last executing test programs:

2m39.8805841s ago: executing program 2 (id=107):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r0)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0x2003, 0x101, 0x34325241, 0x4, [], [0x2b8], [], [0x8000000]})

2m39.764948498s ago: executing program 2 (id=108):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES8=r0], 0x0, 0x48, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x15, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000300)=<r3=>0x0)
rt_sigqueueinfo(r3, 0x38, &(0x7f0000000140)={0x7, 0x9, 0x6})
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x40d, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, 0x10}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
gettid()
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f0000000040), 0xfff0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

2m38.452556072s ago: executing program 2 (id=112):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x50009405, &(0x7f0000000180))
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key(&(0x7f0000000240)='blacklist\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='adfs\x00', 0x0, &(0x7f00000003c0)='\xf8\x96\xcf=\xbb\xee\xb8oF\xb4\xfc\xab_\xb1\x9c\xc2\xe4\xf5\xdf\x8e\x98\xf4\x02\x1b\xd55\x1a\xdd\v\xa1\x1e\x90p\xc3\xb7\x9c\x06R\xbd\xe9\xd54I')
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[], 0x4c}, 0x1, 0x7000000}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000000306010100000000000000935c1036ff0500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x2000c0b0}, 0x1)
listen(r0, 0x1ff)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='hostfs\x00', 0x1102014, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/notes', 0x20cb82, 0x44)
r8 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r8, 0x4008af60, &(0x7f0000000340)={@hyper})
sendto$inet(r7, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)

2m37.100539146s ago: executing program 2 (id=114):
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000940)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xc}, @hci_rp_read_local_version={{}, {0x0, 0x9a, 0x2, 0x81, 0xa8d1, 0x4}}}}, 0xf)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

2m36.687069496s ago: executing program 2 (id=117):
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0xc1c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file3\x00', 0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', 0x2)

2m36.54794563s ago: executing program 2 (id=118):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async)
r1 = fcntl$dupfd(r0, 0x406, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1)
ioctl$KDSIGACCEPT(r0, 0x800455c9, 0xf) (async)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x103300, 0x0)
ioctl$PTP_PEROUT_REQUEST(r2, 0x40383d03, &(0x7f0000000180)={{0xffffffff}, {0xc9, 0xb}, 0x7, 0x1}) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = syz_io_uring_setup(0x1114, &(0x7f0000000300), &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x10, 0x0, 0x7961, 0x0, 0x0})
io_uring_enter(r3, 0x47fa, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r3, 0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1) (async, rerun: 64)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async, rerun: 64)
r6 = getpid() (rerun: 64)
sched_setscheduler(r6, 0x2, &(0x7f0000000180)=0x7)
pipe2(&(0x7f0000000100)={<r7=>0xffffffffffffffff}, 0x80880) (async)
r8 = syz_io_uring_setup(0x6908, &(0x7f0000000340)={0x0, 0x0, 0x10100, 0x0, 0x3}, &(0x7f0000000140), &(0x7f0000000100))
io_uring_enter(r8, 0x184c, 0x0, 0x0, 0x0, 0x0) (async)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x10, r8, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
ptrace$ARCH_GET_GS(0x1e, r6, &(0x7f00000000c0), 0x1004)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
clock_settime(0x6, &(0x7f0000000000)={0x0, 0x989680}) (async, rerun: 32)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
write$selinux_load(r7, &(0x7f00000003c0)={0xf97cff8c, 0x8, 'SE Linux', "2dac59651e5467d1429c2f5eb53dbce0dcba8dc6cd04b528ca5c5dc57bda9599d90a4d259524f71d15db0784a3254997a447f770eaeab22ec1df20e80e6d663a734dfd2076a6969014c770e6af4f6e793a2f42fcc969ca4ae8dd32d20db4ab0590501955e2eb9fbf0a12a354b5de05f99862d5116d3dbef2fd08a2"}, 0x8b) (async)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)

2m21.515180181s ago: executing program 32 (id=118):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) (async)
r1 = fcntl$dupfd(r0, 0x406, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x1)
ioctl$KDSIGACCEPT(r0, 0x800455c9, 0xf) (async)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x103300, 0x0)
ioctl$PTP_PEROUT_REQUEST(r2, 0x40383d03, &(0x7f0000000180)={{0xffffffff}, {0xc9, 0xb}, 0x7, 0x1}) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = syz_io_uring_setup(0x1114, &(0x7f0000000300), &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x10, 0x0, 0x7961, 0x0, 0x0})
io_uring_enter(r3, 0x47fa, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r3, 0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1) (async, rerun: 64)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async, rerun: 64)
r6 = getpid() (rerun: 64)
sched_setscheduler(r6, 0x2, &(0x7f0000000180)=0x7)
pipe2(&(0x7f0000000100)={<r7=>0xffffffffffffffff}, 0x80880) (async)
r8 = syz_io_uring_setup(0x6908, &(0x7f0000000340)={0x0, 0x0, 0x10100, 0x0, 0x3}, &(0x7f0000000140), &(0x7f0000000100))
io_uring_enter(r8, 0x184c, 0x0, 0x0, 0x0, 0x0) (async)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x10, r8, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
ptrace$ARCH_GET_GS(0x1e, r6, &(0x7f00000000c0), 0x1004)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
clock_settime(0x6, &(0x7f0000000000)={0x0, 0x989680}) (async, rerun: 32)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
write$selinux_load(r7, &(0x7f00000003c0)={0xf97cff8c, 0x8, 'SE Linux', "2dac59651e5467d1429c2f5eb53dbce0dcba8dc6cd04b528ca5c5dc57bda9599d90a4d259524f71d15db0784a3254997a447f770eaeab22ec1df20e80e6d663a734dfd2076a6969014c770e6af4f6e793a2f42fcc969ca4ae8dd32d20db4ab0590501955e2eb9fbf0a12a354b5de05f99862d5116d3dbef2fd08a2"}, 0x8b) (async)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)

15.01603344s ago: executing program 1 (id=502):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000040), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000900), 0x4)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000400)={'geneve0\x00', 0x0})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10122, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f00000000c0))
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
syz_open_dev$loop(0x0, 0x2, 0x404b02)
mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f0000000040)='btrfs\x00', 0x0, 0x0)

14.953406608s ago: executing program 3 (id=503):
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='projid_map\x00')
writev(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000240), 0x0}, 0x20)
recvfrom$inet6(r1, 0x0, 0x0, 0x2150, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000001700), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f00000002c0)={0x7, @sdr={0x32314742}})
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000000000), 0x0)
r4 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x6a, 0x5, 0x20000000, 0x3)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x4008080)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$netlink(r4, 0x10e, 0x6, &(0x7f00000000c0)=""/199, &(0x7f0000000040)=0xc7)
connect$bt_sco(r7, &(0x7f0000000200)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
openat$snapshot(0xffffff9c, &(0x7f0000000880), 0x20840, 0x0)

13.995784097s ago: executing program 1 (id=507):
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, r5}}, 0x48)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1, 0x1}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
getsockopt$PNPIPE_IFINDEX(r6, 0x113, 0x2, &(0x7f0000000580), &(0x7f00000005c0)=0x4)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000640), 0x10240, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r7 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

13.037837351s ago: executing program 1 (id=512):
shmat(0xffffffffffffffff, &(0x7f0000ffe000/0x2000)=nil, 0x1000)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
r7 = socket(0xa, 0x801, 0x0)
getsockopt$bt_BT_SECURITY(r7, 0x6, 0x18, 0x0, 0x20000000)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)

13.036718133s ago: executing program 5 (id=513):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x80800)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000340))
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
write$binfmt_script(r2, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000001880)={'wg1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000380)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="290a000000000000000001000000414db0a2c37f5acf8fc88cb3841808000100", @ANYRES32=r5, @ANYBLOB="24000300"/36], 0x40}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r9 = openat$cgroup_devices(r8, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r9, &(0x7f00000000c0)={'c', ' *:* ', 'rwm\x00'}, 0xa)
write$cgroup_devices(r9, &(0x7f00000058c0)=ANY=[@ANYBLOB='a'], 0x9)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0a000000040000000400000004"], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000c91200000000000100000024000300a000004f6c9c8e3853e2fd3a70ae0fb20fa152600cb00845174f08076f8d784308000100", @ANYRES32=r5, @ANYBLOB], 0x40}}, 0x0)

11.597688729s ago: executing program 3 (id=514):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
read$FUSE(0xffffffffffffffff, &(0x7f0000000a40)={0x2020}, 0x2020)
r5 = socket(0x10, 0x400000000080803, 0x0)
fcntl$dupfd(r5, 0x0, r5)
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}})
r6 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000600), 0x3, 0x30000)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYRESDEC, @ANYRESOCT=r6], &(0x7f0000000280)='GPL\x00', 0xb, 0x0, 0x0, 0x60680, 0x2b, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r7}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = getpid()
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x39, 0x0, "b0fd7b07ff8a216915a8d3215a3225178096acf74c85ad01ba95fd9d0543750fb5a62a045888e8febca073f1f821abb8083f4d192383c47b3800abd4d841e2d4b56039653b95d0cd0a00a6ea35bdfaf6"}, 0xd8)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a54049f0c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590a", 0x64, 0x0, 0x0, 0x0)

10.303949912s ago: executing program 3 (id=515):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0xe, 0x2, 0xf9, 0xb7, 0x7fff, 0x2, 0x3, 0xfffffeff, 0x2df, 0x40, 0x303, 0x0, 0x8, 0x38, 0x1, 0x4, 0x4, 0xd}, [{0x3, 0x8000, 0x0, 0x7, 0x8, 0x5, 0x402, 0xca5}]}, 0x78)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_int(r2, 0x1, 0x25, &(0x7f00000001c0)=0x8, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10152, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000380)})
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
dup2(r6, r6)
ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101)

10.166756058s ago: executing program 1 (id=516):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x40, 0x15, 0x42, 0x20, 0x5a9, 0x1550, 0xe4bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8e, 0xc4, 0x6f}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r1, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r1, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="0003020000006003765718a8fc424b068240bb8f7143fee245152d83381c0c89b1202f634ba4436104c9b3738c17567eaa64659fbedda890521a66e8645160890260524a15fcb5279efa2fb1e578ed75ab3e683fa5f651c9ccd204b4b99a81e3be3fc2c917c220af27ecd05b2eb5468b7129040e013ca9af4b60ec79bc4cbfcc66e3f2bc8713483c71214ae06c3a09beed3de12dfa6aaa4885f62a"]}, 0x0)
syz_usb_control_io(r1, &(0x7f0000000440)={0x2c, &(0x7f0000000d00)=ANY=[@ANYRES64=r1], &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x81d}}, &(0x7f0000000100)={0x0, 0xf, 0x8, {0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}}, &(0x7f00000003c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0xe, 0x10, 0x0, 0x6, "b129a9ec", "23045be5"}}, &(0x7f0000000400)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x0, 0x0, 0x5f, 0x2, 0x6, 0xb4}}}, &(0x7f0000000a00)={0x84, &(0x7f0000000480)=ANY=[@ANYBLOB="00148e0000004028e23f9117c896ee9c93fecbf36562a73ff3e520c336e82aa7c6296455c9878d7501e091bc16b3edcedbe84b10bce9124c7bc3b2e49456dbfd06eaaabb29ebf255fcbb9b94bed2e402fdc85f0f2211994cbfa70233b82d0a13c8a4899795c7b15a10469bd26c63aa725fcd5702c642c8fbd3f754d76fda39f8c78b9d7094a7b53dedf7930c414ed8ebe71ff738"], &(0x7f0000000540)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0xe8}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000000600)={0x20, 0x0, 0x8, {0x1c00, 0x4, [0xff]}}, &(0x7f0000000300)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000680)={0x40, 0x9, 0x1, 0x80}, &(0x7f00000006c0)={0x40, 0xb, 0x2, "e6b7"}, &(0x7f0000000700)={0x40, 0xf, 0x2, 0x4f}, &(0x7f0000000780)={0x40, 0x13, 0x6, @local}, &(0x7f0000000340)={0x40, 0x17, 0x6, @random="98895a03b0d4"}, &(0x7f0000000800)={0x40, 0x19, 0x2, '-\"'}, &(0x7f0000000840)={0x40, 0x1a, 0x2, 0xfbb7}, &(0x7f0000000880)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000000980)={0x40, 0x1e, 0x1, 0x8}, &(0x7f00000009c0)={0x40, 0x21, 0x1, 0xb0}})
syz_usb_disconnect(r0)
syz_usb_control_io(r1, 0x0, &(0x7f00000008c0)={0x84, &(0x7f00000002c0)=ANY=[@ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000dc0)=ANY=[@ANYBLOB="af974beaf13dcf3d409c34d4f0d761389720185f37fe2730e2c5f7e026b487ac45dea98edac21c1e2664b629686a75065e74097cb6110f691c7ee4b057ef3eee8937ddcedee3dc0582f2e7bab3ef9b5955e593b83290220bb8739926f3fa9d66542a2932ea1c87391e85f18ff500"/119], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0)
close(r2)
ioctl$SIOCSIFHWADDR(r2, 0x8b20, &(0x7f0000000000)={'wlan1\x00', @remote})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000180)={r2, 0x0, 0x0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000380)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
writev(r7, &(0x7f0000000140)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r7, &(0x7f0000000080)=""/42, 0xffffff9b)

9.632427307s ago: executing program 5 (id=519):
r0 = socket$inet6(0xa, 0x6, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
close(r1)
r2 = socket$packet(0x11, 0x2, 0x300)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xff0, 0x0, 0x0}, &(0x7f0000000000)=0x40)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff038}, {0x48, 0x0, 0x1}, {0x6}]}, 0x10)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @empty, 0x6}, 0x1c)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

9.558183168s ago: executing program 5 (id=520):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = userfaultfd(0x80001)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xfecc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
semctl$GETZCNT(0x0, 0x0, 0xf, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
timer_create(0x1, &(0x7f0000000080)={0x0, 0x12, 0x4, @thr={0x0, 0x0}}, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mremap(&(0x7f00008dc000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000368000/0x4000)=nil)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0)
madvise(&(0x7f00008d7000/0x1000)=nil, 0x1000, 0x4)
readv(r1, &(0x7f0000000040)=[{&(0x7f0000000100)=""/64, 0x40}], 0x5)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_uring_setup(0x74db, &(0x7f0000000000)={0x0, 0x39e2, 0x2000, 0x3, 0x331})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)

8.88994456s ago: executing program 0 (id=522):
iopl(0x3)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/rcu_normal', 0x0, 0x18)
read$FUSE(r0, &(0x7f0000000500)={0x2020}, 0x2020)
iopl(0xb)
add_key(&(0x7f0000000380)='id_resolver\x00', &(0x7f00000003c0)={'syz', 0x2}, &(0x7f0000002540)="7938b94ed1f55b4398c7c93c08341409b598051f37aff830bef36129f242493162e783426f546654b53aae37a8f73d1d8463df5c057dcbf479c911f195bf110659234437b9e2aa7f1c70e14f05ca04d74413b1612cac3047a4719094da16e36b26e44c925ea1ad99676e112ed3587990f9c8810e4ea0cf8ed729199bb423db3d721bb7b88db6b365aadefe64ad38b521ae664186a74edcd454", 0x99, 0xfffffffffffffff8)
poll(&(0x7f0000000040)=[{r0, 0x1000}], 0x1, 0x6)
sync()

8.010273604s ago: executing program 0 (id=524):
r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x42800, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001380)=@deltfilter={0x2c, 0x2d, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xb}, {0x5, 0x4}, {0xffff, 0xffe0}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x4}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
memfd_create(0x0, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
readv(r0, &(0x7f0000000000)=[{0x0}], 0x1)
r5 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r6, 0x2000009)
sendfile(r5, r6, 0x0, 0x6)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r6, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, r7, 0x400, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x48001}, 0x20008940)

7.716950553s ago: executing program 0 (id=526):
shmat(0xffffffffffffffff, &(0x7f0000ffe000/0x2000)=nil, 0x1000)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
r8 = socket(0xa, 0x801, 0x0)
getsockopt$bt_BT_SECURITY(r8, 0x6, 0x18, 0x0, 0x20000000)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r4}, @fd={0x66642a85, 0x0, r4}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000680)={0x4, 0x0, &(0x7f0000000640)=[@enter_looper], 0x1, 0x1000000000000, &(0x7f0000000780)="cb"})
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000004880), 0x40000, 0x0)
ioctl$TIOCGWINSZ(r9, 0x5413, &(0x7f00000048c0))

6.793880044s ago: executing program 4 (id=527):
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, r5}}, 0x48)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1, 0x1}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
getsockopt$PNPIPE_IFINDEX(r6, 0x113, 0x2, &(0x7f0000000580), &(0x7f00000005c0)=0x4)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000640), 0x10240, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

