupts
[   92.284953][ T6337] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[   92.292656][   T29] audit: type=1400 audit(1773145867.287:252): avc:  denied  { map } for  pid=6333 comm="syz.4.105" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   92.326549][   T29] audit: type=1400 audit(1773145867.287:253): avc:  denied  { execute } for  pid=6333 comm="syz.4.105" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   92.327203][   T10] usb 5-1: USB disconnect, device number 5
[   92.382937][   T29] audit: type=1400 audit(1773145867.317:254): avc:  denied  { getopt } for  pid=6333 comm="syz.4.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   92.756094][ T5879] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[   93.285240][   T47] usb 4-1: USB disconnect, device number 5
[   93.303686][ T5879] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[   93.325800][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   93.341114][   T10] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[   93.388090][ T5879] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   93.401415][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   93.417928][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   93.569527][ T5879] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[   93.572809][   T10] usb 3-1: unable to get BOS descriptor or descriptor too short
[   93.614579][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   94.000810][   T10] usb 3-1: config 64 has an invalid interface number: 227 but max is 0
[   94.010402][   T10] usb 3-1: config 64 has no interface number 0
[   94.016663][   T10] usb 3-1: config 64 interface 227 altsetting 9 endpoint 0x4 is Bulk; changing to Interrupt
[   94.026792][   T10] usb 3-1: config 64 interface 227 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[   94.036752][   T10] usb 3-1: config 64 interface 227 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[   94.050247][ T5879] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   94.050274][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   94.050299][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   94.051695][ T5879] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[   94.099195][ T6361] openvswitch: netlink: Duplicate or invalid key (type 1).
[   94.108886][ T6361] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   94.141583][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   94.153762][ T5879] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   94.165556][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   94.178041][ T5879] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   94.189264][   T10] usb 3-1: config 64 interface 227 has no altsetting 0
[   94.192903][ T5879] usb 1-1: string descriptor 0 read error: -22
[   94.218601][   T10] usb 3-1: string descriptor 0 read error: -22
[   94.237416][   T10] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=cc.bf
[   94.259826][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.288397][   T10] imon_raw 3-1:64.227: IR endpoint missing
[   94.341221][ T5879] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   94.350365][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.397369][ T5879] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[   94.730603][ T5884] usb 1-1: USB disconnect, device number 2
[   94.861607][ T6375] random: crng reseeded on system resumption
[   95.072500][   T29] kauditd_printk_skb: 2 callbacks suppressed
[   95.072510][   T29] audit: type=1400 audit(1773145869.807:257): avc:  denied  { ioctl } for  pid=6372 comm="syz.4.116" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   95.131228][ T6355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.173160][ T6355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.207353][   T29] audit: type=1326 audit(1773145870.207:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   95.237560][   T29] audit: type=1326 audit(1773145870.207:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   95.242939][ T5879] usb 3-1: USB disconnect, device number 2
[   95.263130][   T29] audit: type=1326 audit(1773145870.207:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   95.299379][   T29] audit: type=1326 audit(1773145870.237:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   95.327686][   T29] audit: type=1326 audit(1773145870.237:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   95.455251][   T29] audit: type=1326 audit(1773145870.237:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   95.745142][ T6386] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   96.121926][ T6389] evm: overlay not supported
[   96.129033][   T29] audit: type=1326 audit(1773145870.237:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   96.166005][ T6392] netlink: 'syz.3.122': attribute type 1 has an invalid length.
[   96.196155][   T29] audit: type=1326 audit(1773145870.237:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   96.222474][ T6398] capability: warning: `syz.4.124' uses deprecated v2 capabilities in a way that may be insecure
[   96.259821][   T29] audit: type=1326 audit(1773145870.237:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6376 comm="syz.0.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e01d9c799 code=0x7ffc0000
[   96.494748][ T6410] netlink: 216 bytes leftover after parsing attributes in process `syz.4.124'.
[   96.578113][ T6411] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   96.617218][ T6411] xt_TPROXY: Can be used only with -p tcp or -p udp
[   96.952165][ T6410] netlink: 'syz.4.124': attribute type 2 has an invalid length.
[   97.023241][ T5808] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[   97.033259][ T5808] CPU: 1 UID: 0 PID: 5808 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[   97.033286][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   97.033299][ T5808] Workqueue: hci4 hci_rx_work
[   97.033335][ T5808] Call Trace:
[   97.033342][ T5808]  <TASK>
[   97.033350][ T5808]  dump_stack_lvl+0x100/0x190
[   97.033384][ T5808]  sysfs_warn_dup.cold+0x1c/0x28
[   97.033412][ T5808]  sysfs_create_dir_ns+0x24b/0x2b0
[   97.033443][ T5808]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   97.033472][ T5808]  ? find_held_lock+0x2b/0x80
[   97.033495][ T5808]  ? kobject_add_internal+0x25f/0x930
[   97.033521][ T5808]  ? kobject_add_internal+0x25f/0x930
[   97.033546][ T5808]  ? do_raw_spin_unlock+0x145/0x1e0
[   97.033568][ T5808]  kobject_add_internal+0x2c8/0x930
[   97.033598][ T5808]  kobject_add+0x16a/0x1e0
[   97.033622][ T5808]  ? __pfx_kobject_add+0x10/0x10
[   97.033644][ T5808]  ? class_to_subsys+0x10f/0x150
[   97.033677][ T5808]  ? kobject_put+0xb9/0x640
[   97.033697][ T5808]  ? _raw_spin_unlock+0x28/0x50
[   97.033732][ T5808]  device_add+0x294/0x1950
[   97.033760][ T5808]  ? __pfx_dev_set_name+0x10/0x10
[   97.033779][ T5808]  ? __pfx_device_add+0x10/0x10
[   97.033807][ T5808]  ? mgmt_send_event_skb+0x2fb/0x460
[   97.033844][ T5808]  hci_conn_add_sysfs+0x1a3/0x260
[   97.033866][ T5808]  le_conn_complete_evt+0x11cb/0x1f40
[   97.033903][ T5808]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   97.033940][ T5808]  hci_le_conn_complete_evt+0x23c/0x3a0
[   97.033977][ T5808]  ? skb_pull_data+0x15f/0x1e0
[   97.034010][ T5808]  hci_le_meta_evt+0x34a/0x5f0
[   97.034030][ T5808]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[   97.034065][ T5808]  hci_event_packet+0x682/0x11c0
[   97.034094][ T5808]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   97.034115][ T5808]  ? __pfx_hci_event_packet+0x10/0x10
[   97.034147][ T5808]  ? kcov_remote_start+0x374/0x660
[   97.034174][ T5808]  ? lockdep_hardirqs_on+0x78/0x100
[   97.034201][ T5808]  hci_rx_work+0x451/0xfc0
[   97.034235][ T5808]  process_one_work+0x9d7/0x1920
[   97.034266][ T5808]  ? __pfx_process_one_work+0x10/0x10
[   97.034294][ T5808]  ? __pfx_hci_rx_work+0x10/0x10
[   97.034326][ T5808]  worker_thread+0x5da/0xe40
[   97.034355][ T5808]  ? kthread+0x13a/0x450
[   97.034372][ T5808]  ? __pfx_worker_thread+0x10/0x10
[   97.034391][ T5808]  kthread+0x370/0x450
[   97.034408][ T5808]  ? __pfx_kthread+0x10/0x10
[   97.034427][ T5808]  ret_from_fork+0x754/0xd80
[   97.034448][ T5808]  ? __pfx_ret_from_fork+0x10/0x10
[   97.034469][ T5808]  ? __switch_to+0x7b4/0x1120
[   97.034492][ T5808]  ? __pfx_kthread+0x10/0x10
[   97.034511][ T5808]  ret_from_fork_asm+0x1a/0x30
[   97.034553][ T5808]  </TASK>
[   97.034746][ T5808] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   97.358433][ T5808] Bluetooth: hci4: failed to register connection device
[   97.543653][ T6404] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.550998][ T6404] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.588377][ T6404] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.598760][ T6404] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.688633][  T144] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.807894][  T144] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.952921][  T144] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.074044][  T144] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   98.294116][ T6424] netlink: 4 bytes leftover after parsing attributes in process `syz.2.129'.
[   99.072796][ T6424] team0: Port device team_slave_0 removed
[   99.493554][ T6432] netlink: 24 bytes leftover after parsing attributes in process `syz.3.131'.
[   99.569379][ T6438] netlink: 24 bytes leftover after parsing attributes in process `syz.3.131'.
[   99.684318][ T6438] capability: warning: `syz.3.131' uses 32-bit capabilities (legacy support in use)
[  100.048923][ T6458] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=6458 comm=syz.1.141
[  100.253452][ T5884] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  100.372830][ T6465] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  100.861423][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.881085][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.901130][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  100.914359][ T5884] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  101.010352][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.144866][ T5884] usb 3-1: config 0 descriptor??
[  101.354139][   T29] kauditd_printk_skb: 53 callbacks suppressed
[  101.354148][   T29] audit: type=1400 audit(1773145876.357:320): avc:  denied  { create } for  pid=6475 comm="syz.1.144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  101.863648][ T5884] usbhid 3-1:0.0: can't add hid device: -71
[  101.891138][ T5884] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  101.933446][ T5884] usb 3-1: USB disconnect, device number 3
[  103.074487][ T6498] netlink: 'syz.4.149': attribute type 1 has an invalid length.
