last executing test programs:

47.398630151s ago: executing program 1 (id=3925):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000001180)) (fail_nth: 3)

46.608121659s ago: executing program 1 (id=3928):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8082, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[], 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
socket(0x1000000010, 0x80002, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000240)={0x14, 0x0, 0x1, 0x0, 0x0, {0x6}}, 0x14}}, 0x0)
sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x78, 0x0, 0x100, 0x70bd27, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @local}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_DOMAIN={0x6, 0x1, '{\x00'}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_DOMAIN={0xa, 0x1, '&^\x92#/\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}]}, 0x78}, 0x1, 0x0, 0x0, 0x10}, 0xd0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0xb2}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff00000000a4040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a300000000038000380340000802800018023000100118c7457ff8f99b8233ba7d81496e1da69279e989c73000065399ef6cd8d8000080003400000000114"], 0xf0}}, 0x0)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r4, 0x2)
ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, &(0x7f0000000640)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
socket$inet6_udp(0xa, 0x2, 0x0)
unshare(0x42000000)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x400000f3, 0x0, 0x6}]})

44.776000223s ago: executing program 2 (id=3931):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000000100c0"])
syz_emit_ethernet(0x76, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd60f4a300ffff3a00fe8000000000000000000000000000bb0000000000000000000000000000000004009078000000066cf6cd53020033fffe800000000000000000000000000031fe8000000000dfff00000000000000aa290000000000000013d87159da0a7f6bb93044749465caab78ef2cbb376013e00a98e1cfab000ccdadb394eb2704f3be352f9965902e7f53a0"], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000005c0)={0x40, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000000000000000ffea000005000100070000000900020073797a300000000014000780080012401b00000008000840000000000500050000000010050004000a0000000d"], 0x5c}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r4, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='net/raw6\x00')
read$usbmon(r7, &(0x7f00000005c0)=""/225, 0xe1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000"], 0x48)
close_range(r6, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

44.209850914s ago: executing program 2 (id=3935):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x5, &(0x7f0000000180)={0x5, 0xf, 0x5}})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x6)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x42, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0xffff, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x10009, 0x52}]}}}}}}}, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x17, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x10, 0x0, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x3, 0x20000009}]}}}}}}}, 0x0) (fail_nth: 3)

43.140208155s ago: executing program 1 (id=3938):
r0 = socket$kcm(0x29, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
keyctl$read(0x2, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c520000c2", @ANYRES16=r3, @ANYBLOB="010328bd70000000000034000000080003"], 0x1c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newrule={0x24, 0x20, 0x301, 0xffffffff, 0x8000, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5da6982ca8fdfd5, 0x10002}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e21}}]}, 0x24}}, 0x44004)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xd)
ioctl$FIONREAD(r6, 0x541b, 0xfffffffffffffffe)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r7, <r8=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f0000007940)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0xc0d0}, 0x0)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, 0x0)
connect$pppl2tp(r11, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r10, {0x2, 0x0, @multicast1}, 0xa, 0x0, 0xfffd}}, 0x26)
sendmmsg$inet(r11, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)=[{&(0x7f00000010c0)="7d5107673289eeae3f806c5c62db497a0299399ab6101c3b", 0x1}], 0x1}}], 0x4000000000001ce, 0x8040)
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, 0xffffffffffffffff, 0xfffffffffffffe84)

43.048271609s ago: executing program 2 (id=3940):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18)
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000180)={0xb, 0x401})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
modify_ldt$write(0x1, &(0x7f0000000340)={0x8, 0x20000000}, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000001000/0x3000)=nil, 0x30000, 0x0, 0x11, r2, 0x0)
modify_ldt$read(0x0, &(0x7f0000001100)=""/4130, 0x48)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r8=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000280)={0x1, r8, 0x8, 0x3, 0x7, 0x6})
r9 = syz_io_uring_setup(0x417a, &(0x7f00000002c0)={0x0, 0x3584, 0x2, 0x1103, 0x21e}, &(0x7f0000000240)=<r10=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r9, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x35, {0x5, 0x1}, 0x1}, 0x1)

37.531443849s ago: executing program 2 (id=3941):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0, 0x0, 0xfff7fffffffffff5}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200, 0x1)
mount(0x0, &(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f000015bffc)='nfs\x00', 0x1, &(0x7f0000000000))
epoll_create1(0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_io_uring_setup(0x49f, &(0x7f0000000080)={0x0, 0xe7a8, 0x1, 0x7ffc, 0x8040024e}, 0x0, &(0x7f0000000100))
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
setuid(0xee01)
syz_open_dev$video4linux(&(0x7f0000000000), 0x79, 0x80)
syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="124437675b30efcddf090f05b7c2000000010902120001000000000904000000d8b96e0080b27ccdb369225f4642cf2c283a3f252a03"], 0x0)
setsockopt$sock_void(r3, 0x1, 0x0, 0x0, 0x0)

37.470718375s ago: executing program 1 (id=3942):
memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001300100000000000000000007374726565626f673531322d67656e65726963"], 0xe0}}, 0x0)
sendmsg$nl_crypto(r0, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)

36.679221088s ago: executing program 3 (id=3945):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='numa_maps\x00')
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0)

36.659277205s ago: executing program 1 (id=3946):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_mtu(r1, 0x111, 0xa, 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, 0x0, 0x22)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000002, 0x31, 0xffffffffffffffff, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
dup(r4)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
listen(r5, 0xfffffffe)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
sendmmsg(r7, &(0x7f0000000640), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x0)
r8 = socket(0x10, 0x803, 0x9)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x29, 0x0, 0x3, 0x3, 0x2, @empty, @empty, 0x20, 0x8, 0x2, 0x5}})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b0001110000000904"], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0)