5.804152008s ago: executing program 4 (id=528):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48)

5.709295328s ago: executing program 0 (id=529):
io_submit(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x9, 0x8, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc}])
r0 = socket(0x2b, 0x4, 0x3)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00"/20, @ANYRES32, @ANYRES16=r2, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r1], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r7 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r6, &(0x7f00000002c0)=ANY=[], 0x76)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000280)=@md5={0x1, "bf5110b0dbe094319d585e800e0e621c"}, 0x11, 0x0)
dup3(r7, r6, 0x0)
finit_module(r7, 0x0, 0x0)
connect$unix(r0, &(0x7f0000000080)=@abs={0xa}, 0x6e)
getsockname$packet(r0, 0x0, &(0x7f0000000240))

5.708357674s ago: executing program 3 (id=530):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xd, &(0x7f00000004c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
socket$alg(0x26, 0x5, 0x0)
ioctl$IOMMU_GET_HW_INFO(0xffffffffffffffff, 0x3b8a, &(0x7f0000000180)={0x28, 0x0, 0x0, 0x0, 0x0})
keyctl$update(0x2, 0x0, 0x0, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002000000714b3d559cf09500"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0x2, 0x3, 0x8)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/consoles\x00', 0x0, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000000840)={0x2020}, 0x2020)
r3 = socket(0xa, 0x2, 0x0)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x22812, r3, 0x0)
r4 = socket(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x36, &(0x7f0000001d40)=@mangle={'mangle\x00', 0x1f, 0x6, 0x500, 0x328, 0x208, 0x328, 0x0, 0x0, 0x570, 0x570, 0x570, 0x570, 0x570, 0x6, 0x0, {[{{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, [], [], 'macvtap0\x00', 'netpci0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@mcast1, @rand_addr=' \x01\x00', [], [], 'nicvf0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560)

5.655370713s ago: executing program 4 (id=531):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
socket$nl_audit(0x10, 0x3, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c0002800500"], 0x64}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008"], 0x5c}}, 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r9 = dup(r8)
r10 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x40)
r11 = dup3(r10, r9, 0x0)
ioctl$EVIOCGABS0(r10, 0x40044591, 0x0)
read$FUSE(r11, &(0x7f00000021c0)={0x2020}, 0x2020)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)

3.680453229s ago: executing program 0 (id=532):
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='projid_map\x00')
writev(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000240), 0x0}, 0x20)
recvfrom$inet6(r1, 0x0, 0x0, 0x2150, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f00000002c0)={0x7, @sdr={0x32314742}})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r3, 0x6a, 0x5, 0x20000000, 0x3)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x4008080)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat$snapshot(0xffffff9c, &(0x7f0000000880), 0x20840, 0x0)

3.679814803s ago: executing program 1 (id=533):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000980)=[{{&(0x7f00000000c0)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000001440)=""/4096, 0x1000}], 0x1, &(0x7f0000000180)=""/56, 0x38}}, {{&(0x7f0000000280)=@alg, 0x80, &(0x7f0000000500)=[{&(0x7f0000000380)=""/34, 0x22}, {&(0x7f00000003c0)=""/193, 0xc1}, {&(0x7f00000004c0)}, {&(0x7f0000000680)=""/198, 0xc6}], 0x4, &(0x7f0000000780)=""/137, 0x89}, 0x1000}, {{&(0x7f00000005c0)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000540)=""/62, 0x3e}, {&(0x7f0000000840)=""/75, 0x4b}, {&(0x7f00000008c0)=""/114, 0x72}], 0x3}, 0x1}], 0x3, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, 0x0}, 0x0)
getsockopt$inet6_mptcp_buf(r6, 0x11c, 0x2, &(0x7f0000000000)=""/4096, &(0x7f0000001000)=0x1000)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="05000000000000c04f554555b2cd0a000300", @ANYRES32=r7], 0x2c}}, 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000300), 0x80400, 0x0)
mount(&(0x7f0000001400)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000001380)='./file1\x00', &(0x7f0000000040)='affs\x00', 0x0, 0x0)

3.675021375s ago: executing program 5 (id=534):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_debug_messages', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000001700)={0x2020}, 0x2020)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0xffe7}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @dev}}}, @ip_retopts={{0x14, 0x0, 0x7, {[@rr={0x7, 0x3, 0x8b}, @noop]}}}], 0x38}, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x5e0, 0x0, 0xd0, 0x0, 0x3d0, 0x2c8, 0x510, 0x510, 0x510, 0x510, 0x510, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth1_virt_wifi\x00', 'pimreg\x00'}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x2c8}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@frag={{0x30}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@remote}}}, {{@ipv6={@loopback, @private2, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x640)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r7, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00')
readv(r8, &(0x7f0000000780)=[{0x0, 0x29}, {&(0x7f0000000300)=""/41, 0x29}], 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000680))

3.663078965s ago: executing program 3 (id=535):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000040), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000900), 0x4)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000400)={'geneve0\x00', 0x0})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10122, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f00000000c0))
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
syz_open_dev$loop(0x0, 0x2, 0x404b02)
mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f0000000040)='btrfs\x00', 0x0, 0x0)

3.2452266s ago: executing program 4 (id=536):
r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x42800, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001380)=@deltfilter={0x2c, 0x2d, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xb}, {0x5, 0x4}, {0xffff, 0xffe0}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x4}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
memfd_create(0x0, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
readv(r0, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x5)
r5 = open$dir(0x0, 0x1, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r6, 0x2000009)
sendfile(r5, r6, 0x0, 0x6)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r6, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, r7, 0x400, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x48001}, 0x20008940)

2.496171679s ago: executing program 1 (id=537):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
iopl(0x3)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_ethernet(0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = io_uring_setup(0x3eae, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0x6, 0x0, 0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r4}, 0x18)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f0000000240)=[{0x0, 0x0, {0x2, 0xfe, 0x1}}], 0x20)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r5=>0x0})
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYRES8=r5, @ANYRES32, @ANYRESHEX=r0, @ANYRES8=r3], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b701000000000000850000006d00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
connect$ax25(r7, &(0x7f0000000000)={{0x3, @null}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x10)
connect(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x27, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80)
socket$nl_route(0x10, 0x3, 0x0)

2.493027162s ago: executing program 5 (id=538):
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, r5}}, 0x48)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1, 0x1}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
getsockopt$PNPIPE_IFINDEX(r6, 0x113, 0x2, &(0x7f0000000580), &(0x7f00000005c0)=0x4)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000640), 0x10240, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

2.473128345s ago: executing program 4 (id=539):
r0 = socket$inet6(0xa, 0x6, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
close(r1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xff0, 0x0, 0x0}, &(0x7f0000000000)=0x40)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff038}, {0x48, 0x0, 0x1}, {0x6}]}, 0x10)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @empty, 0x6}, 0x1c)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @dev}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

1.9779515s ago: executing program 3 (id=540):
r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000300)={0x9, 0x2, 0x40096, 0xe6, &(0x7f0000000440)=[{}, {}]})
readv(r2, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(0xffffffffffffffff, &(0x7f0000006380)=""/1024, 0x400)
syz_fuse_handle_req(r3, &(0x7f0000006780), 0x2000, &(0x7f0000008780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008800)={0x30, 0x0, 0x0, [{0x0, 0x0, 0x4, 0x0, '#,,-'}]}, 0x0, 0x0, 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000001980)={{}, 0x5, 0x4, 0x1, 0x0, 0x0, 0x9, 'syz0\x00', 0x0})
ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af00, &(0x7f00000000c0)=0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000600)={0x0, 0x0, 0x10, 0x7fffffffffffffff, 0x100000001, 0x5, 0x0, 0x8, 0x7, 0x0, 0xffff303d, 0x4})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

239.077127ms ago: executing program 4 (id=541):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r0}, 0x10)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0xe, 0x2, 0xf9, 0xb7, 0x7fff, 0x2, 0x3, 0xfffffeff, 0x2df, 0x40, 0x303, 0x0, 0x8, 0x38, 0x1, 0x4, 0x4, 0xd}, [{0x3, 0x8000, 0x0, 0x7, 0x8, 0x5, 0x402, 0xca5}]}, 0x78)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_int(r2, 0x1, 0x25, &(0x7f00000001c0)=0x8, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10152, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000380)})
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101)

2.353906ms ago: executing program 0 (id=542):
sched_setaffinity(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, &(0x7f0000000280)=@udp}, 0x20)
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x2c}}}, 0x1e)
connect$pptp(r0, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast2}}, 0x1e)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
writev(r1, &(0x7f0000000440)=[{0x0}], 0x1)

0s ago: executing program 5 (id=543):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x80800)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000340))
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
write$binfmt_script(r2, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000001880)={'wg1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000380)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="290a000000000000000001000000414db0a2c37f5acf8fc88cb3841808000100", @ANYRES32=r5, @ANYBLOB="24000300"/36], 0x40}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r9 = openat$cgroup_devices(r8, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r9, &(0x7f00000000c0)={'c', ' *:* ', 'rwm\x00'}, 0xa)
write$cgroup_devices(r9, &(0x7f00000058c0)=ANY=[@ANYBLOB='a'], 0x9)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008230000b7040000000000008500000001000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000060ff850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000c91200000000000100000024000300a000004f6c9c8e3853e2fd3a70ae0fb20fa152600cb00845174f08076f8d784308000100", @ANYRES32=r5, @ANYBLOB], 0x40}}, 0x0)

kernel console output (not intermixed with test programs):