[  103.261433][   T29] audit: type=1400 audit(1773145878.237:321): avc:  denied  { create } for  pid=6500 comm="syz.2.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  103.306920][   T29] audit: type=1400 audit(1773145878.237:322): avc:  denied  { connect } for  pid=6500 comm="syz.2.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  103.661119][ T5879] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  103.757746][ T6523] warning: `syz.1.153' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  103.769368][   T29] audit: type=1400 audit(1773145878.757:323): avc:  denied  { ioctl } for  pid=6508 comm="syz.1.153" path="socket:[10138]" dev="sockfs" ino=10138 ioctlcmd=0x8b0b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  103.811473][ T5879] usb 5-1: Using ep0 maxpacket: 16
[  103.831178][ T5879] usb 5-1: config 0 has an invalid interface number: 4 but max is 0
[  103.845421][ T6525] usb usb7: usbfs: process 6525 (syz.0.156) did not claim interface 0 before use
[  103.854794][ T5879] usb 5-1: config 0 has no interface number 0
[  103.864876][ T5879] usb 5-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  103.898999][ T5879] usb 5-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.912735][ T5879] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  103.976704][ T6523] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  104.089966][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.135669][ T5879] usb 5-1: config 0 descriptor??
[  104.164220][ T6526] netlink: 168 bytes leftover after parsing attributes in process `syz.0.156'.
[  104.225077][ T6531] loop2: detected capacity change from 0 to 7
[  104.234066][ T6531]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  104.264596][ T6531] loop2: partition table partially beyond EOD, truncated
[  104.278772][ T6531] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  104.316599][ T6531] loop2: p2 start 445263249 is beyond EOD, truncated
[  104.374236][ T5996] udevd[5996]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  105.130569][ T6535] netlink: 8 bytes leftover after parsing attributes in process `syz.3.158'.
[  105.149760][ T6535] netlink: 8 bytes leftover after parsing attributes in process `syz.3.158'.
[  105.523715][ T5879] hid (null): report_id 0 is invalid
[  105.529117][ T5808] Bluetooth: hci4: command 0x0406 tx timeout
[  105.536318][   T29] audit: type=1400 audit(1773145880.167:324): avc:  denied  { write } for  pid=6533 comm="syz.3.158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  105.917131][   T10] usb 5-1: USB disconnect, device number 6
[  106.714674][ T6546] netlink: 12 bytes leftover after parsing attributes in process `syz.0.160'.
[  107.462548][   T29] audit: type=1400 audit(1773145882.467:325): avc:  denied  { name_bind } for  pid=6564 comm="syz.4.165" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  107.485861][ T6565] netlink: 'syz.4.165': attribute type 3 has an invalid length.
[  107.691118][ T5879] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  107.709226][   T29] audit: type=1400 audit(1773145882.707:326): avc:  denied  { write } for  pid=6570 comm="syz.4.168" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  107.759906][   T29] audit: type=1400 audit(1773145882.737:327): avc:  denied  { connect } for  pid=6572 comm="syz.3.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  107.789044][ T6575] usb usb7: usbfs: process 6575 (syz.2.170) did not claim interface 0 before use
[  107.914336][ T5808] Bluetooth: hci5: sending frame failed (-49)
[  107.922973][ T5819] Bluetooth: hci5: Opcode 0x1003 failed: -49
[  107.952804][ T5879] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.986450][ T5879] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  107.998870][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.009000][ T5879] usb 1-1: config 0 descriptor??
[  108.010594][   T29] audit: type=1400 audit(1773145882.987:328): avc:  denied  { connect } for  pid=6579 comm="syz.3.171" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  108.016997][ T5879] pwc: Askey VC010 type 2 USB webcam detected.
[  108.613054][   T29] audit: type=1400 audit(1773145883.607:329): avc:  denied  { execute } for  pid=6586 comm="syz.4.172" path="/38/cpuacct.usage_sys" dev="tmpfs" ino=214 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  108.685536][ T5879] pwc: recv_control_msg error -32 req 02 val 2700
[  108.692667][ T5879] pwc: recv_control_msg error -32 req 02 val 2c00
[  109.105997][   T29] audit: type=1400 audit(1773145884.107:330): avc:  denied  { write } for  pid=6601 comm="syz.2.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  109.391363][  T924] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  109.592266][  T924] usb 3-1: Using ep0 maxpacket: 32
[  110.574584][  T924] usb 3-1: unable to read config index 0 descriptor/start: -61
[  110.729751][  T924] usb 3-1: can't read configurations, error -61
[  110.821318][ T5879] pwc: recv_control_msg error -71 req 04 val 1000
[  110.833350][ T5879] pwc: recv_control_msg error -71 req 04 val 1300
[  110.848669][ T5879] pwc: recv_control_msg error -71 req 04 val 1400
[  110.881909][  T924] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  110.957110][ T5879] pwc: recv_control_msg error -71 req 02 val 2000
[  110.966965][ T5879] pwc: recv_control_msg error -71 req 02 val 2100
[  110.974013][ T5879] pwc: recv_control_msg error -71 req 04 val 1500
[  110.980866][ T5879] pwc: recv_control_msg error -71 req 02 val 2500
[  110.990986][ T5879] pwc: recv_control_msg error -71 req 02 val 2400
[  111.001167][ T5879] pwc: recv_control_msg error -71 req 02 val 2600
[  111.012804][ T5879] pwc: recv_control_msg error -71 req 02 val 2900
[  111.046678][ T5879] pwc: recv_control_msg error -71 req 02 val 2800
[  111.064269][ T5879] pwc: recv_control_msg error -71 req 04 val 1100
[  111.091010][ T5879] pwc: recv_control_msg error -71 req 04 val 1200
[  111.124861][ T5879] pwc: Registered as video103.
[  111.130912][ T5879] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5
[  111.172502][  T924] usb 3-1: Using ep0 maxpacket: 32
[  111.175796][ T5879] usb 1-1: USB disconnect, device number 3
[  111.211483][  T924] usb 3-1: unable to read config index 0 descriptor/start: -61
[  111.219063][  T924] usb 3-1: can't read configurations, error -61
[  111.242087][  T924] usb usb3-port1: attempt power cycle
[  111.251138][   T10] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  111.661158][  T924] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  111.695181][   T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  111.707058][ T6625] usb usb7: usbfs: process 6625 (syz.4.184) did not claim interface 0 before use
[  111.720821][   T10] usb 2-1: config 0 has no interface number 0
[  111.735393][  T924] usb 3-1: Using ep0 maxpacket: 32
[  111.742105][   T10] usb 2-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54
[  111.766705][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.776766][  T924] usb 3-1: unable to read config index 0 descriptor/start: -61
[  111.791138][  T924] usb 3-1: can't read configurations, error -61
[  111.797403][   T10] usb 2-1: Product: syz
[  111.811093][   T10] usb 2-1: Manufacturer: syz
[  111.821387][ T5879] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  111.831286][   T10] usb 2-1: SerialNumber: syz
[  111.840967][   T10] usb 2-1: config 0 descriptor??
[  111.855216][   T10] usb 2-1: selecting invalid altsetting 1
[  111.879845][   T10] dvb_ttusb_budget: ttusb_init_controller: error
[  111.891363][   T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  111.952266][  T924] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  112.011469][  T924] usb 3-1: Using ep0 maxpacket: 32
[  112.021647][   T10] DVB: Unable to find symbol stv0299_attach()
[  112.033752][  T924] usb 3-1: unable to read config index 0 descriptor/start: -61
[  112.053880][  T924] usb 3-1: can't read configurations, error -61
[  112.063945][ T5879] usb 1-1: config 0 has an invalid interface number: 120 but max is 0
[  112.073357][   T29] audit: type=1400 audit(1773145887.067:331): avc:  denied  { append } for  pid=6616 comm="syz.1.180" name="i2c-1" dev="devtmpfs" ino=2841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  112.084108][  T924] usb usb3-port1: unable to enumerate USB device
[  112.101092][ T5879] usb 1-1: config 0 has no interface number 0
[  112.181186][ T5879] usb 1-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  112.193711][ T5879] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  112.201270][   T10] DVB: Unable to find symbol tda8083_attach()
[  112.205139][ T5879] usb 1-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  112.210785][   T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1003]
[  112.319916][   T10] usb 2-1: USB disconnect, device number 9
[  112.333320][ T5879] usb 1-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  112.393074][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.437854][ T5879] usb 1-1: config 0 descriptor??