36.489545257s ago: executing program 3 (id=3947):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000000100c0"])
syz_emit_ethernet(0x76, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd60f4a300ffff3a00fe8000000000000000000000000000bb0000000000000000000000000000000004009078000000066cf6cd53020033fffe800000000000000000000000000031fe8000000000dfff00000000000000aa290000000000000013d87159da0a7f6bb93044749465caab78ef2cbb376013e00a98e1cfab000ccdadb394eb2704f3be352f9965902e7f53a0"], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000005c0)={0x40, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x5c}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r4, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='net/raw6\x00')
read$usbmon(r7, &(0x7f00000005c0)=""/225, 0xe1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000"], 0x48)
close_range(r6, 0xffffffffffffffff, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

35.292450414s ago: executing program 3 (id=3949):
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x9, 0x2012, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6tnl0\x00', 0x0, 0x4, 0x92, 0xe, 0x2, 0x2, @ipv4={'\x00', '\xff\xff', @local}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x1, 0x100, 0x9}})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r0 = add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe)
keyctl$read(0xb, r0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r1 = epoll_create1(0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0xe000001a})
read$char_usb(r2, &(0x7f0000000100)=""/162, 0xa2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union]}}, 0x0, 0x26}, 0x20)
pread64(r2, &(0x7f00000002c0)=""/190, 0xbe, 0x200)
epoll_pwait(r1, &(0x7f00000001c0)=[{}], 0x1, 0x7, 0x0, 0x0)

35.076132245s ago: executing program 4 (id=3951):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="007a707573657420006370750806"], 0x12)
unlink(&(0x7f0000000340)='./cgroup.cpu/cpuset.cpus\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x10, 0x4, 0x4, 0x2}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7d}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0x1a0)
r4 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001600)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x1)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r5}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x6, 0x11, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000100008000000000000000008500000041000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x700, 0xe8d4fa405ab93d3e, 0x0, &(0x7f0000000540), 0x0, 0x51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x20, 0x1411, 0x400, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000005}, 0x40)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
io_uring_enter(r3, 0x1bae, 0x49ca, 0x20, &(0x7f0000000980)={[0x100]}, 0x8)
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
recvmsg(r3, &(0x7f0000000840)={&(0x7f00000003c0)=@tipc=@name, 0x80, &(0x7f0000000580)=[{&(0x7f0000000680)=""/203, 0xcb}, {&(0x7f0000000780)=""/89, 0x59}, {&(0x7f0000000180)=""/32, 0x20}, {&(0x7f0000000480)=""/47, 0x2f}], 0x4, &(0x7f0000000800)=""/33, 0x21}, 0x10020)
r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x80000000006, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r8, 0xc0d05640, &(0x7f0000000040)={0x1, @pix={0x0, 0x0, 0x33424752}})

34.802669416s ago: executing program 3 (id=3952):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000000100c0"])
syz_emit_ethernet(0x76, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd60f4a300ffff3a00fe8000000000000000000000000000bb0000000000000000000000000000000004009078000000066cf6cd53020033fffe800000000000000000000000000031fe8000000000dfff00000000000000aa290000000000000013d87159da0a7f6bb93044749465caab78ef2cbb376013e00a98e1cfab000ccdadb394eb2704f3be352f9965902e7f53a0"], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000005c0)={0x40, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000000000000000ffea000005000100070000000900020073797a300000000014000780080012401b00000008000840000000000500050000000010050004000a0000000d000300686173"], 0x5c}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r4, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='net/raw6\x00')
read$usbmon(r7, &(0x7f00000005c0)=""/225, 0xe1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000"], 0x48)
close_range(r6, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

34.072625455s ago: executing program 2 (id=3953):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000000100c0"])
syz_emit_ethernet(0x76, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd60f4a300ffff3a00fe8000000000000000000000000000bb0000000000000000000000000000000004009078000000066cf6cd53020033fffe800000000000000000000000000031fe8000000000dfff00000000000000aa290000000000000013d87159da0a7f6bb93044749465caab78ef2cbb376013e00a98e1cfab000ccdadb394eb2704f3be352f9965902e7f53a0"], 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000005c0)={0x40, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000000000000000ffea000005000100070000000900020073797a300000000014000780080012401b00000008000840000000000500050000000010050004000a0000000d000300686173683a6d6163"], 0x5c}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='net/raw6\x00')
read$usbmon(r6, &(0x7f00000005c0)=""/225, 0xe1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000"], 0x48)
close_range(r5, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

33.555165647s ago: executing program 3 (id=3954):
r0 = socket(0x2a, 0xa, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_SET_NOTIFY(r1, 0x7cb, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000880), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="63a96ecc", @ANYRES16=r4, @ANYBLOB="010000000000000000004f0000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b00140000000600110009000000"], 0x4c}}, 0x0)
mmap$xdp(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000000, 0x11, r2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6})
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r7, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r9 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x80400, 0x0)
ioctl$VHOST_SET_FEATURES(r9, 0x4008af00, &(0x7f0000000200)=0x8001100)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x15)
r11 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x40)
syz_usb_disconnect(r11)
socket$kcm(0x10, 0x2, 0x0)
r12 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r12, @ANYBLOB=',wfdno=', @ANYRESHEX=r11])
ioctl$KVM_CREATE_GUEST_MEMFD(r10, 0xc040aed4, &(0x7f0000000080)={0xfffffffffffff801, 0x5d})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}, @TCA_FLOWER_KEY_SCTP_DST={0x6}]}}]}, 0x4c}}, 0x24004000)
r13 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r13, &(0x7f00000002c0), 0x40000000000009f, 0x0)

32.419464475s ago: executing program 2 (id=3956):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf2503000000080001000000000008000100000000003400", @ANYRES32=r2], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)