missive=1
[   79.024561][   T29] audit: type=1400 audit(1731346081.878:164): avc:  denied  { execute } for  pid=5931 comm="syz.1.8" name="file0" dev="tmpfs" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   79.047995][   T29] audit: type=1400 audit(1731346081.898:165): avc:  denied  { execute_no_trans } for  pid=5931 comm="syz.1.8" path="/1/file0" dev="tmpfs" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   79.406030][   T29] audit: type=1400 audit(1731346082.568:166): avc:  denied  { create } for  pid=5945 comm="syz.2.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   79.486811][ T5952] iommufd_mock iommufd_mock1: Adding to iommu group 1
[   80.107915][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout
[   80.107964][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[   80.107991][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout
[   80.108245][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[   80.313503][ T5843] Bluetooth: hci1: command 0x0c1a tx timeout
[   80.492521][   T29] audit: type=1400 audit(1731346082.578:167): avc:  denied  { write } for  pid=5945 comm="syz.2.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   81.020107][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   81.124993][ T5961] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   81.135903][ T5961] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   81.150844][ T5961] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   81.158150][ T5961] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   81.167676][ T5961] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   81.355620][ T5843] Bluetooth: hci3: unexpected event for opcode 0x1001
[   83.126165][   T51] cfg80211: failed to load regulatory.db
[   83.250323][ T5843] Bluetooth: hci4: command 0x0c1a tx timeout
[   83.667168][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[   83.677940][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout
[   83.684310][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout
[   83.815423][   T29] kauditd_printk_skb: 7 callbacks suppressed
[   83.815441][   T29] audit: type=1400 audit(1731346086.998:175): avc:  denied  { create } for  pid=5981 comm="syz.4.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   83.927345][   T29] audit: type=1400 audit(1731346086.998:176): avc:  denied  { listen } for  pid=5981 comm="syz.4.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   83.955174][   T29] audit: type=1400 audit(1731346086.998:177): avc:  denied  { accept } for  pid=5981 comm="syz.4.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   83.974714][   T29] audit: type=1400 audit(1731346086.998:178): avc:  denied  { setopt } for  pid=5981 comm="syz.4.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   83.994341][   T29] audit: type=1400 audit(1731346086.998:179): avc:  denied  { read } for  pid=5981 comm="syz.4.20" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   84.017741][   T29] audit: type=1400 audit(1731346086.998:180): avc:  denied  { open } for  pid=5981 comm="syz.4.20" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   84.056006][   T29] audit: type=1400 audit(1731346087.008:181): avc:  denied  { ioctl } for  pid=5981 comm="syz.4.20" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   84.081488][   T29] audit: type=1400 audit(1731346087.008:182): avc:  denied  { map_read map_write } for  pid=5981 comm="syz.4.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   84.101196][   T29] audit: type=1400 audit(1731346087.008:183): avc:  denied  { create } for  pid=5981 comm="syz.4.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   84.120716][   T29] audit: type=1400 audit(1731346087.108:184): avc:  denied  { create } for  pid=5983 comm="syz.3.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   85.217995][   T51] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   85.505241][ T5990] netlink: 28 bytes leftover after parsing attributes in process `syz.0.22'.
[   85.582221][ T5843] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[   85.591638][ T5843] Bluetooth: hci3: Injecting HCI hardware error event
[   85.604617][ T5843] Bluetooth: hci3: hardware error 0x00
[   85.615471][   T51] usb 4-1: New USB device found, idVendor=2ba2, idProduct=93b6, bcdDevice=de.4d
[   85.625185][   T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.635562][   T51] usb 4-1: Product: syz
[   85.639754][   T51] usb 4-1: Manufacturer: syz
[   85.660231][ T5829] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.676937][   T51] usb 4-1: SerialNumber: syz
[   85.700917][   T51] usb 4-1: config 0 descriptor??
[   86.352639][ T5829] usb 5-1: Using ep0 maxpacket: 32
[   86.361224][ T5829] usb 5-1: config 123 interface 0 has no altsetting 0
[   86.371197][ T5829] usb 5-1: New USB device found, idVendor=2040, idProduct=c602, bcdDevice=e5.51
[   86.438564][ T5829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.451984][ T5829] usb 5-1: Product: syz
[   86.456193][ T5829] usb 5-1: Manufacturer: syz
[   86.462161][ T5829] usb 5-1: SerialNumber: syz
[   86.511069][ T5877] usb 4-1: USB disconnect, device number 2
[   86.627002][ T6000] syz.2.25 (6000): attempted to duplicate a private mapping with mremap.  This is not supported.
[   87.587425][ T5994] syz.4.24: attempt to access beyond end of device
[   87.587425][ T5994] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0
[   87.613738][ T5994] MINIX-fs: unable to read superblock
[   87.643728][ T5829] usb 5-1: dvb_usb_v2: found a 'HCW 126xxx' in warm state
[   87.656170][ T5829] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   87.662483][ T6013] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   87.672664][ T6013] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   87.678643][ T6013] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   87.684683][ T6013] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   87.693503][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   87.693682][ T5843] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[   87.709082][ T5829] dvbdev: DVB: registering new adapter (HCW 126xxx)
[   87.718889][ T5829] usb 5-1: media controller created
[   87.745481][ T5829] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   87.762734][ T5829] usb 5-1: selecting invalid altsetting 1
[   87.769681][ T5829] set interface failed
[   87.770189][ T5829] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[   87.781713][ T5829] error writing reg: 0xff, val: 0x00
[   87.814818][ T5829] dvb_usb_mxl111sf 5-1:123.0: probe with driver dvb_usb_mxl111sf failed with error -22
[   87.862478][    T9] usb 3-1: Using ep0 maxpacket: 8
[   87.864299][ T5829] usb 5-1: USB disconnect, device number 2
[   87.871449][    T9] usb 3-1: too many configurations: 195, using maximum allowed: 8
[   87.887430][ T6018] netlink: 20 bytes leftover after parsing attributes in process `syz.1.29'.
[   87.908994][    T9] usb 3-1: unable to read config index 0 descriptor/start: -61
[   87.918691][    T9] usb 3-1: can't read configurations, error -61
[   88.572912][    T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   88.732241][    T9] usb 3-1: Using ep0 maxpacket: 8
[   88.948459][    T9] usb 3-1: device descriptor read/all, error -71
[   88.967788][    T9] usb usb3-port1: attempt power cycle
[   89.056205][   T29] kauditd_printk_skb: 20 callbacks suppressed
[   89.056222][   T29] audit: type=1400 audit(1731346092.228:205): avc:  denied  { create } for  pid=6034 comm="syz.0.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   89.094472][   T29] audit: type=1400 audit(1731346092.238:206): avc:  denied  { open } for  pid=6034 comm="syz.0.34" path="/dev/ttyq4" dev="devtmpfs" ino=379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[   89.184002][   T29] audit: type=1400 audit(1731346092.348:207): avc:  denied  { bind } for  pid=6039 comm="syz.4.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   89.227675][   T29] audit: type=1400 audit(1731346092.348:208): avc:  denied  { connect } for  pid=6039 comm="syz.4.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   89.250909][   T29] audit: type=1400 audit(1731346092.348:209): avc:  denied  { write } for  pid=6039 comm="syz.4.37" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   89.273467][    C0] vkms_vblank_simulate: vblank timer overrun
[   89.393137][   T29] audit: type=1400 audit(1731346092.518:210): avc:  denied  { unlink } for  pid=6044 comm="syz.4.39" name="#1" dev="tmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   89.516780][   T29] audit: type=1400 audit(1731346092.528:211): avc:  denied  { mount } for  pid=6044 comm="syz.4.39" name="/" dev="overlay" ino=44 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   89.812215][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout
[   89.819522][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout
[   89.820897][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout
[   89.826571][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout
[   90.012112][   T29] audit: type=1400 audit(1731346092.538:212): avc:  denied  { mount } for  pid=6044 comm="syz.4.39" name="/" dev="configfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[   90.056539][   T29] audit: type=1400 audit(1731346092.538:213): avc:  denied  { search } for  pid=6044 comm="syz.4.39" name="/" dev="configfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   90.087633][   T29] audit: type=1400 audit(1731346092.538:214): avc:  denied  { read } for  pid=6044 comm="syz.4.39" name="/" dev="configfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   90.454374][ T6059] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   90.669519][ T6061] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.112318][ T5829] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   91.931301][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[   92.070199][ T5829] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   92.202242][ T5877] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   92.222522][ T5829] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   92.264785][ T5829] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   92.290349][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.363887][ T5877] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   92.518468][ T6055] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   92.526930][ T5877] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   92.543273][ T5877] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[   92.554780][ T5877] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   92.565507][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.645011][ T5829] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[   93.024184][ T6075] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   93.151792][    T9] usb 3-1: USB disconnect, device number 5
[   93.177117][ T6086] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[   93.183994][ T6086] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   93.364182][ T6086] vhci_hcd vhci_hcd.0: Device attached
[   93.428810][ T6089] vhci_hcd: connection closed
[   93.431868][   T62] vhci_hcd: stop threads
[   93.444477][   T62] vhci_hcd: release socket
[   93.462252][   T62] vhci_hcd: disconnect device
[   93.480275][ T5877] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[   93.489730][ T5877] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input5
[   93.641495][ T5877] usb 4-1: USB disconnect, device number 3
[   93.647598][    C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[   93.703597][ T6093] udevd[6093]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   94.258426][   T29] kauditd_printk_skb: 18 callbacks suppressed
[   94.258442][   T29] audit: type=1400 audit(1731346097.438:233): avc:  denied  { bind } for  pid=6103 comm="syz.3.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   94.285472][   T29] audit: type=1400 audit(1731346097.468:234): avc:  denied  { name_bind } for  pid=6103 comm="syz.3.52" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[   94.516093][   T29] audit: type=1400 audit(1731346097.488:235): avc:  denied  { node_bind } for  pid=6103 comm="syz.3.52" saddr=::ffff:172.20.20.0 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[   94.553552][ T6106] overlayfs: overlapping lowerdir path
[   94.599330][   T29] audit: type=1400 audit(1731346097.738:236): avc:  denied  { create } for  pid=6103 comm="syz.3.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   94.793551][   T29] audit: type=1400 audit(1731346097.748:237): avc:  denied  { getopt } for  pid=6103 comm="syz.3.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   94.793569][ T6098] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   94.817880][   T29] audit: type=1400 audit(1731346097.808:238): avc:  denied  { connect } for  pid=6103 comm="syz.3.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   95.483809][ T6098] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   95.497906][ T6098] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   95.505167][   T29] audit: type=1400 audit(1731346097.898:239): avc:  denied  { listen } for  pid=6103 comm="syz.3.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   95.528243][ T6098] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   96.167497][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[   96.917115][ T6131] fuse: Bad value for 'fd'
[   97.921639][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout
[   97.927949][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[   97.934237][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[   98.307454][   T29] audit: type=1400 audit(1731346100.458:240): avc:  denied  { read } for  pid=6134 comm="syz.1.61" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   99.012158][   T29] audit: type=1400 audit(1731346100.458:241): avc:  denied  { open } for  pid=6134 comm="syz.1.61" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   99.129731][   T29] audit: type=1400 audit(1731346100.458:242): avc:  denied  { ioctl } for  pid=6134 comm="syz.1.61" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   99.254287][ T6152] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[   99.599445][   T29] kauditd_printk_skb: 17 callbacks suppressed
[   99.599466][   T29] audit: type=1400 audit(1731346102.778:260): avc:  denied  { ioctl } for  pid=6171 comm="syz.0.72" path="socket:[8708]" dev="sockfs" ino=8708 ioctlcmd=0x8918 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   99.648818][   T29] audit: type=1400 audit(1731346102.828:261): avc:  denied  { mounton } for  pid=6171 comm="syz.0.72" path="/12/file0" dev="tmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   99.716645][ T6166] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   99.722765][ T6166] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   99.728772][ T6166] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   99.734864][ T6166] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   99.741186][ T6175] fuse: Bad value for 'fd'
[  100.281199][   T29] audit: type=1400 audit(1731346103.258:262): avc:  denied  { mount } for  pid=6171 comm="syz.0.72" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  101.152673][ T6179] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  101.159241][ T6179] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  101.165544][ T6179] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  101.173020][ T6179] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  102.124453][   T29] audit: type=1400 audit(1731346104.748:263): avc:  denied  { connect } for  pid=6206 comm="syz.4.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  102.220364][   T29] audit: type=1400 audit(1731346104.748:264): avc:  denied  { name_connect } for  pid=6206 comm="syz.4.85" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  102.226242][ T1198] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  102.252614][   T29] audit: type=1400 audit(1731346104.798:265): avc:  denied  { append } for  pid=6206 comm="syz.4.85" name="media2" dev="devtmpfs" ino=937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  102.281989][   T29] audit: type=1400 audit(1731346104.838:266): avc:  denied  { mount } for  pid=6206 comm="syz.4.85" name="/" dev="gadgetfs" ino=9488 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  102.304340][   T29] audit: type=1400 audit(1731346104.858:267): avc:  denied  { create } for  pid=6206 comm="syz.4.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  102.487551][ T5828] Bluetooth: hci1: command 0x0c1a tx timeout
[  102.553622][ T5829] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  102.575576][ T6215] Zero length message leads to an empty skb
[  102.618889][ T1198] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  102.632126][ T1198] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[  102.684330][ T1198] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  102.722040][ T5829] usb 5-1: Using ep0 maxpacket: 16
[  102.853599][ T1198] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.864528][ T1198] usb 2-1: config 0 descriptor??
[  102.996358][ T5829] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  103.009498][ T5829] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  103.018799][ T5829] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.032933][ T5829] usb 5-1: config 0 descriptor??
[  103.045008][ T5829] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input6
[  103.194864][ T5828] Bluetooth: hci0: command 0x0c1a tx timeout
[  103.201300][ T5828] Bluetooth: hci2: command 0x0c1a tx timeout
[  103.208469][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout
[  103.321442][   T29] audit: type=1400 audit(1731346106.498:268): avc:  denied  { write } for  pid=6233 comm="syz.3.90" path="socket:[8916]" dev="sockfs" ino=8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  103.376483][   T29] audit: type=1400 audit(1731346106.548:269): avc:  denied  { read } for  pid=6193 comm="syz.1.79" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  103.737217][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  103.912547][    T9] usb 1-1: Using ep0 maxpacket: 32
[  103.918263][ T6268] netlink: 'syz.2.94': attribute type 1 has an invalid length.
[  103.921673][    T9] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  103.947355][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.967559][    T9] usb 1-1: Product: syz
[  103.978362][    T9] usb 1-1: Manufacturer: syz
[  103.989680][    T9] usb 1-1: SerialNumber: syz
[  104.005989][    T9] usb 1-1: config 0 descriptor??
[  104.086203][ T5877] IPVS: starting estimator thread 0...
[  104.182886][ T6277] IPVS: using max 25 ests per chain, 60000 per kthread
[  104.279352][ T6251] pim6reg: entered allmulticast mode
[  104.364931][ T5186] bcm5974 5-1:0.0: could not read from device
[  104.408103][ T1198] Bluetooth: Can't get state to change to load configuration err
[  104.443497][ T1198] Bluetooth: Loading sysconfig file failed
[  104.461761][ T1198] ath3k 2-1:0.0: probe with driver ath3k failed with error -16
[  104.469822][ T6251] pim6reg: left allmulticast mode
[  104.479734][ T1198] usb 2-1: USB disconnect, device number 2
[  104.510773][ T5829] usb 5-1: USB disconnect, device number 3
[  105.033531][    T9] airspy 1-1:0.0: usb_control_msg() failed -110 request 09
[  105.040792][    T9] airspy 1-1:0.0: Could not detect board
[  105.059869][    T9] airspy 1-1:0.0: probe with driver airspy failed with error -110
[  105.253446][    T9] usb 1-1: USB disconnect, device number 2
[  105.279028][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout
[  105.577468][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  105.577480][   T29] audit: type=1400 audit(1731346108.748:272): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  105.958158][ T6299] warning: `syz.3.100' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  106.647968][   T29] audit: type=1400 audit(1731346109.778:273): avc:  denied  { ioctl } for  pid=6284 comm="syz.1.98" path="/dev/ptyq7" dev="devtmpfs" ino=126 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  106.859385][ T6297] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  106.865506][ T6297] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  106.871881][ T6297] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  106.878035][ T6297] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  107.310449][   T29] audit: type=1400 audit(1731346110.488:274): avc:  denied  { create } for  pid=6302 comm="syz.4.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  107.408699][   T29] audit: type=1400 audit(1731346110.578:275): avc:  denied  { write } for  pid=6302 comm="syz.4.102" path="socket:[9689]" dev="sockfs" ino=9689 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  107.489768][   T29] audit: type=1400 audit(1731346110.588:276): avc:  denied  { nlmsg_read } for  pid=6302 comm="syz.4.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  107.705399][ T6315] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  107.718293][   T29] audit: type=1400 audit(1731346110.698:277): avc:  denied  { write } for  pid=6314 comm="syz.0.106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  107.809577][    C1] vkms_vblank_simulate: vblank timer overrun
[  108.043669][ T6324] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.052094][ T6324] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.149930][ T6329] netlink: 'syz.0.109': attribute type 1 has an invalid length.
[  108.450029][   T29] audit: type=1400 audit(1731346110.768:278): avc:  denied  { name_connect } for  pid=6302 comm="syz.4.102" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  108.471810][   T29] audit: type=1400 audit(1731346110.778:279): avc:  denied  { listen } for  pid=6302 comm="syz.4.102" lport=50098 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  108.562228][   T29] audit: type=1400 audit(1731346110.878:280): avc:  denied  { accept } for  pid=6302 comm="syz.4.102" lport=50098 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  108.602249][   T29] audit: type=1400 audit(1731346111.128:281): avc:  denied  { read } for  pid=6304 comm="syz.3.103" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  109.043754][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout
[  109.053257][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout
[  109.059465][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout
[  109.069992][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout
[  109.557952][ T6342] ADFS-fs (nullb0): unrecognised mount option "ø–Ï=»î¸oF´ü«_±œÂäõߎ˜ôÕ5Ý¡�p÷œR½éÕ4I" or missing value
[  110.680416][ T5842] Bluetooth: hci2: unexpected event for opcode 0x1001
[  111.950690][   T29] kauditd_printk_skb: 10 callbacks suppressed
[  111.950705][   T29] audit: type=1400 audit(1731346115.128:292): avc:  denied  { read write } for  pid=6360 comm="syz.2.118" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  111.980401][    C1] vkms_vblank_simulate: vblank timer overrun
[  111.994225][   T29] audit: type=1400 audit(1731346115.168:293): avc:  denied  { open } for  pid=6360 comm="syz.2.118" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  112.038251][ T6370] syz.3.121 uses obsolete (PF_INET,SOCK_PACKET)
[  112.097729][   T29] audit: type=1400 audit(1731346115.228:294): avc:  denied  { ioctl } for  pid=6360 comm="syz.2.118" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  112.127533][   T29] audit: type=1400 audit(1731346115.268:295): avc:  denied  { read write } for  pid=6367 comm="syz.3.121" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  112.150693][    C1] vkms_vblank_simulate: vblank timer overrun
[  112.157193][   T29] audit: type=1400 audit(1731346115.268:296): avc:  denied  { open } for  pid=6367 comm="syz.3.121" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  112.181312][    C1] vkms_vblank_simulate: vblank timer overrun
[  112.193435][ T6371] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  112.200016][ T6371] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  112.206535][ T6371] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  112.219986][ T6371] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  112.418490][   T29] audit: type=1400 audit(1731346115.588:297): avc:  denied  { ioctl } for  pid=6379 comm="syz.0.123" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  112.879773][ T6385] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  113.342676][ T5877] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  113.512206][ T5877] usb 1-1: Using ep0 maxpacket: 16
[  113.520536][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  113.557254][ T5877] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  113.773277][ T6389] netlink: 'syz.3.126': attribute type 10 has an invalid length.
[  113.886035][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  113.901315][ T6389] bond0: (slave netdevsim0): no link monitoring support
[  113.914557][ T5877] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  113.943799][ T6390] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  113.949274][ T5877] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  113.950546][ T6389] bond0: (slave netdevsim0): MII and ETHTOOL support not available for slave, and arp_interval/arp_ip_target module parameters not specified, thus bonding will not detect link failures! see bonding.txt for details
[  113.959055][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.988876][ T5877] usb 1-1: Product: syz
[  113.993450][ T6390] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  114.000477][ T6390] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  114.007204][ T6390] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  114.018529][ T6389] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  114.021238][ T6392] kernel profiling enabled (shift: 17)
[  114.054645][ T5877] usb 1-1: Manufacturer: syz
[  114.062060][ T5877] usb 1-1: SerialNumber: syz
[  114.076652][ T5877] usb 1-1: config 0 descriptor??
[  114.082302][ T6380] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  114.095182][    C1] port100 1-1:0.0: NFC: Urb failure (status -71)
[  114.101723][ T5877] port100 1-1:0.0: NFC: Could not get supported command types
[  114.185089][   T29] audit: type=1400 audit(1731346117.358:298): avc:  denied  { read } for  pid=6388 comm="syz.3.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  114.660188][ T6380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.672489][ T6380] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.685982][ T5877] usb 1-1: USB disconnect, device number 3
[  114.793744][   T29] audit: type=1400 audit(1731346117.978:299): avc:  denied  { search } for  pid=6397 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  114.899810][   T29] audit: type=1400 audit(1731346118.008:300): avc:  denied  { read } for  pid=6399 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  114.990301][ T6392] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  115.014416][ T6392] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  115.014666][   T29] audit: type=1400 audit(1731346118.008:301): avc:  denied  { open } for  pid=6399 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  115.105237][ T6392] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  115.129703][ T6392] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  115.228646][ T6392] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  115.257791][ T6392] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  115.312629][ T6392] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  115.352452][ T6392] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  116.484754][ T6427] 9pnet_fd: Insufficient options for proto=fd
[  116.572690][ T5880] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  116.736219][ T5880] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  116.768137][ T6431] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  116.774759][ T6431] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  116.796987][ T5880] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  116.819505][ T5880] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  116.841580][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.865464][ T6431] vhci_hcd vhci_hcd.0: Device attached
[  116.868100][ T6424] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  116.889954][ T5880] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  117.082848][   T29] kauditd_printk_skb: 12 callbacks suppressed
[  117.082859][   T29] audit: type=1400 audit(1731346120.268:314): avc:  denied  { bind } for  pid=6430 comm="syz.3.134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  117.208444][ T5880] usb 2-1: USB disconnect, device number 3
[  117.282482][ T3064] usb 34-1: SetAddress Request (2) to port 0
[  117.323503][ T3064] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd
[  117.575764][ T6080] udevd[6080]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  117.876225][ T6432] vhci_hcd: connection reset by peer
[  117.882206][ T1116] vhci_hcd: stop threads
[  117.886527][ T1116] vhci_hcd: release socket
[  117.893411][ T1116] vhci_hcd: disconnect device
[  117.992134][ T5880] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  118.102103][ T1198] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  118.178124][ T5880] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  118.214624][ T5880] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  118.238892][ T5880] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  118.252206][ T1198] usb 5-1: device descriptor read/64, error -71
[  118.268779][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.318556][ T6449] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  119.203126][ T6471] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6471 comm=syz.0.140
[  119.254361][ T6471] netlink: 'syz.0.140': attribute type 1 has an invalid length.
[  119.255225][ T5880] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  119.913341][ T6471] 8021q: adding VLAN 0 to HW filter on device bond1
[  120.015346][ T6471] 8021q: adding VLAN 0 to HW filter on device batadv1
[  120.029632][ T6471] bond1: (slave batadv1): making interface the new active one
[  120.292281][   T29] audit: type=1400 audit(1731346123.448:315): avc:  denied  { getopt } for  pid=6486 comm="syz.1.141" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  120.315680][ T6471] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  120.374229][ T6487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.385709][   T29] audit: type=1400 audit(1731346123.458:316): avc:  denied  { shutdown } for  pid=6486 comm="syz.1.141" laddr=::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  120.417716][ T6487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.449673][ T6487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.499069][ T6487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.563309][ T6487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.579603][ T5907] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  120.608325][ T6487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.661390][ T6487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.720710][   T29] audit: type=1400 audit(1731346123.888:317): avc:  denied  { read write } for  pid=6493 comm="syz.3.142" name="sg0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  120.755783][ T6487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.828261][ T6487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.923842][ T6487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.042105][   T29] audit: type=1400 audit(1731346123.928:318): avc:  denied  { open } for  pid=6493 comm="syz.3.142" path="/dev/sg0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  121.364324][ T6505] 9pnet_fd: Insufficient options for proto=fd
[  122.017402][ T6516] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  122.558697][ T3064] usb 34-1: device descriptor read/8, error -110
[  123.552991][ T3064] usb usb34-port1: attempt power cycle
[  123.577393][   T29] audit: type=1400 audit(1731346126.758:319): avc:  denied  { write } for  pid=6529 comm="syz.1.154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  123.633387][   T29] audit: type=1400 audit(1731346126.788:320): avc:  denied  { nlmsg_write } for  pid=6529 comm="syz.1.154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  123.809522][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  123.899246][   T29] audit: type=1400 audit(1731346126.918:321): avc:  denied  { connect } for  pid=6527 comm="syz.4.153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  124.079578][ T5880] usb 4-1: USB disconnect, device number 4
[  124.137151][ T3064] usb usb34-port1: unable to enumerate USB device
[  124.199333][ T5830] udevd[5830]: failed to send result of seq 11115 to main daemon: Connection refused
[  124.894711][ T5880] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  125.752700][ T6539] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  125.884177][ T5880] usb 4-1: device descriptor read/all, error -71
[  126.048260][   T29] audit: type=1400 audit(1731346129.218:322): avc:  denied  { bind } for  pid=6547 comm="syz.0.160" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  126.969768][ T5842] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  126.980396][ T5842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  126.982019][ T5880] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  126.995494][ T5842] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  127.004432][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  127.016473][ T5842] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  127.029022][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  127.046381][ T5843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  127.053847][ T5843] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  127.061209][ T5843] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  127.069397][ T5843] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  127.105737][ T5843] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  127.114192][ T5843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  127.127638][   T29] audit: type=1400 audit(1731346130.308:323): avc:  denied  { mounton } for  pid=6563 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  127.152083][ T5880] usb 4-1: Using ep0 maxpacket: 16
[  127.169617][ T5880] usb 4-1: config 0 has an invalid descriptor of length 120, skipping remainder of the config
[  127.210693][ T5880] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x26, changing to 0x6
[  127.245193][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 248, changing to 11
[  127.257655][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1335, setting to 1024
[  127.278050][ T5880] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  127.332559][ T5880] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  127.359743][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.421542][ T5880] usb 4-1: Product: syz
[  127.632932][ T5880] usb 4-1: Manufacturer: syz
[  127.749399][ T5880] usb 4-1: SerialNumber: syz
[  127.873897][ T5880] usb 4-1: config 0 descriptor??
[  127.882451][ T6550] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  127.883509][ T6563] chnl_net:caif_netlink_parms(): no params data found
[  127.893579][ T5880] xbox_remote_probe: Unexpected endpoint_in
[  128.120750][ T6563] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.161663][ T6563] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.212292][ T6563] bridge_slave_0: entered allmulticast mode
[  128.219423][ T6563] bridge_slave_0: entered promiscuous mode
[  128.232294][ T5907] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  128.234196][ T6563] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.277435][ T6563] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.295273][ T6563] bridge_slave_1: entered allmulticast mode
[  128.316347][ T6563] bridge_slave_1: entered promiscuous mode
[  128.395889][ T6563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  128.413215][ T6550] fuse: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  128.438264][ T6563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  128.440296][ T5907] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  128.470083][ T6550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.490498][ T6550] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  128.499904][ T5907] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  128.526368][ T6563] team0: Port device team_slave_0 added
[  128.531440][ T5907] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  128.560933][ T6563] team0: Port device team_slave_1 added
[  128.563342][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.601857][ T6578] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  128.613245][ T5907] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  128.664611][ T6563] batman_adv: batadv0: Adding interface: batadv_slave_0
[  128.681841][ T6563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.719696][ T5907] usb 4-1: USB disconnect, device number 6
[  128.749257][ T6563] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  128.848662][ T6563] batman_adv: batadv0: Adding interface: batadv_slave_1
[  128.870495][ T6563] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.973269][ T1198] usb 2-1: USB disconnect, device number 5
[  129.072150][ T6563] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  129.210578][ T6563] hsr_slave_0: entered promiscuous mode
[  129.248882][ T6563] hsr_slave_1: entered promiscuous mode
[  129.255045][ T5842] Bluetooth: hci5: command tx timeout
[  129.270089][ T6563] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  129.278186][ T6563] Cannot create hsr debugfs directory
[  129.661240][ T6591] syz.0.173: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0x400cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  129.832103][ T6591] CPU: 1 UID: 0 PID: 6591 Comm: syz.0.173 Not tainted 6.12.0-rc7-syzkaller #0
[  129.841006][ T6591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  129.851125][ T6591] Call Trace:
[  129.854424][ T6591]  <TASK>
[  129.857366][ T6591]  dump_stack_lvl+0x16c/0x1f0
[  129.862193][ T6591]  warn_alloc+0x24d/0x3a0
[  129.866595][ T6591]  ? __pfx_warn_alloc+0x10/0x10
[  129.871470][ T6591]  ? __get_vm_area_node+0x190/0x2d0
[  129.876690][ T6591]  ? __get_vm_area_node+0x1bc/0x2d0
[  129.881904][ T6591]  __vmalloc_node_range_noprof+0x114a/0x15a0
[  129.887904][ T6591]  ? do_replace+0x21f/0x500
[  129.892455][ T6591]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  129.898797][ T6591]  ? lock_acquire+0x2f/0xb0
[  129.903340][ T6591]  ? __might_fault+0xe3/0x190
[  129.903875][ T6563] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  129.908038][ T6591]  ? __might_fault+0xe3/0x190
[  129.908064][ T6591]  ? do_replace+0x21f/0x500
[  129.923887][ T6591]  __vmalloc_noprof+0x6d/0x90
[  129.928563][ T6591]  ? do_replace+0x21f/0x500
[  129.933067][ T6591]  do_replace+0x21f/0x500
[  129.937390][ T6591]  ? __pfx_do_replace+0x10/0x10
[  129.942271][ T6591]  ? bpf_lsm_capable+0x9/0x10
[  129.946956][ T6591]  ? security_capable+0x7e/0x260
[  129.951925][ T6591]  do_ebt_set_ctl+0x470/0x580
[  129.956598][ T6591]  ? __pfx___mutex_lock+0x10/0x10
[  129.961630][ T6591]  ? __pfx_do_ebt_set_ctl+0x10/0x10
[  129.966832][ T6591]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  129.972240][ T6591]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  129.978235][ T6591]  nf_setsockopt+0x8a/0xf0
[  129.982653][ T6591]  ip_setsockopt+0xcb/0xf0
[  129.987063][ T6591]  ipv6_setsockopt+0x155/0x170
[  129.991838][ T6591]  udpv6_setsockopt+0x7d/0xd0
[  129.996515][ T6591]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  130.002424][ T6591]  do_sock_setsockopt+0x222/0x480
[  130.007460][ T6591]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  130.013011][ T6591]  ? fdget+0x176/0x210
[  130.017091][ T6591]  __sys_setsockopt+0x1a4/0x270
[  130.021940][ T6591]  ? __pfx___sys_setsockopt+0x10/0x10
[  130.027306][ T6591]  ? rcu_is_watching+0x12/0xc0
[  130.032075][ T6591]  __x64_sys_setsockopt+0xbd/0x160
[  130.037175][ T6591]  ? do_syscall_64+0x91/0x250
[  130.041851][ T6591]  ? lockdep_hardirqs_on+0x7c/0x110
[  130.047050][ T6591]  do_syscall_64+0xcd/0x250
[  130.051542][ T6591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.057445][ T6591] RIP: 0033:0x7fa0b0b7e719