[  112.463856][ T5879] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.120/input/input6
[  112.987839][   T29] audit: type=1400 audit(1773145887.697:332): avc:  denied  { setopt } for  pid=6631 comm="syz.2.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  113.977447][   T29] audit: type=1400 audit(1773145888.977:333): avc:  denied  { ioctl } for  pid=6636 comm="syz.2.186" path="socket:[11539]" dev="sockfs" ino=11539 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  114.271776][  T924] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  114.355494][ T6643] program syz.1.187 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  114.371093][   T29] audit: type=1400 audit(1773145889.357:334): avc:  denied  { read } for  pid=6642 comm="syz.1.187" name="sg0" dev="devtmpfs" ino=815 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  114.425434][ T6646] CUSE: unknown device info ""
[  114.430326][ T6646] CUSE: unknown device info ""
[  114.445350][ T6646] CUSE: unknown device info ""
[  114.455474][   T29] audit: type=1400 audit(1773145889.357:335): avc:  denied  { open } for  pid=6642 comm="syz.1.187" path="/dev/sg0" dev="devtmpfs" ino=815 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  114.485852][ T6646] CUSE: unknown device info ""
[  114.500193][ T6646] CUSE: unknown device info "ÿ"
[  114.505194][ T5808] Bluetooth: hci5: command 0x1003 tx timeout
[  114.505266][ T5819] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  114.573992][  T924] usb 3-1: Using ep0 maxpacket: 8
[  115.125395][ T6647] ALSA: mixer_oss: invalid OSS volume ''
[  115.222744][ T6651] syz.1.190 (6651) used greatest stack depth: 19408 bytes left
[  115.551643][   T29] audit: type=1400 audit(2000000000.090:336): avc:  denied  { firmware_load } for  pid=6647 comm="syz.1.190" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  115.595044][ T6646] CUSE: unknown device info ""
[  115.651757][  T924] usb 3-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  115.855478][  T924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.898477][  T924] usb 3-1: Product: syz
[  115.905676][  T924] usb 3-1: Manufacturer: syz
[  115.911952][ T6646] CUSE: unknown device info ""
[  115.931607][ T6646] CUSE: unknown device info "ÿ"
[  115.961747][  T924] usb 3-1: SerialNumber: syz
[  115.986685][ T6646] CUSE: DEVNAME unspecified
[  116.175690][  T924] usb 3-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  116.191136][  T924] usb 3-1: clock source 0 is not valid, cannot use
[  116.198088][  T924] usb 3-1: 1:1: cannot get freq (v2/v3): err -71
[  116.208665][  T924] usb 3-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  116.220443][  T924] usb 3-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  116.246456][  T924] usb 3-1: clock source 0 is not valid, cannot use
[  116.266218][  T924] usb 3-1: 2:1: cannot get freq (v2/v3): err -71
[  116.278199][  T924] usb 3-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  116.725342][  T924] usb 3-1: USB disconnect, device number 8
[  116.800424][ T5819] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  116.810060][ T5819] CPU: 1 UID: 0 PID: 5819 Comm: kworker/u9:7 Not tainted syzkaller #0 PREEMPT(full) 
[  116.810085][ T5819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  116.810099][ T5819] Workqueue: hci2 hci_rx_work
[  116.810132][ T5819] Call Trace:
[  116.810139][ T5819]  <TASK>
[  116.810146][ T5819]  dump_stack_lvl+0x100/0x190
[  116.810180][ T5819]  sysfs_warn_dup.cold+0x1c/0x28
[  116.810208][ T5819]  sysfs_create_dir_ns+0x24b/0x2b0
[  116.810238][ T5819]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  116.810265][ T5819]  ? find_held_lock+0x2b/0x80
[  116.810289][ T5819]  ? kobject_add_internal+0x25f/0x930
[  116.810313][ T5819]  ? kobject_add_internal+0x25f/0x930
[  116.810341][ T5819]  ? do_raw_spin_unlock+0x145/0x1e0
[  116.810364][ T5819]  kobject_add_internal+0x2c8/0x930
[  116.810394][ T5819]  kobject_add+0x16a/0x1e0
[  116.810418][ T5819]  ? __pfx_kobject_add+0x10/0x10
[  116.810441][ T5819]  ? preempt_schedule_thunk+0x16/0x30
[  116.810471][ T5819]  ? kobject_put+0xb9/0x640
[  116.810492][ T5819]  ? _raw_spin_unlock+0x3e/0x50
[  116.810528][ T5819]  device_add+0x294/0x1950
[  116.810557][ T5819]  ? __pfx_dev_set_name+0x10/0x10
[  116.810577][ T5819]  ? __pfx_device_add+0x10/0x10
[  116.810604][ T5819]  ? mgmt_send_event_skb+0x2fb/0x460
[  116.810641][ T5819]  hci_conn_add_sysfs+0x1a3/0x260
[  116.810662][ T5819]  le_conn_complete_evt+0x11cb/0x1f40
[  116.810697][ T5819]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  116.810733][ T5819]  hci_le_conn_complete_evt+0x23c/0x3a0
[  116.810770][ T5819]  ? skb_pull_data+0x15f/0x1e0
[  116.810800][ T5819]  hci_le_meta_evt+0x34a/0x5f0
[  116.810820][ T5819]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  116.810855][ T5819]  hci_event_packet+0x682/0x11c0
[  116.810887][ T5819]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  116.810908][ T5819]  ? __pfx_hci_event_packet+0x10/0x10
[  116.810941][ T5819]  ? kcov_remote_start+0x374/0x660
[  116.810968][ T5819]  ? lockdep_hardirqs_on+0x78/0x100
[  116.810996][ T5819]  hci_rx_work+0x451/0xfc0
[  116.811034][ T5819]  process_one_work+0x9d7/0x1920
[  116.811063][ T5819]  ? __pfx_process_one_work+0x10/0x10
[  116.811090][ T5819]  ? __pfx_hci_rx_work+0x10/0x10
[  116.811122][ T5819]  worker_thread+0x5da/0xe40
[  116.811152][ T5819]  ? kthread+0x13a/0x450
[  116.811168][ T5819]  ? __pfx_worker_thread+0x10/0x10
[  116.811187][ T5819]  kthread+0x370/0x450
[  116.811204][ T5819]  ? __pfx_kthread+0x10/0x10
[  116.811224][ T5819]  ret_from_fork+0x754/0xd80
[  116.811244][ T5819]  ? __pfx_ret_from_fork+0x10/0x10
[  116.811266][ T5819]  ? __switch_to+0x7b4/0x1120
[  116.811290][ T5819]  ? __pfx_kthread+0x10/0x10
[  116.811309][ T5819]  ret_from_fork_asm+0x1a/0x30
[  116.811345][ T5819]  </TASK>
[  117.151259][   T29] audit: type=1400 audit(2000000002.210:337): avc:  denied  { getopt } for  pid=6667 comm="syz.4.195" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  117.153868][ T5819] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  117.185819][ T5819] Bluetooth: hci2: failed to register connection device
[  118.928601][   T29] audit: type=1400 audit(2000000004.040:338): avc:  denied  { read } for  pid=6681 comm="syz.4.198" name="event2" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  118.963434][  T924] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  119.022212][   T29] audit: type=1400 audit(2000000004.040:339): avc:  denied  { open } for  pid=6681 comm="syz.4.198" path="/dev/input/event2" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  119.167338][   T29] audit: type=1400 audit(2000000004.040:340): avc:  denied  { ioctl } for  pid=6681 comm="syz.4.198" path="/dev/input/event2" dev="devtmpfs" ino=922 ioctlcmd=0x4503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  119.182496][  T924] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  119.218688][   T47] usb 1-1: USB disconnect, device number 4
[  119.228966][  T924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.912517][  T924] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  119.922431][  T924] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  119.978958][  T924] usb 4-1: Manufacturer: syz
[  119.986504][ T6692] xt_connbytes: Forcing CT accounting to be enabled
[  120.003645][  T924] usb 4-1: config 0 descriptor??
[  120.029323][   T29] audit: type=1400 audit(2000000005.140:341): avc:  denied  { create } for  pid=6693 comm="syz.4.201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  120.054853][ T6692] x_tables: ip_tables: sctp match: only valid for protocol 132
[  120.064922][   T29] audit: type=1400 audit(2000000005.160:342): avc:  denied  { ioctl } for  pid=6693 comm="syz.4.201" path="socket:[11696]" dev="sockfs" ino=11696 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  120.095214][   T29] audit: type=1400 audit(2000000005.210:343): avc:  denied  { create } for  pid=6687 comm="syz.0.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  120.171191][  T924] rc_core: IR keymap rc-hauppauge not found
[  120.178797][  T924] Registered IR keymap rc-empty
[  120.187676][  T924] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  120.200158][  T924] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input7
[  120.301831][ T6699] netlink: 44 bytes leftover after parsing attributes in process `syz.1.202'.
[  120.461672][    C0] igorplugusb 4-1:0.0: Error: urb status = -32
[  120.474378][   T29] audit: type=1400 audit(2000000005.590:344): avc:  denied  { write } for  pid=6702 comm="syz.1.204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  121.837753][ T5879] usb 4-1: USB disconnect, device number 6
[  123.891673][  T924] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  123.951494][   T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  124.111173][   T24] usb 4-1: Using ep0 maxpacket: 32
[  124.124674][   T24] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  124.160145][   T24] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  124.171325][  T924] usb 5-1: Using ep0 maxpacket: 8
[  124.223397][   T24] usb 4-1: config 0 interface 0 has no altsetting 0
[  124.224635][  T924] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  124.232597][   T24] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  124.249976][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.258175][   T24] usb 4-1: Product: syz
[  124.262577][   T24] usb 4-1: Manufacturer: syz
[  124.277385][   T24] usb 4-1: SerialNumber: syz
[  124.284282][  T924] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  124.320542][   T24] usb 4-1: config 0 descriptor??