32.329404973s ago: executing program 4 (id=3958):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x30, 0x0, @void}, 0xfffffffffffffcf4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe1b)
socket$kcm(0x10, 0x2, 0x0)
ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f00000000c0)={""/32, 0x0, 0x0, 0x55, 0x0, 0x0})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
recvmsg(r1, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001480)=[{0x0}], 0x1}, 0x2)
connect$packet(r1, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14)
shutdown(r1, 0x1)
r2 = syz_io_uring_setup(0xb7f, 0x0, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000600))
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
writev(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000580)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f20000004c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa00060008"], 0x0)
socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
syz_emit_ethernet(0x22, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x84, 0x0, @dev, @local}}}}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000"], 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(0xffffffffffffffff, 0x0, 0x10)
syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), 0x0)

32.245473676s ago: executing program 1 (id=3959):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x0, &(0x7f0000000040)}, 0x10)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x9ffc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0)
connect$pppl2tp(r2, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000040)={'ip6gre0\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r9, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001b80)={0x18, 0x0, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}]}, 0x18}}, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp(0x2, 0x3, 0x2)
r11 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r12=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, r11, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r12}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={r8})
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20044001}, 0x11)
sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r6, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000340007800c00018008000100", @ANYRES32=r7, @ANYRES32=r8], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001780)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x48814}, 0xc000)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x4, 0x0, 0x0, @pid}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r14)

31.800107336s ago: executing program 3 (id=3961):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[<r1=>0x0], 0x1})
r2 = socket(0x40000000015, 0x5, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0xfffff5a7, 0x7fffffff, 0x0, [{0x3, 0x81, 0x1, '\x00', 0x4}, {0xfe, 0x3, 0x0, '\x00', 0x6}, {0x7, 0xff, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x2}, {0xf, 0x2, 0xf9, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x2}, {0x8, 0x9, 0x2a, '\x00', 0x8}, {0x4, 0x0, 0xa, '\x00', 0xff}, {0x8, 0xd6, 0x3, '\x00', 0x9}, {0x9e, 0x6, 0x3, '\x00', 0x6}, {0x2, 0xb, 0x0, '\x00', 0x7f}, {0x45, 0x51, 0xa}, {0xe, 0xfc, 0x0, '\x00', 0x1}, {0x8, 0x2, 0x6, '\x00', 0x9}, {0x7, 0x1b, 0xfe, '\x00', 0x3}, {0x2, 0xa, 0xd6, '\x00', 0x7f}, {0xa, 0x0, 0xca, '\x00', 0x6}, {0x0, 0x60, 0x4, '\x00', 0x12}, {0xb, 0x8, 0x4f, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x7}, {0x8, 0xc, 0x0, '\x00', 0x6}]}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/softlockup_count', 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xac \xe8\xb6\xdf\x16J\xab\xecC\xe2{\xfd\x8a\xb4\x8e\x9c\xfb\xf6\xe9\xd8]B6)\x9f\x9cR\xae\x12G\xd8\xa4y\xef\x02?\xf2\xe7}\ra\x97F', 0x1)
copy_file_range(r0, 0x0, r5, &(0x7f0000000040)=0xfffffffffffffffd, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r6)
rt_sigsuspend(&(0x7f0000000180)={[0x7]}, 0x8)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000c80)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="7f1ad71c5e1e2ffd65015711202c22a1", 0x10}], 0x1, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20000850}], 0x1, 0x8084)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}, 0x1, 0x0, 0x0, 0x4094}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000100), 0x14)
getsockopt(r2, 0x200000000114, 0x8, &(0x7f0000019780)=""/102387, &(0x7f00000003c0)=0xfffffffffffffdc8)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r10=>0x0, <r11=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000200)={r1, r10, r11, 0x80000003, 0xa2a, 0xfffffffc, 0x0, 0x200, 0x7, 0xe, 0xfffffffb, 0x322})
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x400142, 0x0)

31.299318966s ago: executing program 4 (id=3963):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0, 0x0, 0xfff7fffffffffff5}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200, 0x1)
mount(0x0, &(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f000015bffc)='nfs\x00', 0x1, &(0x7f0000000000))
epoll_create1(0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_io_uring_setup(0x49f, &(0x7f0000000080)={0x0, 0xe7a8, 0x1, 0x7ffc, 0x8040024e}, 0x0, &(0x7f0000000100))
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
setuid(0xee01)
syz_open_dev$video4linux(&(0x7f0000000000), 0x79, 0x80)
syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="124437675b30efcddf090f05b7c2000000010902120001000000000904000000d8b96e0080b27ccdb369225f4642cf2c283a3f252a03"], 0x0)
setsockopt$sock_void(r3, 0x1, 0x0, 0x0, 0x0)

27.985124667s ago: executing program 4 (id=3967):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000000100c0"])
syz_emit_ethernet(0x76, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd60f4a300ffff3a00fe8000000000000000000000000000bb0000000000000000000000000000000004009078000000066cf6cd53020033fffe800000000000000000000000000031fe8000000000dfff00000000000000aa290000000000000013d87159da0a7f6bb93044749465caab78ef2cbb376013e00a98e1cfab000ccdadb394eb2704f3be352f9965902e7f53a0"], 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000005c0)={0x40, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000000000000000ffea000005000100070000000900020073797a300000000014000780080012401b00000008000840000000000500050000000010050004000a0000000d000300686173683a6d6163"], 0x5c}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='net/raw6\x00')
read$usbmon(r6, &(0x7f00000005c0)=""/225, 0xe1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000"], 0x48)
close_range(r5, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