[  130.061849][ T6591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.081446][ T6591] RSP: 002b:00007fa0b189a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  130.089876][ T6591] RAX: ffffffffffffffda RBX: 00007fa0b0d35f80 RCX: 00007fa0b0b7e719
[  130.097841][ T6591] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003
[  130.105856][ T6591] RBP: 00007fa0b0bf139e R08: 00000000000003c0 R09: 0000000000000000
[  130.113818][ T6591] R10: 0000000020000880 R11: 0000000000000246 R12: 0000000000000000
[  130.121784][ T6591] R13: 0000000000000000 R14: 00007fa0b0d35f80 R15: 00007ffd5cee9138
[  130.129768][ T6591]  </TASK>
[  130.140989][ T6591] Mem-Info:
[  130.144278][ T6591] active_anon:3311 inactive_anon:0 isolated_anon:0
[  130.144278][ T6591]  active_file:14009 inactive_file:38451 isolated_file:0
[  130.144278][ T6591]  unevictable:768 dirty:385 writeback:0
[  130.144278][ T6591]  slab_reclaimable:10926 slab_unreclaimable:128041
[  130.144278][ T6591]  mapped:24802 shmem:1442 pagetables:616
[  130.144278][ T6591]  sec_pagetables:0 bounce:0
[  130.144278][ T6591]  kernel_misc_reclaimable:0
[  130.144278][ T6591]  free:1287385 free_pcp:549 free_cma:0
[  130.259647][ T6591] Node 0 active_anon:13344kB inactive_anon:0kB active_file:56036kB inactive_file:153732kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99208kB dirty:1540kB writeback:0kB shmem:4232kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10864kB pagetables:2264kB sec_pagetables:0kB all_unreclaimable? no
[  130.296203][ T6563] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  130.329491][ T6591] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  130.369484][ T6563] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  130.386259][ T6563] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  130.398734][ T6591] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  130.525578][ T6563] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.543590][ T6563] 8021q: adding VLAN 0 to HW filter on device team0
[  130.575297][ T6563] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  130.585843][ T6563] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  130.619325][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.626493][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.636429][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.643575][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.692157][ T6591] lowmem_reserve[]: 0 2461 2461 0 0
[  130.697443][ T6591] Node 0 DMA32 free:1217776kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:13244kB inactive_anon:0kB active_file:56036kB inactive_file:153424kB unevictable:1536kB writepending:1560kB present:3129332kB managed:2549172kB mlocked:0kB bounce:0kB free_pcp:2380kB local_pcp:1332kB free_cma:0kB
[  130.739377][ T6605] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  130.772791][ T6605] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  130.870724][   T29] audit: type=1400 audit(1731346133.988:324): avc:  denied  { write } for  pid=6606 comm="syz.3.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  131.155158][ T6605] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  131.192555][ T6591] lowmem_reserve[]: 0 0 0 0 0
[  131.312183][   T29] audit: type=1400 audit(1731346134.028:325): avc:  denied  { sys_module } for  pid=6563 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  131.428421][ T6591] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:4kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  131.525334][   T29] audit: type=1400 audit(1731346134.088:326): avc:  denied  { write } for  pid=6609 comm="syz.1.179" name="net" dev="proc" ino=10819 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  131.622099][   T29] audit: type=1400 audit(1731346134.088:327): avc:  denied  { add_name } for  pid=6609 comm="syz.1.179" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  131.654264][ T6591] lowmem_reserve[]: 0 0 0 0 0
[  131.662173][   T29] audit: type=1400 audit(1731346134.088:328): avc:  denied  { create } for  pid=6609 comm="syz.1.179" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  131.711496][ T6591] Node 1 Normal free:3907676kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  131.791164][   T29] audit: type=1400 audit(1731346134.088:329): avc:  denied  { associate } for  pid=6609 comm="syz.1.179" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  131.832821][ T3064] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  131.924872][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  131.986356][ T6591] lowmem_reserve[]: 0 0 0 0 0
[  132.001367][ T6591] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  132.069715][ T3064] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.109416][ T3064] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.121814][ T3064] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  132.140893][ T6591] Node 0 DMA32: 1*4kB (E) 2*8kB (UE) 137*16kB (UME) 222*32kB (ME) 508*64kB (UME) 33*128kB (ME) 18*256kB (UME) 11*512kB (ME) 9*1024kB (UME) 3*2048kB (ME) 270*4096kB (M) = 1177572kB
[  132.175977][ T3064] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.437195][ T3064] usb 5-1: config 0 descriptor??
[  132.491543][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  132.578230][ T6626] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  133.012091][ T6591] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  133.045379][ T6591] Node 1 Normal: 249*4kB (UE) 55*8kB (UME) 46*16kB (UME) 215*32kB (UME) 98*64kB (UME) 29*128kB (UME) 18*256kB (UME) 10*512kB (UM) 4*1024kB (UM) 4*2048kB (UE) 944*4096kB (M) = 3907676kB
[  133.175653][ T3064] hid (null): bogus close delimiter
[  133.181163][ T6591] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  133.192053][ T6591] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  133.216234][ T6591] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  133.226050][ T6563] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.236639][ T6591] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  133.246190][ T6591] 53928 total pagecache pages
[  133.250964][ T6591] 0 pages in swap cache
[  133.255329][ T6591] Free swap  = 124996kB
[  133.259547][ T6591] Total swap = 124996kB
[  133.263850][ T6591] 2097051 pages RAM
[  133.267737][ T6591] 0 pages HighMem/MovableOnly
[  133.272589][ T6591] 428036 pages reserved
[  133.276817][ T6591] 0 pages cma reserved
[  133.503229][ T3064] usb 5-1: string descriptor 0 read error: -22
[  133.800121][ T3064] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #100: -71
[  133.870586][ T3064] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71
[  133.968911][ T3064] uclogic 0003:256C:006D.0001: failed probing pen v1 parameters: -71
[  134.061509][ T3064] uclogic 0003:256C:006D.0001: failed probing parameters: -71
[  134.156030][ T3064] uclogic 0003:256C:006D.0001: probe with driver uclogic failed with error -71
[  134.317339][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  134.332544][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  134.404006][ T3064] usb 5-1: USB disconnect, device number 6
[  134.873591][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  135.626257][   T29] audit: type=1400 audit(1731346138.748:330): avc:  denied  { create } for  pid=6654 comm="syz.4.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  135.647051][    C0] vkms_vblank_simulate: vblank timer overrun
[  136.055924][ T6563] veth0_vlan: entered promiscuous mode
[  136.069224][ T6563] veth1_vlan: entered promiscuous mode
[  136.142681][ T6563] veth0_macvtap: entered promiscuous mode
[  136.155590][ T6563] veth1_macvtap: entered promiscuous mode
[  136.192896][   T29] audit: type=1400 audit(1731346139.378:331): avc:  denied  { ioctl } for  pid=6663 comm="syz.3.192" path="socket:[11556]" dev="sockfs" ino=11556 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  136.217655][ T1198] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  136.229744][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.261994][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.271851][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.356771][   T29] audit: type=1400 audit(1731346139.378:332): avc:  denied  { bind } for  pid=6663 comm="syz.3.192" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  136.369890][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.387950][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.399296][ T3064] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  136.423064][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.432029][ T1198] usb 1-1: Using ep0 maxpacket: 16
[  136.439505][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.440738][ T1198] usb 1-1: config 254 has an invalid interface number: 56 but max is 0
[  136.459854][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.481025][ T1198] usb 1-1: config 254 has no interface number 0
[  136.483969][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.498846][ T1198] usb 1-1: config 254 interface 56 has no altsetting 0
[  136.505420][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.518137][ T1198] usb 1-1: New USB device found, idVendor=0582, idProduct=0044, bcdDevice=24.d8
[  136.538361][ T1198] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.549244][ T6563] batman_adv: batadv0: Interface activated: batadv_slave_0
[  136.569821][ T6658] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  136.588183][ T3064] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.599350][ T3064] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x2 has an invalid bInterval 128, changing to 11
[  136.607882][ T1198] usb 1-1: Product: syz
[  136.610626][ T3064] usb 5-1: config 0 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  136.643349][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.655002][ T1198] usb 1-1: Manufacturer: syz
[  136.659629][ T1198] usb 1-1: SerialNumber: syz
[  136.664700][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.675735][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.677062][ T3064] usb 5-1: config 0 interface 0 has no altsetting 0
[  136.689327][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.705126][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.711505][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  136.718656][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.756724][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.756724][ T3064] usb 5-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00
[  136.756760][ T3064] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.758543][ T3064] usb 5-1: config 0 descriptor??
[  136.786609][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.832111][ T6563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.869968][ T6563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.897412][ T6563] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.947887][ T6563] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.964553][ T6563] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.977558][ T6563] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.986781][ T6563] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  137.174596][ T1116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.197674][ T1116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.247948][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.249877][ T3064] waltop 0003:172F:0038.0002: hidraw0: USB HID v0.04 Device [HID 172f:0038] on usb-dummy_hcd.4-1/input0
[  137.266675][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.300020][   T29] audit: type=1400 audit(1731346140.478:333): avc:  denied  { mount } for  pid=6563 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  137.346092][   T29] audit: type=1400 audit(1731346140.518:334): avc:  denied  { mounton } for  pid=6563 comm="syz-executor" path="/root/syzkaller.GFY5gf/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  137.502317][ T3064] usb 5-1: USB disconnect, device number 7
[  139.644971][ T5843] Bluetooth: hci5: command 0x040f tx timeout
[  139.732667][   T29] audit: type=1400 audit(1731346142.488:335): avc:  denied  { write } for  pid=6676 comm="syz.5.195" name="001" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  139.842995][ T1198] usb 1-1: USB disconnect, device number 4
[  140.436705][ T6692] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.196' sets config #1
[  140.454430][   T29] audit: type=1400 audit(1731346143.628:336): avc:  denied  { bind } for  pid=6689 comm="syz.0.196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  140.605328][   T29] audit: type=1400 audit(1731346143.628:337): avc:  denied  { setopt } for  pid=6689 comm="syz.0.196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  140.663908][ T5877] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  140.890712][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.918513][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.000448][ T5877] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  141.024482][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.072346][ T5877] usb 5-1: config 0 descriptor??
[  141.697925][ T5843] Bluetooth: hci5: command 0x040f tx timeout
[  141.906727][ T5877] hid (null): bogus close delimiter
[  142.061995][   T29] audit: type=1400 audit(1731346145.228:338): avc:  denied  { append } for  pid=6706 comm="syz.1.203" name="sg0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  142.085609][    C1] vkms_vblank_simulate: vblank timer overrun
[  142.122064][ T5877] usb 5-1: string descriptor 0 read error: -22
[  142.432000][ T5877] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #100: -71
[  142.559735][ T5877] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71
[  142.728441][ T5877] uclogic 0003:256C:006D.0003: failed probing pen v1 parameters: -71
[  142.750822][ T5877] uclogic 0003:256C:006D.0003: failed probing parameters: -71
[  142.758634][ T5877] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71
[  142.802299][ T5877] usb 5-1: USB disconnect, device number 8
[  143.101337][ T6727] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  143.588357][ T6718] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  143.594987][ T6718] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  143.606421][ T6718] vhci_hcd vhci_hcd.0: Device attached
[  143.896171][ T5843] Bluetooth: hci5: command 0x040f tx timeout
[  143.953648][ T5880] usb 40-1: SetAddress Request (2) to port 0
[  143.959851][ T5880] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[  144.015982][ T6730] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  144.032060][ T6726] vhci_hcd: connection closed
[  144.258492][   T62] vhci_hcd: stop threads
[  144.276517][   T62] vhci_hcd: release socket
[  144.281211][   T62] vhci_hcd: disconnect device
[  145.929545][ T5843] Bluetooth: hci5: command 0x040f tx timeout
[  146.042642][ T6738] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.050179][ T6738] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.072130][   T29] audit: type=1400 audit(1731346149.238:339): avc:  denied  { create } for  pid=6736 comm="syz.4.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  146.134542][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.1.212'.
[  147.564975][   T29] audit: type=1400 audit(1731346150.748:340): avc:  denied  { write } for  pid=6766 comm="syz.3.218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  147.683848][ T6767] netlink: 16 bytes leftover after parsing attributes in process `syz.3.218'.
[  148.116987][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  148.485664][   T29] audit: type=1400 audit(1731346151.478:341): avc:  denied  { sqpoll } for  pid=6777 comm="syz.0.222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  148.817043][ T6787] netlink: 8 bytes leftover after parsing attributes in process `syz.4.220'.
[  148.826062][ T6787] netlink: 'syz.4.220': attribute type 3 has an invalid length.
[  148.897468][   T29] audit: type=1400 audit(1731346151.958:342): avc:  denied  { ioctl } for  pid=6776 comm="syz.4.220" path="socket:[11834]" dev="sockfs" ino=11834 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  149.101357][ T5880] usb 40-1: device descriptor read/8, error -110
[  149.468312][ T6791] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  149.649616][ T5880] usb usb40-port1: attempt power cycle
[  150.102663][ T6797] netlink: 'syz.4.225': attribute type 1 has an invalid length.
[  150.152150][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  150.777417][ T5880] usb usb40-port1: unable to enumerate USB device
[  151.531359][   T29] audit: type=1400 audit(1731346154.688:343): avc:  denied  { write } for  pid=6799 comm="syz.1.226" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  151.834564][ T6814] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  152.653340][ T6824] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  153.208730][   T29] audit: type=1400 audit(1731346156.388:344): avc:  denied  { ioctl } for  pid=6827 comm="syz.4.234" path="socket:[11935]" dev="sockfs" ino=11935 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  153.412932][ T6818] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  154.752402][ T6836] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  155.697606][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  155.754834][ T6842] netlink: 'syz.0.236': attribute type 1 has an invalid length.
[  155.768538][   T29] audit: type=1400 audit(1731346158.948:345): avc:  denied  { setattr } for  pid=6851 comm="syz.1.237" name="RDS" dev="sockfs" ino=11978 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  155.793434][ T6846] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  155.903157][   T29] audit: type=1400 audit(1731346159.088:346): avc:  denied  { setopt } for  pid=6851 comm="syz.1.237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  156.410014][   T29] audit: type=1400 audit(1731346159.318:347): avc:  denied  { read } for  pid=6857 comm="syz.5.240" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  156.456141][   T29] audit: type=1400 audit(1731346159.318:348): avc:  denied  { open } for  pid=6857 comm="syz.5.240" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  156.928091][ T6873] capability: warning: `syz.1.246' uses deprecated v2 capabilities in a way that may be insecure
[  157.071456][ T6878] Bluetooth: MGMT ver 1.23
[  157.312609][   T29] audit: type=1400 audit(1731346160.238:349): avc:  denied  { write } for  pid=6872 comm="syz.0.244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  158.040777][   T29] audit: type=1400 audit(1731346160.628:350): avc:  denied  { map } for  pid=6880 comm="syz.4.247" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  158.132876][ T5843] Bluetooth: hci5: command 0x040f tx timeout
[  158.310125][ T6879] netlink: 'syz.1.246': attribute type 11 has an invalid length.
[  158.388017][   T29] audit: type=1400 audit(1731346160.638:351): avc:  denied  { call } for  pid=6880 comm="syz.4.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  158.778268][ T6891] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  159.249703][   T29] audit: type=1400 audit(1731346162.428:352): avc:  denied  { create } for  pid=6887 comm="syz.4.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  159.276119][ T6885] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  159.692493][   T29] audit: type=1400 audit(1731346162.868:353): avc:  denied  { write } for  pid=6892 comm="syz.3.250" lport=43811 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  159.862267][   T29] audit: type=1400 audit(1731346162.938:354): avc:  denied  { read } for  pid=6892 comm="syz.3.250" path="socket:[12047]" dev="sockfs" ino=12047 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  159.956381][   T29] audit: type=1400 audit(1731346162.998:355): avc:  denied  { connect } for  pid=6892 comm="syz.3.250" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  160.762004][   T29] audit: type=1400 audit(1731346163.588:356): avc:  denied  { setopt } for  pid=6892 comm="syz.3.250" lport=43811 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  160.862178][ T6905] netlink: 16 bytes leftover after parsing attributes in process `syz.0.253'.
[  161.349257][ T6920] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  161.358528][ T5843] Bluetooth: hci5: command 0x040f tx timeout