[  124.356048][  T924] usb 5-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  124.375701][  T924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  124.391217][  T924] usb 5-1: SerialNumber: syz
[  124.423186][  T924] usb 5-1: config 0 descriptor??
[  124.434188][  T924] hso 5-1:0.0: Can't find BULK IN endpoint
[  124.825708][   T24] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  125.024780][   T47] usb 5-1: USB disconnect, device number 7
[  125.061861][  T924] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  125.581284][  T924] usb 3-1: Using ep0 maxpacket: 16
[  125.750246][  T924] usb 3-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice= 0.40
[  125.761718][  T924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.769781][  T924] usb 3-1: Product: syz
[  125.777309][  T924] usb 3-1: Manufacturer: syz
[  125.782537][  T924] usb 3-1: SerialNumber: syz
[  125.791720][ T6756] loop2: detected capacity change from 0 to 7
[  125.807253][ T6756]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  125.815084][ T6756] loop2: partition table partially beyond EOD, truncated
[  125.823272][ T6756] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  125.839555][ T6756] loop2: p2 start 445263249 is beyond EOD, truncated
[  125.902487][ T5996] udevd[5996]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  126.281189][   T10] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  126.432705][   T10] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  126.441153][   T10] usb 2-1: config 0 has no interface number 0
[  126.447401][   T10] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  126.460485][   T10] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  126.469951][   T10] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  126.478091][   T10] usb 2-1: Manufacturer: syz
[  126.482860][   T10] usb 2-1: SerialNumber: syz
[  126.489672][   T10] usb 2-1: config 0 descriptor??
[  126.704421][ T6762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  126.713452][ T6762] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  126.724918][   T10] usbtouchscreen 2-1:0.214: Failed to read FW rev: -71
[  126.735554][   T10] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -71
[  126.752255][   T10] usb 2-1: USB disconnect, device number 10
[  127.194983][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  127.202293][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  129.061116][   T24] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  129.211092][   T24] usb 2-1: Using ep0 maxpacket: 16
[  129.218017][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  129.227132][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  129.237273][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  129.247897][   T24] usb 2-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  129.256975][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.264977][   T24] usb 2-1: Product: syz
[  129.269127][   T24] usb 2-1: Manufacturer: syz
[  129.274394][   T24] usb 2-1: SerialNumber: syz
[  130.095680][   T24] usb 2-1: Audio class v2/v3 interfaces need an interface association
[  130.130184][   T24] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  130.142522][   T24] usb 2-1: USB disconnect, device number 11
[  130.156425][ T5996] udevd[5996]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  130.487289][ T6759] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6759 comm=syz.4.218
[  130.501625][   T29] audit: type=1400 audit(2000000015.600:345): avc:  denied  { search } for  pid=5473 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  130.570716][   T29] audit: type=1400 audit(2000000015.640:346): avc:  denied  { search } for  pid=5473 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  130.602457][   T24] usb 4-1: USB disconnect, device number 7
[  130.684836][   T29] audit: type=1400 audit(2000000015.640:347): avc:  denied  { search } for  pid=5473 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  130.712596][  T924] snd-ua101 3-1:1.1: invalid format type
[  130.718413][  T924] snd-ua101 3-1:1.0: invalid num_altsetting
[  130.776360][  T924] usb 3-1: USB disconnect, device number 9
[  130.787611][   T29] audit: type=1400 audit(2000000015.640:348): avc:  denied  { read } for  pid=5473 comm="dhcpcd" name="n100" dev="tmpfs" ino=2993 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  130.820796][   T29] audit: type=1400 audit(2000000015.640:349): avc:  denied  { open } for  pid=5473 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=2993 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  130.845486][   T29] audit: type=1400 audit(2000000015.640:350): avc:  denied  { getattr } for  pid=5473 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=2993 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  130.960639][   T29] audit: type=1400 audit(2000000016.000:351): avc:  denied  { write } for  pid=6790 comm="syz.1.230" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  130.985062][   T29] audit: type=1400 audit(2000000016.000:352): avc:  denied  { read open } for  pid=6793 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1843 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  131.157654][   T29] audit: type=1400 audit(2000000016.000:353): avc:  denied  { getattr } for  pid=6793 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1843 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  131.252574][ T6808] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  131.272355][ T6808] xt_TPROXY: Can be used only with -p tcp or -p udp
[  131.932568][ T6818] FAULT_INJECTION: forcing a failure.
[  131.932568][ T6818] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  131.945798][ T6818] CPU: 0 UID: 0 PID: 6818 Comm: syz.1.233 Not tainted syzkaller #0 PREEMPT(full) 
[  131.945820][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  131.945828][ T6818] Call Trace:
[  131.945832][ T6818]  <TASK>
[  131.945836][ T6818]  dump_stack_lvl+0x100/0x190
[  131.945857][ T6818]  should_fail_ex.cold+0x5/0xa
[  131.945871][ T6818]  _copy_from_user+0x2e/0xd0
[  131.945887][ T6818]  copy_msghdr_from_user+0x9f/0x4f0
[  131.945903][ T6818]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  131.945924][ T6818]  ___sys_sendmsg+0x106/0x1e0
[  131.945939][ T6818]  ? __pfx____sys_sendmsg+0x10/0x10
[  131.945953][ T6818]  ? find_held_lock+0x2b/0x80
[  131.945966][ T6818]  ? rcu_preempt_deferred_qs_irqrestore+0x4fd/0xb90
[  131.945989][ T6818]  ? __rcu_read_unlock+0x26a/0x5e0
[  131.946013][ T6818]  __sys_sendmsg+0x170/0x220
[  131.946024][ T6818]  ? __pfx___sys_sendmsg+0x10/0x10
[  131.946034][ T6818]  ? __pfx___seccomp_filter+0x10/0x10
[  131.946053][ T6818]  do_syscall_64+0x106/0xf80
[  131.946064][ T6818]  ? clear_bhb_loop+0x40/0x90
[  131.946077][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.946088][ T6818] RIP: 0033:0x7f7cbbd9c799
[  131.946097][ T6818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  131.946106][ T6818] RSP: 002b:00007f7cbcc48028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  131.946117][ T6818] RAX: ffffffffffffffda RBX: 00007f7cbc016090 RCX: 00007f7cbbd9c799
[  131.946123][ T6818] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000007
[  131.946129][ T6818] RBP: 00007f7cbcc48090 R08: 0000000000000000 R09: 0000000000000000
[  131.946134][ T6818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.946140][ T6818] R13: 00007f7cbc016128 R14: 00007f7cbc016090 R15: 00007fff8dd3f9b8
[  131.946153][ T6818]  </TASK>
[  132.412001][   T29] audit: type=1400 audit(2000000017.500:354): avc:  denied  { add_name } for  pid=6785 comm="dhcpcd-run-hook" name="resolv.conf.can0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  134.283269][ T6866] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  134.299767][ T6866] xt_TPROXY: Can be used only with -p tcp or -p udp
[  135.481140][ T5872] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  135.669353][ T5872] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  135.897661][ T5872] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  135.908436][ T5872] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  135.921524][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  135.966908][ T5872] usb 3-1: SerialNumber: syz
[  136.524580][ T6898] loop2: detected capacity change from 0 to 7
[  136.534621][ T6898]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  136.542216][ T6898] loop2: partition table partially beyond EOD, truncated
[  136.555003][ T6898] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  136.558265][ T5872] usb 3-1: 0:2 : does not exist
[  136.564826][ T6898] loop2: p2 start 445263249 is beyond EOD, truncated
[  136.603151][ T5872] usb 3-1: unit 5 not found!
[  136.667608][ T5996] udevd[5996]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  136.725443][ T5872] usb 3-1: USB disconnect, device number 10
[  136.796016][ T5996] udevd[5996]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  137.428468][ T6912] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  137.791662][ T6915] syzkaller0: entered promiscuous mode
[  137.810969][ T6915] syzkaller0: entered allmulticast mode
[  138.094856][  T924] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  138.251085][  T924] usb 3-1: Using ep0 maxpacket: 16
[  138.296807][  T924] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  138.321357][  T924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  138.387987][  T924] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  138.405904][  T924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.430654][  T924] usb 3-1: Product: syz
[  138.477061][  T924] usb 3-1: Manufacturer: syz
[  138.491364][  T924] usb 3-1: SerialNumber: syz
[  138.512848][  T924] usb 3-1: config 0 descriptor??
[  138.536988][  T924] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  138.551539][  T924] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  138.796766][ T5879] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  138.991183][ T5879] usb 4-1: Using ep0 maxpacket: 8
[  139.165309][ T5879] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  139.243746][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  139.279858][ T5879] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  139.300069][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  139.310793][ T5879] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  139.331920][ T5879] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  139.340974][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.367196][ T5879] usb 4-1: Product: syz
[  139.372221][  T924] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  139.372502][ T5879] usb 4-1: Manufacturer: syz
[  139.378838][  T924] em28xx 3-1:0.0: Config register raw data: 0x6c
[  139.382954][ T5879] usb 4-1: SerialNumber: syz
[  139.395189][  T924] em28xx 3-1:0.0: I2S Audio (1 sample rate(s))
[  139.396172][ T5879] usb 4-1: config 0 descriptor??