26.689575003s ago: executing program 4 (id=3969):
r0 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
r1 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000500)='-', 0x1}], 0x1)
fallocate(r0, 0x0, 0x400000000000000, 0x7)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
lseek(r3, 0x7fffffffffffffff, 0x2)
writev(r3, &(0x7f0000000880)=[{&(0x7f0000000000)='Y', 0x1}], 0x1)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000002c0)={&(0x7f00000004c0)="876309679e4545a31562222e72f66743c4f0ef1753354bd2693c5d48b7f91771711f43595233c876f6cff2742cc036c7f266ea3b89eefed90c1eff0cb9edf6af4269813b9933fcdc628cad02d3d4c1986974d47eb8e6a654a600ef3393a0807f3c164ad10f36d10eb507b3101e50ad6adea4839be39a7b652c8613287fbd6186652a9dd3ce1a16bb83006bc087d3558c9a949bde1f23c261cf38d981f23f7355c2f394761f2a62459295354ee05ace71fd5d5a4de7c13c75f817399052f4e35889b261425e307fece9b2b028513c95502b791a89dfcd556260bafe", &(0x7f00000000c0)=""/164, &(0x7f0000000280)="0c7fbdadb7c48cbf12c27b648edeb5ac45ec8b569afadb09cfe70b9b5363", &(0x7f0000000780)="7964905f88e1f251e4fedcfd96dd04d4bcb82ffbee9519a813e8fc4249810ddac9dd993ed4479c3e7378436365a4f092656dc9ff89a2046482c56863037003e85eb80bba1714166243984d1225671941fca2ed863780363f4d4a6d40a681771d75137ca844a6c9c1ee51aa88ea180a2129cbeb723ce6e2b0c4e237766cd499aa7e1f81a05a71f5532bfc635531d42cd624dfab0f7b1d2e300fe20989d29e25dffc59dd81684e4bccb76eabf4b847567abd5baeb27ff297696263afea9066bc21e765171bcd3cf4bb47976e02f5f80c4068d8b2986b313d0e84cdcc0d5b5a78c277caf8f309c71f3752d60f38d33861ed9abc6df4c7693689598b63c36def849b3287f83c7cf93d6a05a8234abc927d5ebe3f7e6cd8567f17a2e7c2fc4e8b4547f7b086701c37f826a53803bfcc38b2ae0a6e95912d65dbddae4c0503fd0c28bee22af82ec389c4b79619676c357c4320f364e0e290a0c091c5707abbedaccb22a89ae8322a4de2596dbf41d5846a726634c949c77bade3270aa64bc1f95b374d7b7cfeb3e832b6d524f0a36e3e5e3a83e6070e7f796790f45fe4e95905743dad12bd12a7ebdea9db33e2b7ca213c13fa5eb54084d50e4f3bff4a0f2c73f55da14bcd927fc134f94b7a81b35d556f0b3fbccbff9280f9c208e4c755d0885b22aa1337f3c953ef32a8ce0ca1219af6ee14a197edba55d8fff8b84516838e952bf564b9e6d03a5afe6bd73ae532356a4cdee81a4934b1751176fb579d07a34645dea11d6ffd59c209303ff323584c7a0460d1d77edcd27df1f7533fdd1566ea45326cb726591dec789d5812dbe4b8a951154939c4f20acd59abc2316dcb0261aebd8584c469c382f2a590a16e1098f18188dbd796d7c844f6f6416a028a5791453b44cd071e0f17eb569f4d0ab166eaed9dbb457b8856ed97399a8c54a6df4146983bf2c225938fcad38dadf60ec01eb53950ff444928211ef626a0235e4c9959880eda5d852a9fd03d8daad3f9447e16876c3640ce66a3e5be2db1f82032ee19895f3d6b5a04754ded04471d87a4b5314789be466fe6821f428bd79574c0c0d6eb6e7e195609a0a4b6676439cecae50fe951126c66c2d2c461cf87247698f18b344400351670a631590e6a5993ffb086aeb653b5db2f96d08dfd0c007fb3c43d7c2ac9cb87a3f1b543ce6378b04ec8d7dfeedaaceec35376d229bcd648d43c45849c417641ec48385e54e67c295d80c06cfc04f19dbf4399948c529dbd9bde3879396248b30ec06a9b2e4529cec309404faad95e3584ebf599a2a55007bd8fa8d0c7b3733f121aa52d5202f9892322623afd1bd453c554218f440768e4bb8c415ed439326f970b7a8cb66776a7c8beff8d5158a2d8330dc6dae4d86ccc557ccc92036bea29011d7809afd020367e6c7100916ebde4c2946aadd2eda022fbe16343059b66324d8f5e532443a1b6b0d3bb34a0ae02ee6559dca4017690adc328865bb6e4922d9bbc1d3ee283e47ae5a33148004492b61033af1520643ae2ee215a99e5aa1d09cb623f9f999f2e9b76a1d8de141884205fa3ea6d88e4e6064679be3c99d5aae748c1bf4d0c0fee0bb2211b2e9fe67628b6febf33b6f1ed1f6fa25e61896c024a60c873d987b0abea38a03e0a51b73f1a3000b7beda0c5b90b8093cad06d0337c21fc884dac7d8a08b10fa4f10a8ca67e0c6bc6685fbfcdfbebd1dfe8bfc28498d6b7f9b131b21801d53c141c366a11fbb38d02bcf6b9f2cd390dfa435b5976b1f01f646528ee8ad2b6431a87d77ff34017985613960477ff77c505adf2549351748c67f85ac9fc6140b11bb44349e58f546b8684f448a1ee4f095cc90ffe342d8d3597694ed470d42bdaaff291f7b2f8d0807a4bf0daa31668fe2d90866b9e962c5e20b35d3eebde982069e4582b19038beba4ca762e13ee5b4c8d465c2d6e8ec1045a52d1c2b2b1eb56630f4f053b6cba0d238fd5318587fc3e565f2ed5fde7cfe757cd9d0f84eccff65115b53e4831e0315571e688305eae751d69d31c3ee20ce543852253bca95990e82a87b3bef6cf97cfb20a82c55e45f694413380cd93c744ca1a4edce92b7bab3ddcecb05f44db6f4c8604cf6fb3df0eb64e7e7e1d20bb1e2831011f87b6d77a5da41dba8efa9de5b9060b78f647625f14e13a4bbe065bbcc5a9158f8e9a22da0003c8c7a759a6951cacffc3adb8ee810fefed76b97c9bcff73dec6af06aad4f97ad21b1d7683b53107b42baa1c551f76cb35e7b20b31549892a1c10112283dafebeff4450612a970bf2a1fe60e6c0fb646e7fbf5e6693e93ec80e18e5c4c216802ef55f1bd3e79da85bc8616f76d972b119f3e132d628d74c0512b9ac6a2a2e8756a4c08b0d1a7efd7832d8f2730e2a8f36bfd24713931fd0ee101423a60087533181573c9e86f653cc69095a022317cd81ff329a07b88fe5dcc1f88d788060243327aaa984918678800c3bfb59ceda0dc749eefabf0c4e49d337b0b9a7541d180705bd984e2073dd033d5cb040bf142864755136aff7253365849581a75706511e6de1cacb7121242569e38b7a6b02c2bfc54d5f7d119f474e5e17c483f5039d455aff716c0a9d8bedf6df382978a793f3079863c8879fb9386acc8d58096b7e443252bc374b6c5d202f931089e78987f1139295c5ee928f66bb9e5fa098dcb0a7b8654eb2d2196e3211af0635ce1ee08f2d2a8da9097e07f73039369b5188644311a6d90356a3233de0b6d0156858be0dc24256b76c3b315ab61db78b93770ee862d8d6d3fe38ea471d24037ff28ecdb05ff0e5fea3e048258e1cba465986261c863a9e5415db1eba0d46808ab6d6c053082491786be95416909128cb4f1fefc205911fdbf062bf2f5b670e671d7187ec2344a0a53464f9ff57f90609d1a83eb01733480547c6d83ee74af4c69deb47849f3b75910f3c3c7201