[  161.372978][   T29] audit: type=1400 audit(1731346164.558:357): avc:  denied  { map } for  pid=6917 comm="syz.1.256" path="socket:[12075]" dev="sockfs" ino=12075 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  161.427042][   T29] audit: type=1400 audit(1731346164.558:358): avc:  denied  { read } for  pid=6917 comm="syz.1.256" path="socket:[12075]" dev="sockfs" ino=12075 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  161.472246][   T29] audit: type=1400 audit(1731346164.558:359): avc:  denied  { read } for  pid=6918 comm="syz.3.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  163.331856][ T6944] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  163.348662][ T6944] FAULT_INJECTION: forcing a failure.
[  163.348662][ T6944] name failslab, interval 1, probability 0, space 0, times 1
[  163.361779][ T6944] CPU: 1 UID: 0 PID: 6944 Comm: syz.0.262 Not tainted 6.12.0-rc7-syzkaller #0
[  163.370641][ T6944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  163.380691][ T6944] Call Trace:
[  163.383969][ T6944]  <TASK>
[  163.386900][ T6944]  dump_stack_lvl+0x16c/0x1f0
[  163.391591][ T6944]  should_fail_ex+0x497/0x5b0
[  163.396300][ T6944]  ? fs_reclaim_acquire+0xae/0x150
[  163.401421][ T6944]  should_failslab+0xc2/0x120
[  163.406119][ T6944]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  163.411504][ T6944]  ? getname_flags.part.0+0x4c/0x550
[  163.416811][ T6944]  getname_flags.part.0+0x4c/0x550
[  163.421934][ T6944]  getname_flags+0x93/0xf0
[  163.426356][ T6944]  __x64_sys_renameat2+0xd4/0x130
[  163.431386][ T6944]  do_syscall_64+0xcd/0x250
[  163.435899][ T6944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.441801][ T6944] RIP: 0033:0x7fa0b0b7e719
[  163.446215][ T6944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.465831][ T6944] RSP: 002b:00007fa0aefd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  163.474259][ T6944] RAX: ffffffffffffffda RBX: 00007fa0b0d36130 RCX: 00007fa0b0b7e719
[  163.482232][ T6944] RDX: ffffffffffffff9c RSI: 0000000020000a00 RDI: ffffffffffffff9c
[  163.490203][ T6944] RBP: 00007fa0aefd5090 R08: 0000000000000000 R09: 0000000000000000
[  163.498177][ T6944] R10: 0000000020000600 R11: 0000000000000246 R12: 0000000000000001
[  163.506152][ T6944] R13: 0000000000000000 R14: 00007fa0b0d36130 R15: 00007ffd5cee9138
[  163.514141][ T6944]  </TASK>
[  164.177903][   T29] audit: type=1400 audit(1731346166.508:360): avc:  denied  { mount } for  pid=6938 comm="syz.0.262" name="/" dev="ramfs" ino=12090 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  164.204195][ T6932] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  164.307984][ T6955] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  164.373733][   T29] audit: type=1400 audit(1731346167.168:361): avc:  denied  { unmount } for  pid=5837 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  164.402542][   T29] audit: type=1400 audit(1731346167.438:362): avc:  denied  { write } for  pid=6949 comm="syz.5.266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  164.692087][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  164.863785][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  164.889372][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  164.910200][    T9] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  165.093695][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.104107][    T9] usb 2-1: config 0 descriptor??
[  165.823375][ T6969] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  166.311185][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  166.584570][    T9] hid (null): bogus close delimiter
[  166.967410][    T9] usb 2-1: string descriptor 0 read error: -22
[  168.186034][    T9] uclogic 0003:256C:006D.0004: failed retrieving string descriptor #100: -71
[  168.201034][    T9] uclogic 0003:256C:006D.0004: failed retrieving pen parameters: -71
[  168.210340][    T9] uclogic 0003:256C:006D.0004: failed probing pen v1 parameters: -71
[  168.284491][    T9] uclogic 0003:256C:006D.0004: failed probing parameters: -71
[  168.383176][    T9] uclogic 0003:256C:006D.0004: probe with driver uclogic failed with error -71
[  168.603735][    T9] usb 2-1: USB disconnect, device number 6
[  169.312171][   T29] audit: type=1400 audit(1731346172.488:363): avc:  denied  { create } for  pid=7002 comm="syz.3.281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  169.415194][   T29] audit: type=1400 audit(1731346172.538:364): avc:  denied  { bind } for  pid=7002 comm="syz.3.281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  170.112172][   T29] audit: type=1400 audit(1731346172.868:365): avc:  denied  { getopt } for  pid=7009 comm="syz.3.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  170.236420][ T7020] FAULT_INJECTION: forcing a failure.
[  170.236420][ T7020] name failslab, interval 1, probability 0, space 0, times 0
[  170.372142][ T7020] CPU: 0 UID: 0 PID: 7020 Comm: syz.0.285 Not tainted 6.12.0-rc7-syzkaller #0
[  170.381047][ T7020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  170.391096][ T7020] Call Trace:
[  170.394369][ T7020]  <TASK>
[  170.397279][ T7020]  dump_stack_lvl+0x16c/0x1f0
[  170.401954][ T7020]  should_fail_ex+0x497/0x5b0
[  170.406620][ T7020]  ? fs_reclaim_acquire+0xae/0x150
[  170.411716][ T7020]  should_failslab+0xc2/0x120
[  170.416392][ T7020]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  170.421753][ T7020]  ? p9_tag_alloc+0x9c/0x870
[  170.426358][ T7020]  p9_tag_alloc+0x9c/0x870
[  170.430756][ T7020]  ? __pfx_p9_tag_alloc+0x10/0x10
[  170.435774][ T7020]  ? lock_acquire.part.0+0x11b/0x380
[  170.441041][ T7020]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  170.446671][ T7020]  p9_client_prepare_req+0x19f/0x4d0
[  170.451955][ T7020]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  170.457750][ T7020]  ? lock_acquire+0x2f/0xb0
[  170.462239][ T7020]  p9_client_rpc+0x1c3/0xc10
[  170.466813][ T7020]  ? __pfx_p9_client_rpc+0x10/0x10
[  170.471899][ T7020]  ? pipe_poll+0x208/0x8a0
[  170.476300][ T7020]  ? __pfx_p9_pollwait+0x10/0x10
[  170.481217][ T7020]  ? __pfx_pipe_poll+0x10/0x10
[  170.485961][ T7020]  ? p9_fd_poll+0x1db/0x2c0
[  170.490445][ T7020]  ? p9_fd_create+0x328/0x490
[  170.495101][ T7020]  ? __pfx_p9_fd_create+0x10/0x10
[  170.500112][ T7020]  ? p9_client_create+0x7cf/0x1200
[  170.505202][ T7020]  p9_client_create+0xc65/0x1200
[  170.510127][ T7020]  ? __pfx_p9_client_create+0x10/0x10
[  170.515495][ T7020]  ? __raw_spin_lock_init+0x3a/0x110
[  170.520759][ T7020]  v9fs_session_init+0x1f8/0x1a80
[  170.525808][ T7020]  ? __pfx_v9fs_session_init+0x10/0x10
[  170.531278][ T7020]  ? kasan_save_track+0x14/0x30
[  170.536130][ T7020]  v9fs_mount+0xc6/0xa30
[  170.540375][ T7020]  ? __pfx_v9fs_mount+0x10/0x10
[  170.545223][ T7020]  ? selinux_sb_eat_lsm_opts+0x594/0x700
[  170.550857][ T7020]  ? cap_capable+0x1cf/0x240
[  170.555441][ T7020]  ? __pfx_v9fs_mount+0x10/0x10
[  170.560284][ T7020]  legacy_get_tree+0x109/0x220
[  170.565061][ T7020]  vfs_get_tree+0x8f/0x380
[  170.569485][ T7020]  path_mount+0x14e6/0x1f20
[  170.573988][ T7020]  ? kmem_cache_free+0x152/0x4b0
[  170.578919][ T7020]  ? __pfx_path_mount+0x10/0x10
[  170.583767][ T7020]  ? putname+0x12e/0x170
[  170.588006][ T7020]  __x64_sys_mount+0x294/0x320
[  170.592759][ T7020]  ? __pfx___x64_sys_mount+0x10/0x10
[  170.598037][ T7020]  do_syscall_64+0xcd/0x250
[  170.602534][ T7020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.608423][ T7020] RIP: 0033:0x7fa0b0b7e719
[  170.612828][ T7020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.632428][ T7020] RSP: 002b:00007fa0b189a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  170.640837][ T7020] RAX: ffffffffffffffda RBX: 00007fa0b0d35f80 RCX: 00007fa0b0b7e719
[  170.648799][ T7020] RDX: 0000000020000080 RSI: 00000000200002c0 RDI: 0000000000000000
[  170.656758][ T7020] RBP: 00007fa0b189a090 R08: 0000000020000400 R09: 0000000000000000
[  170.664725][ T7020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  170.672688][ T7020] R13: 0000000000000000 R14: 00007fa0b0d35f80 R15: 00007ffd5cee9138
[  170.680659][ T7020]  </TASK>
[  171.102353][ T5877] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  171.104075][ T7029] netlink: 28 bytes leftover after parsing attributes in process `syz.3.288'.
[  171.278661][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  171.444084][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  171.504047][ T5877] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  171.593974][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.647236][ T7028] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  171.653857][ T7028] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  171.664261][ T7028] vhci_hcd vhci_hcd.0: Device attached
[  171.695096][ T5877] usb 1-1: config 0 descriptor??
[  172.024932][ T7038] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  172.916904][ T5877] hid (null): bogus close delimiter
[  172.972063][ T5907] usb 36-1: SetAddress Request (2) to port 0
[  172.978171][ T5907] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd
[  173.037812][ T5877] usb 1-1: string descriptor 0 read error: -22
[  173.366690][ T5877] uclogic 0003:256C:006D.0005: failed retrieving string descriptor #100: -71
[  173.386007][ T5877] uclogic 0003:256C:006D.0005: failed retrieving pen parameters: -71
[  173.426491][ T5877] uclogic 0003:256C:006D.0005: failed probing pen v1 parameters: -71
[  173.456956][ T5877] uclogic 0003:256C:006D.0005: failed probing parameters: -71
[  173.485760][ T5877] uclogic 0003:256C:006D.0005: probe with driver uclogic failed with error -71
[  173.541255][ T5877] usb 1-1: USB disconnect, device number 5
[  173.662377][ T7033] vhci_hcd: connection reset by peer
[  173.669399][ T1116] vhci_hcd: stop threads
[  173.690759][ T1116] vhci_hcd: release socket
[  173.707404][ T1116] vhci_hcd: disconnect device
[  175.307809][   T29] audit: type=1400 audit(1731346178.228:366): avc:  denied  { mounton } for  pid=7047 comm="syz.4.292" path="/proc/163/task" dev="proc" ino=12889 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  175.464516][ T5877] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  175.558304][   T51] IPVS: starting estimator thread 0...
[  175.652121][ T5877] usb 1-1: Using ep0 maxpacket: 16
[  175.668871][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  175.701033][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  175.714478][ T7064] IPVS: using max 21 ests per chain, 50400 per kthread
[  175.724865][ T5877] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  175.734675][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=14
[  175.743644][ T5877] usb 1-1: Manufacturer: syz
[  175.748345][ T5877] usb 1-1: SerialNumber: syz
[  175.755046][ T5877] usb 1-1: config 0 descriptor??
[  175.763638][ T5877] em28xx 1-1:0.0: New device syz  @ 480 Mbps (2040:0264, interface 0, class 0)
[  175.773913][ T5877] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  176.034229][ T5877] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  176.066266][ T7075] netlink: 12 bytes leftover after parsing attributes in process `syz.3.302'.
[  176.097632][ T5877] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  176.116041][ T5877] em28xx 1-1:0.0: board has no eeprom
[  176.121671][   T29] audit: type=1400 audit(1731346179.298:367): avc:  denied  { read } for  pid=7074 comm="syz.3.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  176.212237][ T5877] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  176.220127][ T5877] em28xx 1-1:0.0: dvb set to bulk mode.
[  176.253564][ T5829] em28xx 1-1:0.0: Binding DVB extension
[  176.272253][ T5877] usb 1-1: USB disconnect, device number 6
[  176.278849][ T5877] em28xx 1-1:0.0: Disconnecting em28xx
[  176.480696][ T5829] em28xx 1-1:0.0: Registering input extension
[  176.555612][ T5877] em28xx 1-1:0.0: Closing input extension
[  176.950521][ T5877] em28xx 1-1:0.0: Freeing device
[  177.393995][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  177.916239][    T9] usb 2-1: device descriptor read/64, error -71
[  178.525399][ T5907] usb 36-1: device descriptor read/8, error -110
[  179.429071][ T5907] usb usb36-port1: attempt power cycle
[  180.464960][ T5907] usb usb36-port1: unable to enumerate USB device
[  181.101008][ T7116] netlink: 'syz.0.312': attribute type 1 has an invalid length.
[  183.262198][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  184.614898][    T9] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  184.625233][    T9] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  184.634459][    T9] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  184.643529][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.377079][    T9] usb 1-1: USB disconnect, device number 7
[  185.525365][ T7135] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  186.551659][ T7147] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  186.679771][ T7164] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  188.392210][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  188.934527][ T7183] binder: 7179:7183 ioctl c0306201 20000680 returned -14
[  189.630214][ T7176] netlink: 'syz.5.330': attribute type 1 has an invalid length.
[  189.939233][   T29] audit: type=1400 audit(1731346193.118:368): avc:  denied  { create } for  pid=7184 comm="syz.3.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  189.988492][   T29] audit: type=1400 audit(1731346193.138:369): avc:  denied  { bind } for  pid=7184 comm="syz.3.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  190.036125][   T29] audit: type=1400 audit(1731346193.218:370): avc:  denied  { getattr } for  pid=7184 comm="syz.3.333" path="cgroup:[4026532885]" dev="nsfs" ino=4026532885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  191.028515][   T29] audit: type=1400 audit(1731346194.198:371): avc:  denied  { create } for  pid=7210 comm="syz.1.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  191.402297][   T29] audit: type=1400 audit(1731346194.508:372): avc:  denied  { create } for  pid=7210 comm="syz.1.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  191.612519][ T5880] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  191.770464][   T29] audit: type=1400 audit(1731346194.518:373): avc:  denied  { bind } for  pid=7210 comm="syz.1.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  191.790855][   T29] audit: type=1400 audit(1731346194.518:374): avc:  denied  { listen } for  pid=7210 comm="syz.1.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  191.810531][   T29] audit: type=1400 audit(1731346194.518:375): avc:  denied  { listen } for  pid=7210 comm="syz.1.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  192.095535][ T5880] usb 4-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  192.122007][ T5880] usb 4-1: config 0 interface 0 has no altsetting 0
[  192.192760][ T7215] syz.5.341 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  192.209626][ T7215] CPU: 1 UID: 0 PID: 7215 Comm: syz.5.341 Not tainted 6.12.0-rc7-syzkaller #0
[  192.218517][ T7215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  192.228580][ T7215] Call Trace:
[  192.231858][ T7215]  <TASK>
[  192.234792][ T7215]  dump_stack_lvl+0x16c/0x1f0
[  192.239484][ T7215]  dump_header+0x101/0x900
[  192.243934][ T7215]  oom_kill_process+0x270/0xa60
[  192.248795][ T7215]  out_of_memory+0x351/0x1700
[  192.253479][ T7215]  ? local_clock_noinstr+0xc0/0xe0
[  192.258615][ T7215]  ? __pfx_out_of_memory+0x10/0x10
[  192.263746][ T7215]  ? mem_cgroup_out_of_memory+0x19b/0x270
[  192.269502][ T7215]  mem_cgroup_out_of_memory+0x207/0x270
[  192.275075][ T7215]  ? __pfx_mem_cgroup_out_of_memory+0x10/0x10
[  192.281168][ T7215]  ? do_raw_spin_unlock+0x172/0x230
[  192.286380][ T7215]  try_charge_memcg+0x5b9/0xaf0
[  192.291271][ T7215]  ? __pfx_try_charge_memcg+0x10/0x10
[  192.296664][ T7215]  ? __pfx_lock_release+0x10/0x10
[  192.301696][ T7215]  ? trace_lock_acquire+0x61/0x1d0
[  192.306843][ T7215]  mem_cgroup_swapin_charge_folio+0x12f/0x380
[  192.312935][ T7215]  __read_swap_cache_async+0x436/0x660
[  192.318405][ T7215]  ? __pfx___read_swap_cache_async+0x10/0x10
[  192.324402][ T7215]  ? swp_swap_info+0xcf/0x130
[  192.329101][ T7215]  ? __pfx_swp_swap_info+0x10/0x10
[  192.334234][ T7215]  swap_cluster_readahead+0x3bd/0x6e0
[  192.339617][ T7215]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  192.345519][ T7215]  ? xas_load+0x49/0x5b0
[  192.349781][ T7215]  ? filemap_get_entry+0xd0/0x3c0
[  192.354830][ T7215]  ? filemap_get_entry+0x1b2/0x3c0
[  192.359952][ T7215]  ? __pfx_filemap_get_entry+0x10/0x10
[  192.365442][ T7215]  swapin_readahead+0x12e/0xd20
[  192.370334][ T7215]  ? __filemap_get_folio+0x2a5/0xaf0
[  192.375640][ T7215]  ? __pfx_swapin_readahead+0x10/0x10
[  192.381040][ T7215]  ? swap_cache_get_folio+0x1e0/0x460
[  192.386419][ T7215]  ? get_swap_device+0x245/0x5e0
[  192.391366][ T7215]  ? __pfx_swap_cache_get_folio+0x10/0x10
[  192.397544][ T7215]  do_swap_page+0x680/0x5b10
[  192.402156][ T7215]  ? lock_acquire+0x2f/0xb0
[  192.406665][ T7215]  ? __pte_offset_map+0x42/0x540
[  192.411634][ T7215]  ? __pfx_do_swap_page+0x10/0x10
[  192.416663][ T7215]  ? __pte_offset_map+0x1b9/0x540
[  192.421702][ T7215]  ? __pfx_default_wake_function+0x10/0x10
[  192.427554][ T7215]  ? lock_vma_under_rcu+0x13e/0x980
[  192.432772][ T7215]  ? lock_vma_under_rcu+0x13e/0x980
[  192.437983][ T7215]  __handle_mm_fault+0x1023/0x2a10
[  192.443109][ T7215]  ? __pfx_lock_release+0x10/0x10
[  192.448314][ T7215]  ? lock_vma_under_rcu+0x13e/0x980
[  192.453517][ T7215]  ? __pfx___handle_mm_fault+0x10/0x10
[  192.459018][ T7215]  handle_mm_fault+0x3fa/0xaa0
[  192.463812][ T7215]  do_user_addr_fault+0x60d/0x13f0
[  192.469002][ T7215]  exc_page_fault+0x5c/0xc0
[  192.471119][ T7221] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  192.473522][ T7215]  asm_exc_page_fault+0x26/0x30
[  192.473650][ T7215] RIP: 0033:0x7f9d27e45183
[  192.473669][ T7215] Code: 8b 44 24 08 48 85 c0 74 17 48 8b 54 24 18 48 0f ca 48 89 54 24 18 48 83 f8 01 0f 85 7a 02 00 00 48 8b 44 24 10 48 8b 54 24 18 <48> 89 10 e9 d2 fd ff ff 48 8b 44 24 10 0f b7 10 48 8b 44 24 08 48
[  192.473687][ T7215] RSP: 002b:00007ffe3822c310 EFLAGS: 00010246
[  192.473705][ T7215] RAX: 0000000020000140 RBX: 0000000000000008 RCX: 0000000000000000
[  192.473717][ T7215] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000555574fe73c8
[  192.473729][ T7215] RBP: 00007ffe3822c428 R08: 0000000000000000 R09: 0000000000000000
[  192.473741][ T7215] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002
[  192.473752][ T7215] R13: 00007f9d28136130 R14: 0000000000000004 R15: fffffffffffffffe
[  192.473780][ T7215]  </TASK>
[  192.581814][ T7215] memory: usage 307200kB, limit 307200kB, failcnt 7056
[  192.600187][ T5880] usb 4-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[  192.610167][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.627871][ T5880] usb 4-1: Product: syz
[  192.633508][ T5880] usb 4-1: Manufacturer: syz
[  192.638654][ T5880] usb 4-1: SerialNumber: syz
[  192.662199][ T5880] usb 4-1: config 0 descriptor??
[  192.691065][ T5880] keyspan 4-1:0.0: Keyspan 2 port adapter converter detected
[  192.703194][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7
[  192.721252][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81
[  192.729174][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[  192.737194][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[  192.744993][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 85
[  192.752820][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 5
[  192.847200][ T7215] memory+swap: usage 307320kB, limit 9007199254740988kB, failcnt 0
[  192.855230][ T7215] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0
[  192.942729][ T5880] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  192.954570][ T7215] Memory cgroup stats for /syz2:
[  192.954963][ T7215] cache 0
[  192.963269][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83
[  192.971188][ T7215] rss 0
[  192.974281][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3
[  193.014686][ T7215] rss_huge 0
[  193.030550][ T7215] shmem 0
[  193.429607][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 4
[  193.681844][ T7215] mapped_file 823296