[  139.405065][  T924] em28xx 3-1:0.0: No AC97 audio processor
[  139.408540][ T5879] kvaser_usb 4-1:0.0: error -EMSGSIZE: Cannot get software info
[  139.431183][ T5879] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -90
[  139.548679][ T6941] netlink: 112 bytes leftover after parsing attributes in process `syz.0.263'.
[  139.562582][ T6942] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2583 sclass=netlink_route_socket pid=6942 comm=syz.0.263
[  139.564610][ T6941] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2583 sclass=netlink_route_socket pid=6941 comm=syz.0.263
[  139.654420][ T6944] loop2: detected capacity change from 0 to 7
[  139.682889][ T5794]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  139.690146][ T5794] loop2: partition table partially beyond EOD, truncated
[  139.692053][ T5884] usb 4-1: USB disconnect, device number 8
[  139.707104][ T5794] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  139.710069][ T6921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  139.738111][ T5794] loop2: p2 start 445263249 is beyond EOD, truncated
[  139.755798][ T6944]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  139.770082][ T6944] loop2: partition table partially beyond EOD, truncated
[  139.779221][ T6944] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  139.789226][ T6944] loop2: p2 start 445263249 is beyond EOD, truncated
[  139.919708][ T5794] udevd[5794]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  139.962971][ T6946] syzkaller0: entered promiscuous mode
[  139.968515][ T6946] syzkaller0: entered allmulticast mode
[  139.969408][ T5794] udevd[5794]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  140.053608][ T6946] tipc: Started in network mode
[  140.070545][ T6946] tipc: Node identity 5ea91571c374, cluster identity 4711
[  140.146070][ T6955] block device autoloading is deprecated and will be removed.
[  140.163053][ T6955] tmpfs: Bad value for 'mpol'
[  140.202250][ T6958] NILFS (nullb0): couldn't find nilfs on the device
[  140.221373][ T6946] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  140.303835][ T6955] netlink: 'syz.0.267': attribute type 4 has an invalid length.
[  140.329402][  T924] usb 3-1: USB disconnect, device number 11
[  140.336768][ T6945] tipc: Resetting bearer <eth:syzkaller0>
[  140.354147][ T6961] netlink: 'syz.0.267': attribute type 4 has an invalid length.
[  140.520148][ T6945] tipc: Disabling bearer <eth:syzkaller0>
[  141.311144][  T924] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  141.822322][  T924] usb 1-1: Using ep0 maxpacket: 8
[  141.970125][  T924] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  142.006521][  T924] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  142.046523][  T924] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  142.104067][  T924] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  142.162864][  T924] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  142.293509][  T924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.332508][  T924] hub 1-1:1.0: bad descriptor, ignoring hub
[  142.342043][  T924] hub 1-1:1.0: probe with driver hub failed with error -5
[  142.364275][  T924] cdc_wdm 1-1:1.0: skipping garbage
[  142.385705][  T924] cdc_wdm 1-1:1.0: skipping garbage
[  142.429062][  T924] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  142.449867][  T924] cdc_wdm 1-1:1.0: Unknown control protocol
[  142.606334][   T29] kauditd_printk_skb: 14 callbacks suppressed
[  142.606349][   T29] audit: type=1400 audit(2000000027.720:369): avc:  denied  { read write } for  pid=6950 comm="syz.0.267" name="cdc-wdm0" dev="devtmpfs" ino=2916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  142.606578][ T6984] Bluetooth: MGMT ver 1.23
[  142.651090][ T5884] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  142.675339][   T29] audit: type=1400 audit(2000000027.720:370): avc:  denied  { open } for  pid=6950 comm="syz.0.267" path="/dev/cdc-wdm0" dev="devtmpfs" ino=2916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  142.704617][ T6984] netlink: 8 bytes leftover after parsing attributes in process `syz.3.274'.
[  142.789840][ T6988] bridge0: entered promiscuous mode
[  142.804223][ T6988] macsec1: entered promiscuous mode
[  142.851811][ T5884] usb 3-1: Using ep0 maxpacket: 32
[  142.863948][ T5884] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  142.874564][ T5884] usb 3-1: config 0 has no interface number 0
[  142.885561][ T5884] usb 3-1: config 0 interface 184 has no altsetting 0
[  143.234389][ T5884] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  143.243672][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.255283][ T5884] usb 3-1: Product: syz
[  143.256048][ T6993] loop2: detected capacity change from 0 to 7
[  143.259468][ T5884] usb 3-1: Manufacturer: syz
[  143.270239][ T5884] usb 3-1: SerialNumber: syz
[  143.275159][  T924] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  143.278789][ T6993]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  143.285360][ T5884] usb 3-1: config 0 descriptor??
[  143.310322][ T6993] loop2: partition table partially beyond EOD, truncated
[  143.327237][ T6993] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  143.357085][ T6993] loop2: p2 start 445263249 is beyond EOD, truncated
[  143.435600][  T924] usb 4-1: unable to get BOS descriptor or descriptor too short
[  143.443472][ T5996] udevd[5996]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  143.465159][  T924] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.470047][   T29] audit: type=1400 audit(2000000028.580:371): avc:  denied  { ioctl } for  pid=6994 comm="syz.4.279" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=12202 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  143.518906][  T924] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  143.545623][  T924] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x81 has an invalid bInterval 37, changing to 7
[  143.561957][   T29] audit: type=1400 audit(2000000028.630:372): avc:  denied  { mounton } for  pid=6994 comm="syz.4.279" path="/syzcgroup/unified/syz4" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  143.596743][  T924] usb 4-1: New USB device found, idVendor=0582, idProduct=8782, bcdDevice= 0.54
[  143.606540][  T924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.619117][  T924] usb 4-1: Product: syz
[  143.628513][  T924] usb 4-1: Manufacturer: syz
[  143.633415][  T924] usb 4-1: SerialNumber: syz
[  143.718065][ T5884] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  143.729735][ T5884] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  143.740100][ T5884] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  143.751144][ T5884] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61
[  143.850214][ T6984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.860060][ T6984] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.873759][   T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  143.887743][  T924] usb 4-1: Can't get UAC3 power state for id 11
[  143.896339][  T924] usb 4-1: 5:0: failed to get current value for ch 0 (-71)
[  143.908491][  T924] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[  144.016809][  T924] usb 4-1: USB disconnect, device number 9
[  144.033368][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  144.057482][   T24] usb 5-1: too many endpoints for config 1 interface 1 altsetting 0: 133, using maximum allowed: 30
[  144.081916][   T24] usb 5-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 133
[  144.125046][   T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  144.144461][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.161701][   T24] usb 5-1: Product: syz
[  144.226164][   T24] usb 5-1: Manufacturer: syz
[  144.230814][   T24] usb 5-1: SerialNumber: syz
[  144.249990][   T24] cdc_ncm 5-1:1.0: NCM or ECM functional descriptors missing
[  144.257601][   T24] cdc_ncm 5-1:1.0: bind() failure
[  144.460405][   T24] usb 5-1: USB disconnect, device number 8
[  144.729548][ T5884] usb 1-1: USB disconnect, device number 5
[  144.765976][ T7008] ipip0: entered promiscuous mode
[  144.795026][ T7008] ipip0: entered allmulticast mode
[  145.079604][ T7008] team0: Device ipip0 is of different type
[  145.442165][ T5884] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  145.648004][ T7005] netlink: 20 bytes leftover after parsing attributes in process `syz.1.282'.
[  145.684806][ T5884] usb 1-1: Using ep0 maxpacket: 8
[  145.697069][ T5884] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  145.761860][ T5884] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  145.799493][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.819668][ T5884] usb 1-1: Product: syz
[  145.833961][ T5884] usb 1-1: Manufacturer: syz
[  145.848818][ T5884] usb 1-1: SerialNumber: syz
[  145.870512][ T5884] usb 1-1: config 0 descriptor??
[  145.888555][ T5884] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  145.922478][ T5884] usb 1-1: setting power ON
[  145.935058][ T5884] dvb-usb: bulk message failed: -22 (2/0)
[  145.947204][ T7036] loop2: detected capacity change from 0 to 7
[  145.996313][ T5884] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  146.011744][ T7036]  loop2: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2
[  146.035854][ T5884] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  146.048164][ T7036] loop2: partition table partially beyond EOD, truncated
[  146.055916][ T5884] usb 1-1: media controller created
[  146.205597][ T7036] loop2: p1 size 2574515542 extends beyond EOD, truncated
[  146.213994][ T7036] loop2: p2 start 445263249 is beyond EOD, truncated
[  146.237192][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  146.525447][ T5865] usb 3-1: USB disconnect, device number 12
[  146.555931][ T5884] usb 1-1: selecting invalid altsetting 6
[  146.564392][ T5884] usb 1-1: digital interface selection failed (-22)
[  146.576634][ T5884] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  146.613477][ T5884] usb 1-1: setting power OFF
[  146.633722][ T5794] udevd[5794]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  146.653675][ T5884] dvb-usb: bulk message failed: -22 (2/0)
[  146.662474][ T5884] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  146.674622][ T5884] (NULL device *): no alternate interface
[  146.781685][ T5884] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  146.806552][ T5884] usb 1-1: USB disconnect, device number 6
[  147.005469][ T7055] comedi comedi1: dmm32at: I/O port conflict (0x3,16)
[  147.025860][   T29] audit: type=1400 audit(2000000032.140:373): avc:  denied  { append } for  pid=7054 comm="syz.0.296" name="loop8" dev="devtmpfs" ino=655 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  147.147438][ T7060] loop8: detected capacity change from 0 to 7
[  147.199792][ T7060] Dev loop8: unable to read RDB block 7
[  147.212393][   T24] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  147.261278][ T5879] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  147.342871][ T7060]  loop8: AHDI p1 p2
[  147.347143][ T7060] loop8: partition table partially beyond EOD, truncated
[  147.348672][ T7063] usb usb7: usbfs: process 7063 (syz.2.299) did not claim interface 0 before use
[  147.395490][ T7060] loop8: p1 start 1702000233 is beyond EOD, truncated
[  147.561126][   T24] usb 5-1: Using ep0 maxpacket: 32
[  147.571495][ T5879] usb 2-1: Using ep0 maxpacket: 32
[  147.578530][ T5879] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  147.586863][   T24] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  147.598100][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  147.604950][ T5879] usb 2-1: config 0 has no interface number 0
[  147.619663][   T24] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  147.629377][ T5879] usb 2-1: config 0 interface 184 has no altsetting 0
[  148.036098][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.049868][ T5879] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  148.062373][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.072014][   T24] usb 5-1: config 0 descriptor??