520f0725a9dfae6f25923bed5d264c1dcecba392ab511cc3771f2d8a33ce8d0d7e9610a4d54cb1ad959200ae40a6c4b06014efb71d4db98ff15817f3111573b0bd2e3363e88c50b8baec3b5b0a3e8e2969564e22a8cc9d1e71e2e981c9575b9d0119b38466cb02410492c8fc19fa49b2d1fe8893be3cc3bf315aef4de0ce3f4ef2d853ef6717bd5113a4814f782dd35816047786f7e68ea7c03f69bc3d01f95f02e8c59673bcc30f7ac4cc9c4b3c1187fe9393b80aa01afdb911c72c61e13073bab0aab83d2d64139432acf6686186ee820436f6df55af954da4b3fbc151d0447f0e0fef70a2094360e3269b87306208b1fc2a209e293ee2b23a01952ca3993775c27427c21e6e2f49bf071788bc48aefdabdde13370289c6ae59e8936315dfcd7761fc1abb256d95cc53fa068370beabebf5524cc39c102e3458a26e2a62b5931076cf6083cba9b59bdca3818377e573b389a3525a7529e1738fddba2589da6edec4b51bfee269d8fdeec870cb74e3ad52b915b1859d39aa4cd1968b65164163f2907f412026f157b69a55baa01fdd35e7bc0dd77582a50e7d89213dedee971b8b79c54379f9ef4f67211832b7012a86637b7e37602e9ed9c24cd4ba3426d4abe99e41c1d4db1c0d7bc676a509ec2e744cf1902774befa76a4b9ee728c218a3a50d97ae05c8b7886b20a3ece5086ef547fe019dbc2001f9295f8607e4acbf7fc3f755b047bbb07981074fdcb3e6b0dfb700794be8162793c0c12bf06b9e4cdad6c9fbfcd1f576b9bc45d60149668cc50b3e93904897d69b7901f9a399678e05f0c890fd637c51f54ae98c51fe208e754df8a5573d8ddbf610eacd06758a38d066435e4314d317783052265b02ef766c71917ff6a2dbb29dbcbc6820569ac5ccd0e5cf67a8c907692da57b5a0f7a02c42b2fe12541cb91606d935db7701eb1bb0191dea96ac811e53d23339c526d0753c806d94420d5bd0fd6e0f4dbda860d13c21abc1daf7943ee7f6521e745edf43f49462da258e00de21bc60948388fecb4c098be8019359d034bec9b1615fb1b2ea71d948f94936f78c8d5dde1eddf6871de0c94745a80307cbdf6fbd244f633bd1256af605162b8698a4834b1bee45a6b8f62b9b6794d2abbc56db79352f18ccfde0dbfdb52818bc45e704097521aaa0cd41b2e043351db377ea09d81d4fc703f021ae82f27a15e04304b7eb9f497580438c21f6876acbc24b5170155c2bd39357c432591b43d70825dcfdc5c8c60eb4de291522aa9f8b50e63fb5dd0576184838c26099ba169ccebaeb7cb5d013ad434cc9725e961fb67eb1d37cc75eeef75edf39bc70450bd66281d3bfed6f5ef13f5401357993247724dedc367019228c1e23e5475d4778213e8bb99ced739a9043469513a3fa5c7f5884cc122b34936634b2f807536d9448684dbdeff79f5ff6dd3e64471cb2e328865ebd9580951ff87cea895ef0b76446dcda08b419e14b141f257f773ccae02239026f2b3845080cb9e3aa865310269f494076454e0566a9531dc76bbc4a30a0af6e5025c269fc10ff10bd5b9eb24344b049605a8822e937c333658cb30ead81bdf0b8028329fa5770f04b10e087e9d3f7ce6e0086df30f970ffe7840f6872af72dc833d126c31925f68c76219bc180942f105d9ff638e567744b1d246d18f25f17d53b08ca7e8fb0222c71ef63763cf278d5ea3e41ff27c0db3051dfdbd76835977b439601c56c5b8587bf0af975e4e52e0956e3bd9b57f591c80ebb1e9e7eeb408d37f4dd513b6e2f644a767b0b3628631ba97893d1faf164dd0d29dffeea29c3a80f7a52e6fd5235d9bf8892a0ec425e46dfb4328f5e134ae965b29f84ba32ed32c172878c09f18a38849acbadbbe53e572f3bec143c348b36f9297f669f6c4080a27a69db71993d4f710550581282d2cbc2e449050732edfd9f49136b54b109fb92d7ec7862518e8ae6b81c92a342a6284031e616fa100671be688755a85905ea9e745a5f7fde761cbe53937812ee559d09ca23416d25fa11ba7a54ed9cb813cfaede73f3a9246a8f344c4b0f76f68f6353f4fd61d693e9e44cd965103261a88fd73f01ff385d3d1e55e2931848eb926658a02261b1b93e16dae9b4f22af3482967273b1f1fda81b7d1aa5c886a699af85995f51826703ac78a34d7777222469be71e678247e7e400a4117a9c651347fea6e67041f9f292483058bbd913393022ade1475b5040529e5f392a2198a3ee860098ab31903e5adc73c43f93a24331ff79e384227788640cac2f02c3ec24471e801b6f6949447f81c03d3483e0786dab23cb35498dd6db83edabc057d82151943d31ec9eb954a986feb2661fb5346899dcc58167e2994aafd6ef6af0493c60693e7ecac4f5b1bbecd883f69d8209d358fa306ae5505f30cfcaa59f8939a14f1877300c066fdc5bc25b6537232a56020f8b8594a2d9e6989bf35457034faf47889845331096485cb55f4c69bd0f75b3c6377e643c87a845b53775aa35865904a5c95e60208794269edc3ec24fe7813ed601231385c9489dacb6edaa1469eaf731d9281e8e43221835df80e9e3d1fc8e8b94a8acdc9d7f7a52532acda0be414387066b7c9e50e208605a7dd7a80dd930267bdeeae79fc0a2a553eecf76bc055fda770cb57f14dc6572368b2dededb0cc5799d2026cbb7e1e3e0953de20c63fbe4d60565b945dd7bf40368c307b8ac6541307c4bdf58f448c2e20ca5f2105f38b98d4c8d9be9c6dcf43d95556095c8abd03e4a85a3c5e32002cf228db092054d4963c443672173e5cd018de10f33a429de1ef64a86e58fe67417a78f7db66d1", 0x8, r3}, 0x38)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@upd={0x0, 0x12, 0x300, 0x70bd29, 0x24dfdbfb, {{'sha1-ni\x00'}, '\x00', '\x00', 0x400}, [{0x0, 0x1, 0x7ff}, {0x0, 0x1, 0x4}, {0x0, 0x1, 0x7fff}, {0x0, 0x1, 0x4}, {0x0, 0x1, 0x6}, {0x0, 0x1, 0x3}, {0x0, 0x1, 0x8}]}, 0x128}, 0x1, 0x0, 0x0, 0x2c8c0}, 0x4040)
r5 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001300100000000000000000007374726565626f673531322d67656e65726963"], 0xe0}}, 0x0)
sendmsg$nl_crypto(r5, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)
syz_clone3(&(0x7f0000001900)={0x220400, &(0x7f00000005c0), &(0x7f0000001780), &(0x7f0000000640), {0xb}, &(0x7f0000001a00)=""/268, 0x10c, &(0x7f0000001880)=""/83, &(0x7f0000000680)=[0x0], 0x1, {r3}}, 0x58)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0)
fsetxattr(r6, &(0x7f0000000000)=@known='security.selinux\x00', &(0x7f0000000080)=':\x00', 0xffdf, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r6, 0x6, 0x21, &(0x7f00000019c0)="cd62345361cd32e0c167364d167f038a", 0x10)
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0xf)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0x333, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0)