[  193.692119][ T7233] netlink: 20 bytes leftover after parsing attributes in process `syz.3.339'.
[  194.239401][ T7215] dirty 0
[  194.257048][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 86
[  194.347224][ T7215] writeback 0
[  194.514242][ T7215] workingset_refault_anon 0
[  195.072317][ T5880] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 6
[  195.212089][ T7230] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[  195.218747][ T7230] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  195.228255][ T7230] vhci_hcd vhci_hcd.0: Device attached
[  195.320356][ T5880] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  195.338644][ T5880] usb 4-1: USB disconnect, device number 7
[  195.422348][   T29] audit: type=1400 audit(1731346198.228:376): avc:  denied  { relabelfrom } for  pid=7207 comm="syz.3.339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  195.462018][ T7231] vhci_hcd: connection closed
[  195.462391][   T12] vhci_hcd: stop threads
[  195.471343][   T12] vhci_hcd: release socket
[  195.494053][ T5880] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  195.519962][   T12] vhci_hcd: disconnect device
[  195.542082][   T29] audit: type=1400 audit(1731346198.228:377): avc:  denied  { relabelto } for  pid=7207 comm="syz.3.339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  195.580565][ T5880] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  195.772390][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  195.778825][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  195.864513][ T5880] keyspan 4-1:0.0: device disconnected
[  196.043067][ T7215] workingset_refault_file 0
[  196.047768][ T7215] swap 122880
[  196.125607][ T7215] swapcached 0
[  196.142772][ T7215] pgpgin 24308
[  196.157640][ T7215] pgpgout 24308
[  196.173813][ T7215] pgfault 26513
[  196.191686][ T7215] pgmajfault 7
[  196.217973][ T7215] inactive_anon 0
[  196.244877][ T7215] active_anon 0
[  196.260114][ T7215] inactive_file 0
[  196.279651][ T7215] active_file 0
[  196.665074][ T7215] unevictable 0
[  196.722064][ T7215] hierarchical_memory_limit 314572800
[  196.727527][ T7215] hierarchical_memsw_limit 9223372036854771712
[  196.733907][ T7215] total_cache 0
[  196.737382][ T7215] total_rss 0
[  196.740675][ T7215] total_rss_huge 0
[  196.758075][ T7215] total_shmem 0
[  196.761611][ T7215] total_mapped_file 823296
[  196.792013][ T7215] total_dirty 0
[  196.795502][ T7215] total_writeback 0
[  196.799338][ T7215] total_workingset_refault_anon 0
[  196.804392][ T7215] total_workingset_refault_file 0
[  196.809439][ T7215] total_swap 122880
[  196.813324][ T7215] total_swapcached 0
[  196.817212][ T7215] total_pgpgin 24308
[  196.821130][ T7215] total_pgpgout 24308
[  196.825183][ T7215] total_pgfault 26513
[  196.829161][ T7215] total_pgmajfault 7
[  196.833102][ T7215] total_inactive_anon 0
[  196.837251][ T7215] total_active_anon 0
[  196.841225][ T7215] total_inactive_file 0
[  196.845534][ T7215] total_active_file 0
[  196.849514][ T7215] total_unevictable 0
[  196.853553][ T7215] anon_cost 0
[  196.856838][ T7215] file_cost 0
[  196.860131][ T7215] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.118,pid=6360,uid=0
[  196.875566][ T7215] Memory cgroup out of memory: Killed process 6364 (syz.2.118) total-vm:92544kB, anon-rss:620kB, file-rss:16160kB, shmem-rss:0kB, UID:0 pgtables:100kB oom_score_adj:1000
[  199.122744][   T31] oom_reaper: reaped process 6364 (syz.2.118), now anon-rss:136kB, file-rss:15144kB, shmem-rss:0kB
[  199.532635][ T3064] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  199.762895][ T3064] usb 2-1: Using ep0 maxpacket: 16
[  199.776665][ T3064] usb 2-1: New USB device found, idVendor=04dd, idProduct=8006, bcdDevice=3f.fd
[  199.974815][ T7272] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  199.995440][ T3064] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.029588][ T3064] usb 2-1: Product: syz
[  200.046054][ T3064] usb 2-1: Manufacturer: syz
[  200.052378][ T7278] fuseblk: Bad value for 'user_id'
[  200.067814][ T3064] usb 2-1: SerialNumber: syz
[  200.084621][ T7278] fuseblk: Bad value for 'user_id'
[  200.153375][ T3064] usb 2-1: config 0 descriptor??
[  200.258212][ T3064] usb 2-1: can't set config #0, error -71
[  200.274087][ T3064] usb 2-1: USB disconnect, device number 9
[  200.402307][ T7274] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  200.839711][ T7288] netlink: 28 bytes leftover after parsing attributes in process `syz.4.360'.
[  202.534563][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  203.429488][ T7304] binder: 7296:7304 ioctl c0306201 20000680 returned -14
[  204.575025][ T7310] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  204.592063][   T29] audit: type=1400 audit(1731346207.768:378): avc:  denied  { ioctl } for  pid=7312 comm="syz.3.368" path="socket:[13277]" dev="sockfs" ino=13277 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  204.932160][    T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  205.094006][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  205.111828][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.151993][    T9] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  205.200362][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.321468][    T9] usb 4-1: config 0 descriptor??
[  205.396492][ T7323] netlink: 'syz.5.371': attribute type 1 has an invalid length.
[  205.472393][ T5880] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  205.671331][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  205.701994][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.730632][ T5880] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  205.753888][    T9] hid-steam 0003:28DE:1142.0006: item fetching failed at offset 2/5
[  205.771782][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.780465][    T9] hid-steam 0003:28DE:1142.0006: steam_probe:parse of hid interface failed
[  205.798662][ T5880] usb 1-1: config 0 descriptor??
[  205.805410][    T9] hid-steam 0003:28DE:1142.0006: probe with driver hid-steam failed with error -22
[  205.983317][ T7315] netlink: 40 bytes leftover after parsing attributes in process `syz.3.368'.
[  206.117572][    T9] usb 4-1: USB disconnect, device number 8
[  206.536881][ T7338] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  206.600552][   T29] audit: type=1400 audit(1731346209.778:379): avc:  denied  { append } for  pid=7329 comm="syz.1.373" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  206.637925][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  206.687292][ T7342] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.701342][ T7342] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.739762][ T5880] usbhid 1-1:0.0: can't add hid device: -71
[  206.757685][ T5880] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  206.776799][ T5880] usb 1-1: USB disconnect, device number 8
[  207.152220][ T7354] bridge0: port 3(erspan0) entered blocking state
[  207.159054][ T7354] bridge0: port 3(erspan0) entered disabled state
[  207.167074][ T7354] erspan0: entered allmulticast mode
[  207.179634][ T7354] erspan0: entered promiscuous mode
[  207.187542][ T7354] bridge0: port 3(erspan0) entered blocking state
[  207.194111][ T7354] bridge0: port 3(erspan0) entered forwarding state
[  208.912887][ T7368] befs: (nullb0): No write support. Marking filesystem read-only
[  208.925358][ T7368] befs: (nullb0): invalid magic header
[  209.093175][ T7373] xt_CT: You must specify a L4 protocol and not use inversions on it
[  209.255152][   T29] audit: type=1400 audit(1731346212.428:380): avc:  denied  { map } for  pid=7369 comm="syz.5.384" path="socket:[14399]" dev="sockfs" ino=14399 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  210.201758][   T29] audit: type=1400 audit(1731346213.378:381): avc:  denied  { accept } for  pid=7384 comm="syz.1.387" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  210.242227][   T29] audit: type=1400 audit(1731346213.408:382): avc:  denied  { write } for  pid=7384 comm="syz.1.387" laddr=::ffff:127.0.0.1 lport=20003 faddr=::ffff:127.0.0.1 fport=45194 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  210.302033][   T29] audit: type=1400 audit(1731346213.408:383): avc:  denied  { read } for  pid=7384 comm="syz.1.387" laddr=::ffff:127.0.0.1 lport=20003 faddr=::ffff:127.0.0.1 fport=45194 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  211.991748][ T7406] netlink: 28 bytes leftover after parsing attributes in process `syz.3.391'.
[  212.902628][   T29] audit: type=1400 audit(1731346216.078:384): avc:  denied  { connect } for  pid=7404 comm="syz.1.392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  213.241610][   T29] audit: type=1400 audit(1731346216.078:385): avc:  denied  { write } for  pid=7404 comm="syz.1.392" path="socket:[14176]" dev="sockfs" ino=14176 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  213.272167][ T7409] netlink: 28 bytes leftover after parsing attributes in process `syz.0.390'.
[  213.905252][ T7417] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  214.276897][ T7415] binder: BINDER_SET_CONTEXT_MGR already set
[  214.312254][ T7415] binder: 7414:7415 ioctl 4018620d 20000100 returned -16
[  214.540687][ T7415] binder: BINDER_SET_CONTEXT_MGR already set
[  214.546724][ T7415] binder: 7414:7415 ioctl 4018620d 200002c0 returned -16
[  216.402156][   T29] audit: type=1400 audit(1731346219.588:386): avc:  denied  { create } for  pid=7437 comm="syz.5.399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  216.438968][   T29] audit: type=1400 audit(1731346219.618:387): avc:  denied  { bind } for  pid=7437 comm="syz.5.399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  217.152948][ T7436] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  218.184344][ T7459] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  218.706440][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  219.472901][ T7474] bridge0: port 3(erspan0) entered blocking state
[  219.479546][ T7474] bridge0: port 3(erspan0) entered disabled state
[  219.486426][ T7474] erspan0: entered allmulticast mode
[  219.493023][ T7474] erspan0: entered promiscuous mode
[  219.498783][ T7474] bridge0: port 3(erspan0) entered blocking state
[  219.506603][ T7474] bridge0: port 3(erspan0) entered forwarding state
[  222.679680][ T7498] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[  222.686350][ T7498] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  222.702203][ T7498] vhci_hcd vhci_hcd.0: Device attached
[  222.751042][ T7487] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  222.762062][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  222.958468][ T7501] vhci_hcd: connection closed
[  222.967682][   T52] vhci_hcd: stop threads
[  222.976910][    T9] usb 2-1: Using ep0 maxpacket: 16
[  222.982218][   T52] vhci_hcd: release socket
[  222.986767][   T52] vhci_hcd: disconnect device
[  223.005954][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.017246][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  223.170445][ T7516] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  223.533825][    T9] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[  223.543017][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.556362][    T9] usb 2-1: config 0 descriptor??
[  223.599603][   T29] audit: type=1400 audit(1731346226.778:388): avc:  denied  { watch } for  pid=7507 comm="syz.3.421" path="/90/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  223.642155][   T29] audit: type=1400 audit(1731346226.778:389): avc:  denied  { watch_sb watch_reads } for  pid=7507 comm="syz.3.421" path="/90/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  223.664975][    C1] vkms_vblank_simulate: vblank timer overrun
[  224.105142][    T9] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  224.138926][    T9] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  224.157922][    T9] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  224.171778][    T9] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  224.183910][    T9] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  224.208409][    T9] konepure 0003:1E7D:2DB4.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.1-1/input0
[  224.313040][ T7499] IPv6: sit1: Disabled Multicast RS
[  224.344913][   T29] audit: type=1400 audit(1731346227.528:390): avc:  denied  { read } for  pid=7497 comm="syz.1.417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  224.355380][    T9] usb 2-1: USB disconnect, device number 10
[  224.363943][    C1] vkms_vblank_simulate: vblank timer overrun
[  224.379051][   T29] audit: type=1400 audit(1731346227.528:391): avc:  denied  { write } for  pid=7497 comm="syz.1.417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  224.453243][ T7525] cifs: Unknown parameter ''
[  225.053511][   T29] audit: type=1400 audit(1731346228.238:392): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  225.058211][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  225.394657][ T7531] ax25_connect(): syz.1.426 uses autobind, please contact jreuter@yaina.de
[  225.442252][   T29] audit: type=1400 audit(1731346228.578:393): avc:  denied  { connect } for  pid=7526 comm="syz.1.426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  225.524345][   T29] audit: type=1400 audit(1731346228.608:394): avc:  denied  { connect } for  pid=7526 comm="syz.1.426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  225.883767][ T7536] netlink: 'syz.5.427': attribute type 1 has an invalid length.
[  226.270417][ T7545] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  227.652277][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  227.816892][    T9] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  228.002315][   T25] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  228.213027][   T25] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  228.288742][   T25] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  228.369255][    T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  228.380382][    T9] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  228.393567][    T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  228.402737][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.403747][   T25] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  228.424854][   T25] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  228.434281][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.448767][   T25] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  228.456509][   T25] usb 6-1: invalid MIDI out EP 0
[  228.518892][   T25] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22
[  228.519227][    T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  228.542877][    T9] usb 4-1: invalid MIDI out EP 0
[  228.690698][    T9] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  228.884751][ T7569] mmap: syz.4.436 (7569) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  229.411175][    T9] usb 4-1: USB disconnect, device number 9
[  229.427151][ T3064] usb 6-1: USB disconnect, device number 2
[  229.770119][ T7580] netlink: 'syz.4.440': attribute type 1 has an invalid length.
[  230.058681][   T29] audit: type=1400 audit(1731346233.228:395): avc:  denied  { mount } for  pid=7566 comm="syz.0.437" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  232.449863][   T29] audit: type=1400 audit(1731346235.628:396): avc:  denied  { setcurrent } for  pid=7604 comm="syz.4.447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  232.612979][ T1198] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  232.857693][ T7609] netlink: 'syz.1.448': attribute type 1 has an invalid length.
[  232.970400][ T1198] usb 6-1: Using ep0 maxpacket: 16
[  233.296783][ T1198] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  233.305649][ T1198] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  233.399452][ T1198] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  233.471543][ T1198] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  233.500542][ T1198] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.540458][ T1198] usb 6-1: Product: syz
[  233.558128][ T1198] usb 6-1: Manufacturer: syz
[  233.566755][ T1198] usb 6-1: SerialNumber: syz
[  233.714113][   T29] audit: type=1400 audit(1731346236.898:397): avc:  denied  { read } for  pid=7614 comm="syz.4.450" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  234.012118][   T29] audit: type=1400 audit(1731346236.898:398): avc:  denied  { open } for  pid=7614 comm="syz.4.450" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  234.242230][ T1198] usb 6-1: 0:2 : does not exist
[  234.670161][ T7625] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  235.742603][   T29] audit: type=1400 audit(1731346238.898:399): avc:  denied  { unmount } for  pid=5837 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  235.772060][ T5907] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  235.941408][   T29] audit: type=1400 audit(1731346239.118:400): avc:  denied  { write } for  pid=7631 comm="syz.0.454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  235.983392][ T5907] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  236.014226][ T5907] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  236.055608][   T29] audit: type=1400 audit(1731346239.148:401): avc:  denied  { getopt } for  pid=7631 comm="syz.0.454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  236.075329][ T5907] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  236.292503][ T5907] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  236.302201][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.498601][ T7640] program syz.5.456 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  237.080106][ T7640] netlink: 52 bytes leftover after parsing attributes in process `syz.5.456'.
[  237.817298][ T1198] usb 6-1: USB disconnect, device number 3
[  238.142433][ T5907] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  238.149923][ T5907] usb 2-1: invalid MIDI out EP 0
[  238.850591][   T29] audit: type=1400 audit(1731346242.028:402): avc:  denied  { ioctl } for  pid=7652 comm="syz.5.461" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  238.940815][ T5926] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  239.234085][ T5926] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  239.259253][ T7662] CIFS: iocharset name too long
[  239.340948][ T5907] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  239.344632][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.353101][ T5907] usb 2-1: USB disconnect, device number 11
[  239.412338][   T29] audit: type=1400 audit(1731346242.588:403): avc:  denied  { create } for  pid=7654 comm="syz.0.463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  239.723330][ T5926] usb 4-1: config 0 descriptor??
[  240.167146][ T7669] vlan2: entered promiscuous mode
[  240.182670][ T7669] syz_tun: entered promiscuous mode
[  240.293593][ T7669] team0: Port device vlan2 added
[  240.509948][ T7676] xt_CT: You must specify a L4 protocol and not use inversions on it
[  240.525825][ T5907] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  240.593167][ T7677] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  240.715781][ T5907] usb 6-1: New USB device found, idVendor=5032, idProduct=0bc7, bcdDevice=9c.bb
[  240.730766][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.749931][ T5907] usb 6-1: config 0 descriptor??
[  240.761208][ T5907] dvb-usb: found a 'GRAND - USB2.0 DVB-T adapter' in warm state.
[  240.783544][ T5907] dvb-usb: bulk message failed: -22 (3/0)
[  240.792353][ T5926] ath6kl: Failed to submit usb control message: -110
[  240.810099][ T5926] ath6kl: unable to send the bmi data to the device: -110
[  240.818585][ T5907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  240.840771][ T5907] dvbdev: DVB: registering new adapter (GRAND - USB2.0 DVB-T adapter)
[  240.852971][ T5926] ath6kl: Unable to send get target info: -110
[  240.859152][ T5907] usb 6-1: media controller created
[  240.894039][ T5907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  240.902582][ T3064] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  240.940153][ T5907] dvb-usb: bulk message failed: -22 (6/0)
[  240.946723][ T5907] dvb-usb: bulk message failed: -22 (6/0)
[  240.958760][ T5907] dvb-usb: no frontend was attached by 'GRAND - USB2.0 DVB-T adapter'