[  148.077947][ T5879] usb 2-1: Product: syz
[  148.089353][ T5879] usb 2-1: Manufacturer: syz
[  148.101941][ T5879] usb 2-1: SerialNumber: syz
[  148.109067][ T5879] usb 2-1: config 0 descriptor??
[  148.111969][ T7072] syz_tun: entered allmulticast mode
[  148.243244][   T29] audit: type=1400 audit(2000000033.360:374): avc:  denied  { read } for  pid=7074 comm="syz.0.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  148.375026][   T29] audit: type=1400 audit(2000000033.460:375): avc:  denied  { shutdown } for  pid=7074 comm="syz.0.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  148.432105][   T24] corsair-cpro 0003:1B1C:0C10.0002: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.4-1/input0
[  149.025435][ T7090] netlink: 'syz.0.306': attribute type 10 has an invalid length.
[  149.033700][ T7090] batman_adv: batadv0: Removing interface: batadv_slave_0
[  149.076988][   T24] corsair-cpro 0003:1B1C:0C10.0002: probe with driver corsair-cpro failed with error -110
[  149.092255][ T7090] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  149.737607][ T5879] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -61
[  149.751133][ T7096] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  149.809067][   T24] usb 5-1: USB disconnect, device number 9
[  149.817093][ T5879] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  149.914545][   T29] audit: type=1400 audit(2000000035.030:376): avc:  denied  { read } for  pid=7098 comm="syz.2.307" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  149.976122][   T29] audit: type=1400 audit(2000000035.030:377): avc:  denied  { open } for  pid=7098 comm="syz.2.307" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  150.069585][ T5879] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71
[  150.095688][ T5879] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71
[  150.121277][ T5879] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  150.122192][   T29] audit: type=1400 audit(2000000035.030:378): avc:  denied  { ioctl } for  pid=7098 comm="syz.2.307" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  150.132006][ T5879] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  150.181005][ T5879] usb 2-1: USB disconnect, device number 12
[  151.211122][   T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  151.572045][ T7116] FAULT_INJECTION: forcing a failure.
[  151.572045][ T7116] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  151.585162][ T7116] CPU: 1 UID: 0 PID: 7116 Comm: syz.1.315 Not tainted syzkaller #0 PREEMPT(full) 
[  151.585185][ T7116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  151.585194][ T7116] Call Trace:
[  151.585199][ T7116]  <TASK>
[  151.585205][ T7116]  dump_stack_lvl+0x100/0x190
[  151.585231][ T7116]  should_fail_ex.cold+0x5/0xa
[  151.585249][ T7116]  _copy_from_user+0x2e/0xd0
[  151.585269][ T7116]  copy_msghdr_from_user+0x9f/0x4f0
[  151.585290][ T7116]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  151.585322][ T7116]  ___sys_sendmsg+0x106/0x1e0
[  151.585342][ T7116]  ? __pfx____sys_sendmsg+0x10/0x10
[  151.585383][ T7116]  __sys_sendmsg+0x170/0x220
[  151.585398][ T7116]  ? __pfx___sys_sendmsg+0x10/0x10
[  151.585424][ T7116]  do_syscall_64+0x106/0xf80
[  151.585439][ T7116]  ? clear_bhb_loop+0x40/0x90
[  151.585455][ T7116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.585469][ T7116] RIP: 0033:0x7f7cbbd9c799
[  151.585480][ T7116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  151.585494][ T7116] RSP: 002b:00007f7cbcc69028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  151.585508][ T7116] RAX: ffffffffffffffda RBX: 00007f7cbc015fa0 RCX: 00007f7cbbd9c799
[  151.585517][ T7116] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  151.585525][ T7116] RBP: 00007f7cbcc69090 R08: 0000000000000000 R09: 0000000000000000
[  151.585533][ T7116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.585541][ T7116] R13: 00007f7cbc016038 R14: 00007f7cbc015fa0 R15: 00007fff8dd3f9b8
[  151.585559][ T7116]  </TASK>
[  151.891115][   T24] usb 4-1: Using ep0 maxpacket: 16
[  151.898891][   T24] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  151.907967][   T24] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  151.916054][   T24] usb 4-1: Product: syz
[  151.920194][   T24] usb 4-1: Manufacturer: syz
[  151.924821][   T24] usb 4-1: SerialNumber: syz
[  151.940855][   T24] usb 4-1: config 0 descriptor??
[  152.096651][ T7124] x_tables: duplicate underflow at hook 2
[  152.151489][ T7122] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  152.165342][   T29] audit: type=1400 audit(2000000037.280:379): avc:  denied  { listen } for  pid=7119 comm="syz.0.318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  152.165580][ T7122] netlink: 'syz.0.318': attribute type 1 has an invalid length.
[  152.190921][ T5884] usb 4-1: USB disconnect, device number 10
[  152.328499][ T7134] netlink: 12 bytes leftover after parsing attributes in process `syz.4.321'.
[  152.389046][ T7134] netlink: 20 bytes leftover after parsing attributes in process `syz.4.321'.
[  152.434893][ T7137] comedi comedi3: comedi_config --init_data is deprecated
[  152.519066][ T7141] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  152.622786][   T29] audit: type=1400 audit(2000000037.570:380): avc:  denied  { create } for  pid=7138 comm="syz.0.323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  152.935462][   T29] audit: type=1400 audit(2000000037.570:382): avc:  denied  { ioctl } for  pid=7138 comm="syz.0.323" path="socket:[13575]" dev="sockfs" ino=13575 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  153.002897][ T7145] loop5: detected capacity change from 0 to 7
[  153.023307][ T7145]  loop5:
[  153.026299][ T7145] loop5: partition table partially beyond EOD, truncated
[  153.046417][   T29] audit: type=1400 audit(2000000037.570:381): avc:  denied  { ioctl } for  pid=7138 comm="syz.0.323" path="socket:[13575]" dev="sockfs" ino=13575 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  153.155982][ T7149] usb usb7: usbfs: process 7149 (syz.3.326) did not claim interface 0 before use
[  153.894794][   T29] audit: type=1400 audit(2000000038.990:383): avc:  denied  { ioctl } for  pid=7136 comm="syz.1.322" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  154.600481][ T7170] block device autoloading is deprecated and will be removed.
[  154.614406][ T7170] netlink: 16 bytes leftover after parsing attributes in process `syz.4.328'.
[  154.694086][ T7171] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  154.727000][ T7171] xt_TPROXY: Can be used only with -p tcp or -p udp
[  155.631066][ T5884] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  155.791134][ T5884] usb 5-1: device descriptor read/64, error -71
[  156.101239][ T5884] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  156.241219][ T5884] usb 5-1: device descriptor read/64, error -71
[  156.481503][ T5884] usb usb5-port1: attempt power cycle
[  156.759101][   T29] audit: type=1400 audit(2000000041.870:384): avc:  denied  { write } for  pid=7191 comm="syz.3.338" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  156.793405][ T7197] loop5: detected capacity change from 0 to 7
[  156.825611][ T7197]  loop5:
[  156.828615][ T7197] loop5: partition table partially beyond EOD, truncated
[  156.871115][ T5884] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  156.890369][   T29] audit: type=1400 audit(2000000042.000:385): avc:  denied  { getopt } for  pid=7200 comm="syz.0.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  156.971800][  T924] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  157.063004][ T7210] block device autoloading is deprecated and will be removed.
[  157.071599][   T24] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  157.092311][ T5884] usb 5-1: device not accepting address 12, error -71
[  157.131421][ T5865] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  157.141484][  T924] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  157.241248][   T24] usb 4-1: Using ep0 maxpacket: 32
[  157.242862][  T924] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  157.262598][   T24] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  157.273484][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.282581][  T924] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  157.302630][  T924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.304088][   T24] usb 4-1: config 0 descriptor??
[  157.375482][  T924] usb 3-1: config 0 descriptor??