26.183328269s ago: executing program 4 (id=3971):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x0, &(0x7f0000000040)}, 0x10)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x9ffc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0)
connect$pppl2tp(r2, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000040)={'ip6gre0\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r9, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001b80)={0x18, 0x0, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}]}, 0x18}}, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp(0x2, 0x3, 0x2)
r11 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r12=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, r11, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r12}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={r8})
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20044001}, 0x11)
sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r6, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000340007800c00018008000100", @ANYRES32=r7, @ANYRES32=r8], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001780)=ANY=[@ANYBLOB="3800000040001901feffffff00000000017c0000140042800f"], 0x38}, 0x1, 0x0, 0x0, 0x48814}, 0xc000)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x4, 0x0, 0x0, @pid}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r14)

25.531192019s ago: executing program 0 (id=3972):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000000100c0"])
syz_emit_ethernet(0x76, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd60f4a300ffff3a00fe8000000000000000000000000000bb0000000000000000000000000000000004009078000000066cf6cd53020033fffe800000000000000000000000000031fe8000000000dfff00000000000000aa290000000000000013d87159da0a7f6bb93044749465caab78ef2cbb376013e00a98e1cfab000ccdadb394eb2704f3be352f9965902e7f53a0"], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000005c0)={0x40, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x5c}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r4, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='net/raw6\x00')
read$usbmon(r6, &(0x7f00000005c0)=""/225, 0xe1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1700000000000000"], 0x48)
socket$kcm(0x10, 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)