[  240.992258][ T5907] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input8
[  241.014249][ T5907] dvb-usb: schedule remote query interval to 150 msecs.
[  241.021265][ T5907] dvb-usb: GRAND - USB2.0 DVB-T adapter successfully initialized and connected.
[  241.107597][ T7547] usb 6-1: USB disconnect, device number 4
[  241.139792][ T3064] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.151360][ T3064] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  241.161527][ T3064] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  241.170844][ T3064] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.216553][ T3064] usb 2-1: config 0 descriptor??
[  241.222839][ T7547] dvb-usb: GRAND - USB2.0 DVB-T adapter successfully deinitialized and disconnected.
[  241.690652][ T5926] ath6kl: Failed to init ath6kl core: -110
[  241.697250][ T5926] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110
[  241.734896][ T5926] usb 4-1: USB disconnect, device number 10
[  242.459272][ T3064] hid (null): bogus close delimiter
[  242.754456][ T3064] usb 2-1: string descriptor 0 read error: -71
[  242.761532][ T3064] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71
[  242.782066][ T3064] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71
[  242.808482][ T3064] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71
[  242.882877][ T7697] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  243.026316][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  243.032940][ T3064] uclogic 0003:256C:006D.0008: failed probing parameters: -71
[  243.041083][ T3064] uclogic 0003:256C:006D.0008: probe with driver uclogic failed with error -71
[  243.062591][ T3064] usb 2-1: USB disconnect, device number 12
[  243.413809][ T7702] netlink: 'syz.4.476': attribute type 1 has an invalid length.
[  243.445590][ T7702] 8021q: adding VLAN 0 to HW filter on device bond1
[  243.501271][ T7702] netlink: 16 bytes leftover after parsing attributes in process `syz.4.476'.
[  243.529198][ T7702] netlink: 16 bytes leftover after parsing attributes in process `syz.4.476'.
[  243.554551][ T7702] netlink: 28 bytes leftover after parsing attributes in process `syz.4.476'.
[  243.564500][ T7702] netlink: 28 bytes leftover after parsing attributes in process `syz.4.476'.
[  243.588488][   T29] audit: type=1400 audit(1731346246.738:404): avc:  denied  { write } for  pid=7706 comm="syz.3.478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  243.629934][   T29] audit: type=1400 audit(1731346246.798:405): avc:  denied  { create } for  pid=7701 comm="syz.4.476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  243.651609][   T29] audit: type=1400 audit(1731346246.808:406): avc:  denied  { setopt } for  pid=7701 comm="syz.4.476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  243.767469][ T7710] netlink: 'syz.4.476': attribute type 1 has an invalid length.
[  244.453294][ T7702] 8021q: adding VLAN 0 to HW filter on device batadv1
[  244.483354][ T7702] bond1: (slave batadv1): making interface the new active one
[  244.605341][ T7702] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  247.722081][ T7547] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  248.219091][ T7547] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.275918][ T7547] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.314348][ T7547] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  248.353254][ T7547] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.633207][ T7547] usb 5-1: config 0 descriptor??
[  251.135891][ T7547] hid (null): bogus close delimiter
[  251.674175][ T7547] usb 5-1: string descriptor 0 read error: -71
[  251.692318][ T7547] uclogic 0003:256C:006D.0009: failed retrieving string descriptor #200: -71
[  251.701180][ T7547] uclogic 0003:256C:006D.0009: failed retrieving pen parameters: -71
[  251.942567][ T7547] uclogic 0003:256C:006D.0009: failed probing pen v2 parameters: -71
[  251.950843][ T7547] uclogic 0003:256C:006D.0009: failed probing parameters: -71
[  251.958571][ T7547] uclogic 0003:256C:006D.0009: probe with driver uclogic failed with error -71
[  251.984925][ T7547] usb 5-1: USB disconnect, device number 9
[  253.453198][ T7814] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  254.832890][ T7839] mkiss: ax0: crc mode is auto.
[  255.158197][ T7840] netlink: 36 bytes leftover after parsing attributes in process `syz.0.511'.
[  255.751341][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  255.802096][ T7547] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  257.233972][ T7547] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  257.234244][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  257.252183][ T7547] usb 5-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  257.252426][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  257.386244][ T7547] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  257.441201][ T7547] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.583677][ T7547] usb 5-1: can't set config #27, error -71
[  257.718682][ T7547] usb 5-1: USB disconnect, device number 10
[  257.852091][ T3064] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  257.927452][ T7857] netlink: 4 bytes leftover after parsing attributes in process `syz.4.518'.
[  258.034273][ T3064] usb 2-1: Using ep0 maxpacket: 32
[  258.080927][ T3064] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  258.093983][ T3064] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.110739][ T3064] usb 2-1: Product: syz
[  258.273431][ T3064] usb 2-1: Manufacturer: syz
[  258.404866][ T7852] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  258.421375][ T3064] usb 2-1: SerialNumber: syz
[  258.445144][ T3064] usb 2-1: config 0 descriptor??
[  258.486486][ T3064] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  259.312151][ T3064] gspca_ov534_9: reg_w failed -110
[  259.584667][ T7880] xt_CT: You must specify a L4 protocol and not use inversions on it
[  259.891539][ T7884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.900529][ T7884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.092208][ T5842] Bluetooth: hci5: command 0x040f tx timeout
[  260.552318][ T3064] gspca_ov534_9: Unknown sensor 0000
[  260.552398][ T3064] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  262.192227][ T7901] evm: overlay not supported
[  262.199869][ T7901] Invalid ELF header magic: != ELF
[  262.211343][ T7902] netlink: 44 bytes leftover after parsing attributes in process `syz.4.531'.
[  262.222807][ T7902] netlink: 28 bytes leftover after parsing attributes in process `syz.4.531'.
[  263.042441][    T9] usb 2-1: USB disconnect, device number 13
[  263.116233][   T29] audit: type=1804 audit(1731346265.368:407): pid=7901 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.529" name="/newroot/111/bus/bus" dev="overlay" ino=629 res=1 errno=0
[  264.029044][ T7910] netlink: 'syz.1.533': attribute type 3 has an invalid length.
[  264.036801][ T7910] netlink: 12 bytes leftover after parsing attributes in process `syz.1.533'.
[  264.048660][ T7910] affs: No valid root block on device nbd1
[  264.161820][   T29] audit: type=1400 audit(1731346265.378:408): avc:  denied  { module_load } for  pid=7894 comm="syz.0.529" path="/111/bus/bus" dev="overlay" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  264.287613][ T7913] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  267.098401][ T7926] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  267.452201][   T30] INFO: task syz.2.118:6364 blocked for more than 144 seconds.
[  267.463868][   T30]       Not tainted 6.12.0-rc7-syzkaller #0
[  267.469807][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  267.485306][ T7929] ax25_connect(): syz.1.537 uses autobind, please contact jreuter@yaina.de
[  267.516356][   T30] task:syz.2.118       state:D stack:24880 pid:6364  tgid:6360  ppid:5825   flags:0x00124002
[  267.560453][   T30] Call Trace:
[  267.576037][   T30]  <TASK>
[  267.589026][   T30]  __schedule+0xe55/0x5740
[  267.611875][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  267.628394][   T30]  ? __pfx___schedule+0x10/0x10
[  267.669111][   T30]  ? schedule+0x298/0x350
[  267.684647][   T30]  ? __pfx_lock_release+0x10/0x10
[  267.704600][   T30]  ? trace_lock_acquire+0x14a/0x1d0
[  267.723310][   T30]  ? lock_acquire+0x2f/0xb0
[  267.741011][   T30]  ? schedule+0x1fd/0x350
[  267.756894][   T30]  schedule+0xe7/0x350
[  267.794168][   T30]  schedule_timeout+0x258/0x2a0
[  267.814013][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  267.836206][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  267.862041][   T30]  __wait_for_common+0x3e1/0x600
[  267.869309][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  267.884677][   T30]  ? __pfx___wait_for_common+0x10/0x10
[  267.904628][   T30]  ? lock_acquire+0x2f/0xb0
[  267.914989][   T30]  ? io_wq_put_and_exit+0x18f/0x8a0
[  267.930443][   T30]  io_wq_put_and_exit+0x232/0x8a0
[  267.965359][   T30]  ? __pfx_xa_find_after+0x10/0x10
[  267.981074][   T30]  ? __pfx_io_wq_put_and_exit+0x10/0x10
[  267.997613][   T30]  ? __pfx___might_resched+0x10/0x10
[  268.010567][   T30]  io_uring_clean_tctx+0x10e/0x190
[  268.029637][   T30]  ? __pfx_io_uring_clean_tctx+0x10/0x10
[  268.047393][   T30]  ? percpu_counter_add_batch+0x174/0x1e0
[  268.067262][   T30]  io_uring_cancel_generic+0x678/0x800
[  268.089787][   T30]  ? lock_acquire.part.0+0x11b/0x380
[  268.102834][   T30]  ? __pfx_io_uring_cancel_generic+0x10/0x10
[  268.116308][   T30]  ? do_exit+0x313/0x2d70
[  268.126823][   T30]  ? __pfx_lock_release+0x10/0x10
[  268.138606][   T30]  ? __pfx_autoremove_wake_function+0x10/0x10
[  268.153526][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  268.167420][   T30]  do_exit+0x541/0x2d70
[  268.187400][   T30]  ? get_signal+0x8f2/0x2770
[  268.206312][   T30]  ? __pfx_do_exit+0x10/0x10
[  268.223028][   T30]  ? do_raw_spin_lock+0x12d/0x2c0
[  268.237414][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  268.256488][   T30]  do_group_exit+0xd3/0x2a0
[  268.281676][   T30]  get_signal+0x25fb/0x2770
[  268.295614][   T30]  ? __pfx_get_signal+0x10/0x10
[  268.307265][   T30]  ? __do_sys_io_uring_enter+0x4a7/0x1170
[  268.320128][   T30]  arch_do_signal_or_restart+0x90/0x7e0
[  268.333000][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  268.346446][   T30]  ? rcu_is_watching+0x12/0xc0
[  268.358095][   T30]  syscall_exit_to_user_mode+0x150/0x2a0
[  268.371100][   T30]  do_syscall_64+0xda/0x250
[  268.381030][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.400439][   T30] RIP: 0033:0x7f3f6257e719
[  268.416380][   T30] RSP: 002b:00007f3f633c9038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  268.438475][   T30] RAX: 0000000000002000 RBX: 00007f3f62735f80 RCX: 00007f3f6257e719
[  268.459980][   T30] RDX: 0000000000000000 RSI: 00000000000047fa RDI: 0000000000000006
[  268.484821][   T30] RBP: 00007f3f625f139e R08: 0000000000000000 R09: 0000000000000000
[  268.554982][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  268.580224][   T30] R13: 0000000000000000 R14: 00007f3f62735f80 R15: 00007ffee63470c8
[  268.598900][   T30]  </TASK>
[  268.615639][   T30] 
[  268.615639][   T30] Showing all locks held in the system:
[  268.638188][   T30] 1 lock held by khungtaskd/30:
[  268.650924][   T30]  #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390
[  268.663791][   T30] 2 locks held by getty/5579:
[  268.668629][   T30]  #0: ffff8880323430a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  268.682199][   T30]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480
[  268.702129][   T30] 1 lock held by iou-wrk-6364/6372:
[  268.707522][   T30] 3 locks held by syz.5.543/7945:
[  268.714237][   T30]  #0: ffffffff8ff81c70 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  268.724175][   T30]  #1: ffffffff8ff81d28 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x580/0x800
[  268.736484][   T30]  #2: ffffffff8fee33e8 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0xce/0x13e0
[  268.756323][   T30] 2 locks held by syz.1.544/7944:
[  268.767918][   T30]  #0: ffffffff8fee33e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0
[  268.779600][   T30]  #1: ffffffff8e1c3c38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x1a4/0x3b0
[  268.794328][   T30] 2 locks held by syz.1.544/7947:
[  268.802183][   T30]  #0: ffffffff8ff81c70 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  268.810526][   T30]  #1: ffffffff8fee33e8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0xb4/0xb10
[  268.820170][   T30] 2 locks held by syz.1.544/7949:
[  268.825949][   T30]  #0: ffffffff8ff81c70 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  268.836020][   T30]  #1: ffffffff8fee33e8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0xb4/0xb10
[  268.871321][   T30] 
[  268.887321][   T30] =============================================
[  268.887321][   T30] 
[  268.913666][   T30] NMI backtrace for cpu 0
[  268.918034][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc7-syzkaller #0
[  268.926807][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  268.936884][   T30] Call Trace:
[  268.940169][   T30]  <TASK>
[  268.943122][   T30]  dump_stack_lvl+0x116/0x1f0
[  268.947815][   T30]  nmi_cpu_backtrace+0x27b/0x390
[  268.952775][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  268.958783][   T30]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  268.964779][   T30]  watchdog+0xf0c/0x1240
[  268.969131][   T30]  ? __pfx_watchdog+0x10/0x10
[  268.973819][   T30]  ? lockdep_hardirqs_on+0x7c/0x110
[  268.979037][   T30]  ? __kthread_parkme+0x148/0x220
[  268.984087][   T30]  ? __pfx_watchdog+0x10/0x10
[  268.988778][   T30]  kthread+0x2c1/0x3a0
[  268.992855][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  268.998072][   T30]  ? __pfx_kthread+0x10/0x10
[  269.002694][   T30]  ret_from_fork+0x45/0x80
[  269.007121][   T30]  ? __pfx_kthread+0x10/0x10
[  269.011720][   T30]  ret_from_fork_asm+0x1a/0x30
[  269.016515][   T30]  </TASK>
[  269.020091][   T30] Sending NMI from CPU 0 to CPUs 1:
[  269.025726][    C1] NMI backtrace for cpu 1
[  269.025737][    C1] CPU: 1 UID: 0 PID: 1087 Comm: kworker/u8:6 Not tainted 6.12.0-rc7-syzkaller #0
[  269.025759][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  269.025771][    C1] Workqueue: events_unbound nsim_dev_trap_report_work
[  269.025825][    C1] RIP: 0010:clear_page_erms+0xb/0x20
[  269.025852][    C1] Code: 48 8d 7f 40 75 d9 90 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa b9 00 10 00 00 31 c0 <f3> aa c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90
[  269.025871][    C1] RSP: 0018:ffffc900042074a0 EFLAGS: 00010246
[  269.025886][    C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000f80
[  269.025898][    C1] RDX: ffffea000127a940 RSI: ffff888000000000 RDI: ffff888049ea5080
[  269.025912][    C1] RBP: ffffea000127a800 R08: 0000160000000000 R09: 0000000000000000
[  269.025926][    C1] R10: ffffed10093d4000 R11: dffffc0000000000 R12: 0000000000000000
[  269.025939][    C1] R13: ffffea000127aa00 R14: 0000000000000001 R15: 0000000000000000
[  269.025952][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  269.025971][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  269.025985][    C1] CR2: 0000000020021000 CR3: 000000000df7c000 CR4: 00000000003526f0
[  269.025998][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  269.026010][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  269.026022][    C1] Call Trace:
[  269.026027][    C1]  <NMI>
[  269.026034][    C1]  ? nmi_cpu_backtrace+0x1d8/0x390
[  269.026061][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  269.026091][    C1]  ? nmi_handle+0x1a9/0x5c0
[  269.026115][    C1]  ? clear_page_erms+0xb/0x20
[  269.026137][    C1]  ? default_do_nmi+0x6a/0x160
[  269.026161][    C1]  ? exc_nmi+0x170/0x1e0
[  269.026184][    C1]  ? end_repeat_nmi+0xf/0x53
[  269.026205][    C1]  ? clear_page_erms+0xb/0x20
[  269.026228][    C1]  ? clear_page_erms+0xb/0x20
[  269.026250][    C1]  ? clear_page_erms+0xb/0x20
[  269.026272][    C1]  </NMI>
[  269.026278][    C1]  <TASK>
[  269.026283][    C1]  post_alloc_hook+0x1a3/0x350
[  269.026313][    C1]  get_page_from_freelist+0xfce/0x2f80
[  269.026342][    C1]  ? __pfx_get_page_from_freelist+0x10/0x10
[  269.026366][    C1]  ? should_fail_alloc_page+0xee/0x130
[  269.026391][    C1]  ? prepare_alloc_pages.constprop.0+0x16f/0x560
[  269.026411][    C1]  ? mark_lock+0xb5/0xc60
[  269.026429][    C1]  __alloc_pages_noprof+0x223/0x25a0
[  269.026454][    C1]  ? hlock_class+0x4e/0x130
[  269.026478][    C1]  ? mark_lock+0xb5/0xc60
[  269.026495][    C1]  ? unwind_next_frame+0xe5d/0x20c0
[  269.026516][    C1]  ? arch_stack_walk+0x74/0x100
[  269.026551][    C1]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  269.026576][    C1]  ? hlock_class+0x4e/0x130
[  269.026600][    C1]  ? __lock_acquire+0x163e/0x3ce0
[  269.026621][    C1]  ? hlock_class+0x4e/0x130
[  269.026644][    C1]  ? mark_lock+0xb5/0xc60
[  269.026659][    C1]  ? __pfx___lock_acquire+0x10/0x10
[  269.026677][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  269.026711][    C1]  ? policy_nodemask+0xea/0x4e0
[  269.026738][    C1]  alloc_pages_mpol_noprof+0x2c9/0x610
[  269.026769][    C1]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  269.026798][    C1]  ? __pfx_lock_release+0x10/0x10
[  269.026817][    C1]  new_slab+0x2c9/0x410
[  269.026837][    C1]  ___slab_alloc+0xdac/0x1880
[  269.026857][    C1]  ? __alloc_skb+0x164/0x380
[  269.026885][    C1]  ? __alloc_skb+0x164/0x380
[  269.026904][    C1]  ? __slab_alloc.constprop.0+0x56/0xb0
[  269.026924][    C1]  __slab_alloc.constprop.0+0x56/0xb0
[  269.026945][    C1]  __kmalloc_node_track_caller_noprof+0x355/0x430
[  269.026971][    C1]  ? __alloc_skb+0x164/0x380
[  269.026995][    C1]  kmalloc_reserve+0xef/0x2c0
[  269.027020][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  269.027050][    C1]  __alloc_skb+0x164/0x380
[  269.027070][    C1]  ? __pfx___alloc_skb+0x10/0x10
[  269.027089][    C1]  ? kfree_skbmem+0x1a4/0x1f0
[  269.027119][    C1]  ? kfree_skbmem+0x1a4/0x1f0
[  269.027148][    C1]  nsim_dev_trap_report_work+0x2a4/0xc90
[  269.027183][    C1]  process_one_work+0x9c5/0x1ba0
[  269.027205][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  269.027227][    C1]  ? __pfx_process_one_work+0x10/0x10
[  269.027249][    C1]  ? assign_work+0x1a0/0x250
[  269.027283][    C1]  worker_thread+0x6c8/0xf00
[  269.027309][    C1]  ? __pfx_worker_thread+0x10/0x10
[  269.027328][    C1]  kthread+0x2c1/0x3a0
[  269.027350][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  269.027376][    C1]  ? __pfx_kthread+0x10/0x10
[  269.027399][    C1]  ret_from_fork+0x45/0x80
[  269.027417][    C1]  ? __pfx_kthread+0x10/0x10
[  269.027439][    C1]  ret_from_fork_asm+0x1a/0x30
[  269.027471][    C1]  </TASK>
[  269.048059][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  269.048076][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc7-syzkaller #0
[  269.048097][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  269.048108][   T30] Call Trace:
[  269.048116][   T30]  <TASK>
[  269.048124][   T30]  dump_stack_lvl+0x3d/0x1f0
[  269.048151][   T30]  panic+0x71d/0x800
[  269.048191][   T30]  ? __pfx_panic+0x10/0x10
[  269.048216][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  269.048239][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  269.048266][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  269.048287][   T30]  ? watchdog+0xd76/0x1240
[  269.048305][   T30]  ? watchdog+0xd69/0x1240
[  269.048324][   T30]  watchdog+0xd87/0x1240
[  269.048346][   T30]  ? __pfx_watchdog+0x10/0x10
[  269.048363][   T30]  ? lockdep_hardirqs_on+0x7c/0x110
[  269.048392][   T30]  ? __kthread_parkme+0x148/0x220
[  269.048416][   T30]  ? __pfx_watchdog+0x10/0x10
[  269.048434][   T30]  kthread+0x2c1/0x3a0
[  269.048455][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  269.048480][   T30]  ? __pfx_kthread+0x10/0x10
[  269.048502][   T30]  ret_from_fork+0x45/0x80
[  269.048521][   T30]  ? __pfx_kthread+0x10/0x10
[  269.048543][   T30]  ret_from_fork_asm+0x1a/0x30
[  269.048578][   T30]  </TASK>
[  269.601467][   T30] Kernel Offset: disabled
[  269.605775][   T30] Rebooting in 86400 seconds..