[  157.419572][ T5865] usb 1-1: device descriptor read/64, error -71
[  157.445042][ T7213] netlink: 'syz.1.344': attribute type 6 has an invalid length.
[  157.512906][ T5884] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  157.527134][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  157.538630][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  157.559712][ T5884] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  157.560778][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  157.571367][ T5884] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 3
[  157.588935][   T24] usb 4-1: media controller created
[  157.612930][ T5884] usb 5-1: config 220 interface 0 has no altsetting 0
[  157.623735][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  157.624615][ T5884] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  157.644235][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.653044][ T5884] usb 5-1: Product: syz
[  157.657328][ T5884] usb 5-1: Manufacturer: syz
[  157.662037][ T5884] usb 5-1: SerialNumber: syz
[  157.711134][ T5865] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  158.595126][ T7221] Cannot find add_set index 65532 as target
[  158.657668][ T5884] uvcvideo 5-1:220.0: Found UVC 0.00 device syz (8086:0b07)
[  158.665193][ T5884] uvcvideo 5-1:220.0: No valid video chain found.
[  158.674907][ T5884] usb 5-1: USB disconnect, device number 13
[  158.717659][ T5865] usb 1-1: device descriptor read/64, error -71
[  158.834429][ T5865] usb usb1-port1: attempt power cycle
[  159.181128][ T5865] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  159.192629][   T29] audit: type=1400 audit(2000000044.310:386): avc:  denied  { getopt } for  pid=7227 comm="syz.4.346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  159.201533][ T5865] usb 1-1: device descriptor read/8, error -71
[  159.243049][   T29] audit: type=1400 audit(2000000044.360:387): avc:  denied  { setopt } for  pid=7227 comm="syz.4.346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  159.267557][   T29] audit: type=1400 audit(2000000044.360:388): avc:  denied  { connect } for  pid=7227 comm="syz.4.346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  159.287675][   T29] audit: type=1400 audit(2000000044.360:389): avc:  denied  { read } for  pid=7227 comm="syz.4.346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  159.307209][   T29] audit: type=1400 audit(2000000044.360:390): avc:  denied  { connect } for  pid=7227 comm="syz.4.346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  159.471145][ T5865] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  159.491691][ T5865] usb 1-1: device descriptor read/8, error -71
[  159.601334][ T5865] usb usb1-port1: unable to enumerate USB device
[  159.692022][ T5858] usb 3-1: USB disconnect, device number 13
[  159.793060][   T24] az6027: usb out operation failed. (-71)
[  159.805080][   T24] az6027: usb out operation failed. (-71)
[  159.816314][   T24] stb0899_attach: Driver disabled by Kconfig
[  159.833150][   T24] az6027: no front-end attached
[  159.833150][   T24] 
[  159.843107][   T24] az6027: usb out operation failed. (-71)
[  159.854670][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  159.873634][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input10
[  159.920894][   T29] audit: type=1400 audit(2000000045.030:391): avc:  denied  { read } for  pid=7233 comm="syz.2.347" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  159.924345][ T7238] random: crng reseeded on system resumption
[  159.962286][   T24] dvb-usb: schedule remote query interval to 400 msecs.
[  159.990227][   T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  160.055682][   T29] audit: type=1400 audit(2000000045.040:392): avc:  denied  { ioctl } for  pid=7233 comm="syz.2.347" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  160.083886][   T29] audit: type=1400 audit(2000000045.180:393): avc:  denied  { execute } for  pid=7233 comm="syz.2.347" path="/file1" dev="ramfs" ino=13688 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  160.120264][   T24] usb 4-1: USB disconnect, device number 11
[  160.452796][   T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  161.016678][   T29] audit: type=1400 audit(2000000046.130:394): avc:  denied  { create } for  pid=7246 comm="syz.2.350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  161.426222][   T29] audit: type=1400 audit(2000000046.150:395): avc:  denied  { read } for  pid=7246 comm="syz.2.350" dev="nsfs" ino=4026533180 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  162.150401][ T7266] loop5: detected capacity change from 0 to 7
[  162.203013][ T6671]  loop5:
[  162.206477][ T6671] loop5: partition table partially beyond EOD, truncated
[  162.234022][ T7266]  loop5:
[  162.237256][ T7266] loop5: partition table partially beyond EOD, truncated
[  164.704845][ T7279] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  164.801095][   T29] kauditd_printk_skb: 46 callbacks suppressed
[  164.801113][   T29] audit: type=1400 audit(2000000049.900:442): avc:  denied  { create } for  pid=7300 comm="syz.4.363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  164.971109][   T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  165.104465][ T7315] netlink: 12 bytes leftover after parsing attributes in process `syz.2.365'.
[  165.391291][   T24] usb 2-1: Using ep0 maxpacket: 32
[  165.412089][ T7318] netlink: 'syz.4.366': attribute type 27 has an invalid length.
[  165.447393][  T924] IPVS: starting estimator thread 0...
[  165.661070][   T24] usb 2-1: config 4 has an invalid interface number: 8 but max is 0
[  165.670936][   T24] usb 2-1: config 4 has no interface number 0
[  165.680998][   T24] usb 2-1: config 4 interface 8 altsetting 1 bulk endpoint 0x8A has invalid maxpacket 141
[  165.690946][   T24] usb 2-1: config 4 interface 8 has no altsetting 0
[  165.751230][ T7319] IPVS: using max 76 ests per chain, 182400 per kthread
[  165.759064][   T24] usb 2-1: New USB device found, idVendor=065a, idProduct=0009, bcdDevice=60.65
[  165.768723][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.781132][   T24] usb 2-1: Product: syz
[  165.785334][   T24] usb 2-1: Manufacturer: syz
[  165.800140][   T24] usb 2-1: SerialNumber: syz
[  165.807225][ T7304] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  166.342464][   T29] audit: type=1400 audit(2000000051.450:443): avc:  denied  { write } for  pid=7303 comm="syz.1.364" path="socket:[13818]" dev="sockfs" ino=13818 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  166.645268][   T24] opticon 2-1:4.8: opticon converter detected
[  166.748946][   T24] usb 2-1: opticon converter now attached to ttyUSB0
[  166.759494][   T24] usb 2-1: USB disconnect, device number 13
[  166.770624][   T24] opticon ttyUSB0: opticon converter now disconnected from ttyUSB0
[  166.780013][   T24] opticon 2-1:4.8: device disconnected
[  166.794406][ T7332] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  166.969859][   T29] audit: type=1400 audit(2000000052.080:444): avc:  denied  { unmount } for  pid=5811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  167.078053][ T7336] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  167.537059][   T29] audit: type=1400 audit(2000000052.640:445): avc:  denied  { create } for  pid=7337 comm="syz.3.370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  167.576145][   T29] audit: type=1400 audit(2000000052.690:446): avc:  denied  { name_bind } for  pid=7337 comm="syz.3.370" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  167.610354][   T29] audit: type=1400 audit(2000000052.690:447): avc:  denied  { node_bind } for  pid=7337 comm="syz.3.370" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  167.657880][   T29] audit: type=1400 audit(2000000052.750:448): avc:  denied  { read } for  pid=7339 comm="syz.0.371" name="video3" dev="devtmpfs" ino=934 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  167.713113][   T29] audit: type=1400 audit(2000000052.750:449): avc:  denied  { open } for  pid=7339 comm="syz.0.371" path="/dev/video3" dev="devtmpfs" ino=934 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  167.801468][   T29] audit: type=1400 audit(2000000052.750:450): avc:  denied  { create } for  pid=7339 comm="syz.0.371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  167.834472][   T29] audit: type=1400 audit(2000000052.800:451): avc:  denied  { map_create } for  pid=7341 comm="syz.2.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  168.030768][   T85] ------------[ cut here ]------------