24.434460426s ago: executing program 0 (id=3973):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x30, 0x0, @void}, 0xfffffffffffffcf4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe1b)
socket$kcm(0x10, 0x2, 0x0)
ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f00000000c0)={""/32, 0x0, 0x0, 0x55, 0x0, 0x0})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
recvmsg(r1, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001480)=[{0x0}], 0x1}, 0x2)
connect$packet(r1, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14)
shutdown(r1, 0x1)
r2 = syz_io_uring_setup(0xb7f, 0x0, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000600))
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
writev(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000580)=ANY=[@ANYBLOB="cf599d3baed500000000000086dd60f20000004c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa00060008"], 0x0)
socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
syz_emit_ethernet(0x22, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x84, 0x0, @dev, @local}}}}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000"], 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(0xffffffffffffffff, 0x0, 0x10)
syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), 0x0)

23.420431867s ago: executing program 0 (id=3974):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_open_dev$swradio(0x0, 0x1, 0x2)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000019280))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x1a2400, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000100)='pagemap\x00')
pread64(r2, &(0x7f0000000200)=""/102400, 0x19020, 0x1000000000)

21.108020805s ago: executing program 0 (id=3975):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e23, 0xdb, @empty}}, 0xffb, 0x203, 0xffff18b6, 0x6, 0x330, 0x80000001, 0xdb}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1d}}}, 0x6, 0x8}, 0x90)
sendmsg$inet6(r4, &(0x7f0000000540)={&(0x7f0000000000)={0xa, 0x4e24, 0x7fff, @loopback, 0x6}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000040)="f0", 0x1}], 0x1}, 0x54)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})
pwrite64(0xffffffffffffffff, &(0x7f00000004c0)="3cc5", 0x2, 0x7)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)=@getlink={0x28, 0x12, 0x1, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x3080, 0x808}, [@IFLA_NET_NS_PID={0x8}]}, 0x28}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000440)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x100000}]}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x58}}, 0x8000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000006c0)={0x1, @pix_mp={0x3, 0x1, 0x48524742, 0x3, 0x0, [{0x108, 0xf}, {0x8, 0x29f6ebcf}, {0xd}, {0x5, 0xc}, {0x75a, 0x5}, {0x5, 0x2}, {0x6, 0x40c}, {0x10001, 0x1800000}], 0x0, 0xd, 0x2, 0x1, 0x1}})
sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, 0x4, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0xc}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x800)