[  168.036395][   T85] wlan1: Dropped data frame as no usable bitrate found while scanning and associated. Target station: 08:02:11:00:00:00 on 5 GHz band
[  168.050163][   T85] WARNING: net/mac80211/tx.c:753 at ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20, CPU#0: kworker/u8:5/85
[  168.060864][   T85] Modules linked in:
[  168.064984][   T85] CPU: 0 UID: 0 PID: 85 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  168.074367][   T85] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  168.084490][   T85] Workqueue: events_unbound cfg80211_wiphy_work
[  168.090758][   T85] RIP: 0010:ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20
[  168.097314][   T85] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 e9 05 00 00 48 8d 3d 95 0b dd 05 48 8b 75 68 89 d9 4c 89 e2 48 81 c6 48 0a 00 00 <67> 48 0f b9 3a bb 01 00 00 00 e9 2a f8 ff ff e8 b1 83 fb f6 e8 ec
[  168.116990][   T85] RSP: 0018:ffffc9000216f5d8 EFLAGS: 00010282
[  168.123064][   T85] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000005
[  168.131076][   T85] RDX: ffff88805e033ac4 RSI: ffff88805b7fd808 RDI: ffffffff90ea4220
[  168.139066][   T85] RBP: ffffc9000216f850 R08: 0000000000000005 R09: 0000000000000000
[  168.147049][   T85] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805e033ac4
[  168.155031][   T85] R13: ffffc9000216f8c0 R14: 0000000000000000 R15: 0000000000000001
[  168.163031][   T85] FS:  0000000000000000(0000) GS:ffff888124347000(0000) knlGS:0000000000000000
[  168.171983][   T85] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  168.178567][   T85] CR2: 000000110c312035 CR3: 000000005301a000 CR4: 00000000003526f0
[  168.186574][   T85] Call Trace:
[  168.189847][   T85]  <TASK>
[  168.192776][   T85]  ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0
[  168.198843][   T85]  ? kmalloc_reserve+0x148/0x350
[  168.203793][   T85]  ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10
[  168.209869][   T85]  ? sta_info_hash_lookup+0x259/0x660
[  168.215239][   T85]  invoke_tx_handlers_late+0xfb4/0x2750
[  168.220787][   T85]  ? ieee80211_queue_skb+0x3ae/0x1fc0
[  168.226157][   T85]  ? ieee80211_queue_skb+0x3c0/0x1fc0
[  168.231541][   T85]  ? invoke_tx_handlers_early+0x65d/0x27d0
[  168.237360][   T85]  ieee80211_tx+0x304/0x460
[  168.241891][   T85]  ? __pfx_ieee80211_tx+0x10/0x10
[  168.246934][   T85]  ? ieee80211_skb_resize+0x119/0x670
[  168.252407][   T85]  ? ieee80211_set_qos_hdr+0x2c1/0x3f0
[  168.257872][   T85]  ieee80211_xmit+0x30f/0x3e0
[  168.262552][   T85]  __ieee80211_tx_skb_tid_band+0x2c2/0x720
[  168.268362][   T85]  ieee80211_scan_state_send_probe+0x33d/0xac0
[  168.274539][   T85]  ieee80211_scan_work+0x750/0x1ff0
[  168.279740][   T85]  ? __queue_work+0x445/0x1150
[  168.284504][   T85]  ? __pfx_ieee80211_scan_work+0x10/0x10
[  168.290134][   T85]  ? rcu_is_watching+0x12/0xc0
[  168.294913][   T85]  cfg80211_wiphy_work+0x446/0x5c0
[  168.300017][   T85]  process_one_work+0x9d7/0x1920
[  168.304956][   T85]  ? __pfx_process_one_work+0x10/0x10
[  168.310686][   T85]  ? __pfx_cfg80211_wiphy_work+0x10/0x10
[  168.316338][   T85]  worker_thread+0x5da/0xe40
[  168.320933][   T85]  ? __pfx_worker_thread+0x10/0x10
[  168.326052][   T85]  ? kthread+0x13a/0x450
[  168.330295][   T85]  ? __pfx_worker_thread+0x10/0x10
[  168.335410][   T85]  kthread+0x370/0x450
[  168.339470][   T85]  ? __pfx_kthread+0x10/0x10
[  168.344076][   T85]  ret_from_fork+0x754/0xd80
[  168.348658][   T85]  ? __pfx_ret_from_fork+0x10/0x10
[  168.353774][   T85]  ? __switch_to+0x7b4/0x1120
[  168.358446][   T85]  ? __pfx_kthread+0x10/0x10
[  168.363052][   T85]  ret_from_fork_asm+0x1a/0x30
[  168.367817][   T85]  </TASK>
[  168.370823][   T85] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  168.378081][   T85] CPU: 0 UID: 0 PID: 85 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) 
[  168.387337][   T85] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  168.397362][   T85] Workqueue: events_unbound cfg80211_wiphy_work
[  168.403579][   T85] Call Trace:
[  168.406832][   T85]  <TASK>
[  168.409734][   T85]  dump_stack_lvl+0x100/0x190
[  168.414396][   T85]  vpanic+0x552/0x970
[  168.418437][   T85]  ? __pfx_vpanic+0x10/0x10
[  168.422915][   T85]  panic+0xd1/0xe0
[  168.426606][   T85]  ? __pfx_panic+0x10/0x10
[  168.430992][   T85]  ? check_panic_on_warn+0x1f/0x90
[  168.436088][   T85]  check_panic_on_warn.cold+0x19/0x34
[  168.441438][   T85]  ? ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20
[  168.447313][   T85]  __warn.cold+0x191/0x348
[  168.451702][   T85]  __report_bug+0x296/0x3d0
[  168.456189][   T85]  ? ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20
[  168.462052][   T85]  ? __pfx___report_bug+0x10/0x10
[  168.467045][   T85]  ? kasan_save_stack+0x3f/0x50
[  168.471866][   T85]  ? kasan_save_stack+0x30/0x50
[  168.476697][   T85]  ? ieee80211_scan_work+0x750/0x1ff0
[  168.482041][   T85]  ? cfg80211_wiphy_work+0x446/0x5c0
[  168.487300][   T85]  ? process_one_work+0x9d7/0x1920
[  168.492378][   T85]  ? worker_thread+0x5da/0xe40
[  168.497126][   T85]  ? kthread+0x370/0x450
[  168.501357][   T85]  ? ret_from_fork+0x754/0xd80
[  168.506086][   T85]  ? ret_from_fork_asm+0x1a/0x30
[  168.510995][   T85]  report_bug_entry+0xe1/0x290
[  168.515734][   T85]  ? ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20
[  168.521598][   T85]  handle_bug+0x1cd/0x2a0
[  168.525898][   T85]  exc_invalid_op+0x17/0x50
[  168.530373][   T85]  asm_exc_invalid_op+0x1a/0x20
[  168.535202][   T85] RIP: 0010:ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20
[  168.541673][   T85] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 e9 05 00 00 48 8d 3d 95 0b dd 05 48 8b 75 68 89 d9 4c 89 e2 48 81 c6 48 0a 00 00 <67> 48 0f b9 3a bb 01 00 00 00 e9 2a f8 ff ff e8 b1 83 fb f6 e8 ec
[  168.561254][   T85] RSP: 0018:ffffc9000216f5d8 EFLAGS: 00010282
[  168.567291][   T85] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000005
[  168.575240][   T85] RDX: ffff88805e033ac4 RSI: ffff88805b7fd808 RDI: ffffffff90ea4220
[  168.583178][   T85] RBP: ffffc9000216f850 R08: 0000000000000005 R09: 0000000000000000
[  168.591117][   T85] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805e033ac4
[  168.599069][   T85] R13: ffffc9000216f8c0 R14: 0000000000000000 R15: 0000000000000001
[  168.607028][   T85]  ? ieee80211_tx_h_rate_ctrl+0x1297/0x1a20
[  168.613219][   T85]  ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0
[  168.619277][   T85]  ? kmalloc_reserve+0x148/0x350
[  168.624191][   T85]  ? __pfx_ieee80211_tx_h_rate_ctrl+0x10/0x10
[  168.630242][   T85]  ? sta_info_hash_lookup+0x259/0x660
[  168.635596][   T85]  invoke_tx_handlers_late+0xfb4/0x2750
[  168.641117][   T85]  ? ieee80211_queue_skb+0x3ae/0x1fc0
[  168.646488][   T85]  ? ieee80211_queue_skb+0x3c0/0x1fc0
[  168.651846][   T85]  ? invoke_tx_handlers_early+0x65d/0x27d0
[  168.657627][   T85]  ieee80211_tx+0x304/0x460
[  168.662104][   T85]  ? __pfx_ieee80211_tx+0x10/0x10
[  168.667113][   T85]  ? ieee80211_skb_resize+0x119/0x670
[  168.672463][   T85]  ? ieee80211_set_qos_hdr+0x2c1/0x3f0
[  168.677899][   T85]  ieee80211_xmit+0x30f/0x3e0
[  168.682550][   T85]  __ieee80211_tx_skb_tid_band+0x2c2/0x720
[  168.688330][   T85]  ieee80211_scan_state_send_probe+0x33d/0xac0
[  168.694464][   T85]  ieee80211_scan_work+0x750/0x1ff0
[  168.699640][   T85]  ? __queue_work+0x445/0x1150
[  168.704374][   T85]  ? __pfx_ieee80211_scan_work+0x10/0x10
[  168.709980][   T85]  ? rcu_is_watching+0x12/0xc0
[  168.714722][   T85]  cfg80211_wiphy_work+0x446/0x5c0
[  168.719810][   T85]  process_one_work+0x9d7/0x1920
[  168.724722][   T85]  ? __pfx_process_one_work+0x10/0x10
[  168.730067][   T85]  ? __pfx_cfg80211_wiphy_work+0x10/0x10
[  168.735671][   T85]  worker_thread+0x5da/0xe40
[  168.740247][   T85]  ? __pfx_worker_thread+0x10/0x10
[  168.745332][   T85]  ? kthread+0x13a/0x450
[  168.749550][   T85]  ? __pfx_worker_thread+0x10/0x10
[  168.754632][   T85]  kthread+0x370/0x450
[  168.758671][   T85]  ? __pfx_kthread+0x10/0x10
[  168.763241][   T85]  ret_from_fork+0x754/0xd80
[  168.767815][   T85]  ? __pfx_ret_from_fork+0x10/0x10
[  168.772902][   T85]  ? __switch_to+0x7b4/0x1120
[  168.777557][   T85]  ? __pfx_kthread+0x10/0x10
[  168.782119][   T85]  ret_from_fork_asm+0x1a/0x30
[  168.786869][   T85]  </TASK>
[  168.790134][   T85] Kernel Offset: disabled
[  168.794431][   T85] Rebooting in 86400 seconds..