19.920061999s ago: executing program 0 (id=3976):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa, 0x600})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r1 = socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000200)='%pI4   \x00'}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x8, 0xffffffff, 0x5, 0xa0, r2, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x3, 0xb}, 0x50)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
move_pages(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000000000/0x1000)=nil], &(0x7f0000000040)=[0x1], 0x0, 0x2)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x28011, r5, 0x0)
ftruncate(r5, 0x796c)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000480)={'veth0_virt_wifi\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f00000002c0)="05030500d3fc030000004788800509101128", 0x100f, 0x4, &(0x7f0000000140)={0x11, 0x88a8, r7, 0x1, 0x0, 0x6, @multicast}, 0x14)
write$UHID_INPUT(r5, &(0x7f0000001300)={0x8, {"2f29eabbd222bffc7b74838b337938ef5a7f7d6b4e4fd0a57c673798d6cc4bb825181dd42772e73bc97b114be31682b0dee3ff6278f28d25b67c99db4845985fd7f6a203a298c64ae36744b403d2032468f85f8f171c063521195ae8be6ca4d0e22f444c20e993d7a11b8a055efa3fb9b2dbc2561a37d9e7737fff7384681d12706d138ae9c1ce27959ba18d14a7fe73043519eef81eee19d0819d9f9054dadf08d48f5bf1e2169510c11deb8aeeaf80b41c38817ef720bc7f2394260f5a109e46cdd17ce7eb75bdc0180e6a5497f90f4a30a71f7e7a6550c463e431c311329944849a5f164edc095ce1ec0f0cab531469600720d6d2acdd3ab0c99ac88ef4b3db06fec897fd7ac1336a7efe82129fc0426b2ff19d5211fc697bb0c91a56832c29a02e63f44109bcba9dbe4cbad716ab77123a703ed600c423a2a0656e3d4e2ddcc6595e1dbcb45403d49172cf4eb74815ae975e642133319075d295df8aa42aa3f581a5f5d6f2916deca261d03ec1ec3dd882a1f0db5e59a01815ce55f330b6a8218b712b7033cf6a55f9e207032ef5421032a3627229ef41788ae3c79a535ef714cb0b118b5dbea481b993fc0f865b10b84959f5c2fd107004bcac250ec21d8e6057d6fab069ed9bbfeebe60b009d0026cea244ee83002edd9bf60e8bb4b1f5f9ea92231a3a454b5d3beb6084cfeb7776d36a679f16e33e062c01fc4597c69565a6c9285c79c6927fdbda96f8f7a348798065f07c74b6471859d4573425ea1c44aa07436d072d57a4913b155c866970dd69ea50928637131ca0574999f88df03a03637c09ee6eca8097a903ec36ea9e8bc74cd23218d9d33e5fd993b9971e772ff6a6a81231eafa61401050e1779fea92160cff5c67c6ef8a585792e1bf7e6055aacaa14d81727d5b263f9e5d7a30f9aa7840463b995ea4b04314228a06205ebe414d43c28bd0d57862d8eb5cabfbb5657a4e22718c17fd7ff6a77ffa0e0698b54046a42899a9f2cfb0a1ba765c775f851b7720dd498dc6d9a3273267dc2793d15f7d3e51d10c69e8e67d308e62f5054798ca24120bd75d553724f0be22b078b06c928888f867ef4fd4e4a0d73d931868fdbea8aa6831c8dbc24cc03802ec1025815ed4a7c850b7c80f0f1dd6d52a8d26c691fef9b2037395f7bd7c38862aa1ca735b5f4e532c0531eda121fecb3f23f0ac00d096d7b209d71a4431e33764ab0e7850ccb9de2c007b2e37fabdb5ab452a1f107bc921f872a56de1b5c9243a29ed7855511fe83370cb7f13f5044c76ef840cbeb81159c3ac97517d237340580d5f305a1c0180d99bedc770091dfe877b4834278f56f594d82291b0c1859f462b1d8fc9ab91aa92e6c7a603ab6c08d1d410ef6f545a0e33bb742c95f0ed71c6f9684c2e2e341a30332667d3a765572048970b959460f0c523f29712e6e5b45276520849e2d9fde61f78fe66e5f913e3bc0d560bfeb86a0f783b1aa7358cf906892dd65d69bf3941edc7b7a847d0c50302eec7d64d67b7f72e53be1d8ad298cb2477b8e9bc293efd60af8158423c13fd918534dafa662181322133d9e6b9c560a4cac9d46d4a6d6a21e5a1b14d39867fee3b6478cd416015445a4f857c20a7d1efff31527d82e679ad13e0833e4c22951793d7d8e7e7470b401122b8bded823cb0f2e778b896702444444055696a6ddee3d4ac128c24eb5417ebb76b29a03c75a771eedc39c141e0062832f292492579e8312a8f2613688a2d3f2f38e56ada79278edb80acd5dc8b8ed1b3baf37b2e7b6171b88269c782bee0763a9a5dbd85b5ee99e44f581031c64d96cb726f92d169b7e0903abb7ef1eb6606107e60f3ffbc990c43fa2488525ccf28ecd51d8204589b9495073aa34d002b90eeea0013f868e4625c06281e7421e014d0fe9bfdd79e12bd41dcfbb8009c5297d4720664fc8cae0e27bd63f2de10d10705e4a1145cddc99279727ed58c3635e42271e94015a6956f8a4920959217ed53596d5c414b24f8b691304c3f965a0fa4c15cbbb466d46f8aff37173b134c4d3db244b7792ca63d5d03c80f804889fb6e98723890cf08ed6c2578cc6a50ebdf4623b228df4b71afc6825aa56bc9b4957409f8cbc6834f6760867baf0e46d9559c53144d31d1c9fd243d93a206a97912d05ed73e33c33bda91cbc493fa912e9cb7e643a85c34f0fe22c163a64db519e8df478d07fed8fc8747ba4bcc5611e8b31c09bbda69d5d3cd786ba84432bc1dd0ebceddc29f490db0d7c2b33b44d370268364964f6744310feff7e07718e398147727b7e440404de01af724b6e9ae1005510eca6b2a48b889f40a1665cdf2465bfbae3b61aa2ad5fb9fffd321a81769fded8c7a52be4328856d45c7b0d89cb07bab60e44fe51c6f9cb1904d698b3cf709810d0398cfa208699465e99d48cc457d7107a90e7cd9c170f72161126cea7a6fad1fd5bbcf00bd3451d4f2ba2c8fa5462ecb9fd2c0a13b60d1190fed8bd576c875f74834fe5b9ae34f396e62f61996ea78550101df7e82bce4acf62a122aedcd5335b8419c12b71076a457e97f5eb90a54131ff3d4c1ec72dd0efb34e82dbb422bd1e9d62d78c13da1c6d05f24e03f17d254ff16a4d2fd52a8f9188e20be4aef84a6b258f10aaa7f795a2c7abdf3c3e6612db243c51d32cae43f5000b8ef213edff9975ab5ba082e8055b2a3a8d5141615cf6fce5ad6e1b4ddfe3eaec82ac16f38c0cbcd75f2b67a80a72a867eb8330adcc79c9e4b17379ad1636de6250a7cc54caa0cd227832f1cde8e9c056a179f9ede030378955c50068141c9ec6b69ad4c8355b8bd6b5a9363ea79a0469e93105e922f0915d165a62cce9af5984c447cf8af9c17e12de5a9e1f211653f73e5e51b99d2a2fc9bc2bb25d27650a9764256c4accd0c8a3e75abefb0acbc76629c265c55d56e491095001345ef70c24a6b2dff3e163bff4f4671a2f537a466fe9cb33f4c149da0597cd021b42d75dea5fe45db7af69230f86ed021903cab1f2799d11b3e6bd4f62c3cd54c4b3dee271bec908bdcb4c60e88c60b558c57d59dc5c2c800766cf19623b2314fd8cc1218b58198202fd1a9d9942ea45a207642716ad5fbbd2e16935b0673b38e3d43d26f69eeeec66f730703d28c271792c1ea86c9cd2ee3fd048e4d2265634a14034585b37a1ce09da86e3dc15dd65410a7b787eea1b598eacec762e841563353cdab585e08910deb0c71b768f9fb1362964bde250cb0186993ec0cfd8d825b824f7af06c6aef7618ad7b62ae943c5f8bcc13a965bbbfd7dc55db89640ff6a31121cf2960dd0bd36c3b913d59cdd951e838999d51efb15ccadde8fca07ab752cbf515203c6565392684498c0bf4602f6b22806bf84ce8be208c0861af8b2bb4de8656bd4a05673440f6ad6108d34d5bf0a3276d75d4e6e49eeca89ad07538e864878ccdcb7104f3d260432f1ef4efd316b91b4708f4a96a752ef84ebc81814d5348f4633fa5c57053e06f8465b0e32ce869ce90632dd55fe411c6dc1115570b46e2c29365fafc0edd946f34072a93f39fd6a6ee6ac79032b00d66c904b302b4424f467fb2a010ee59b68c4d659ebbe6ea7e441a0091037dc5879accdea094cc86c07c70e891c20cb2667603802caa60ea2e44d517fbf9cd792c2610cefeaabd9145a87f0302f8333d851336d3f763e11cb1685dbc713b9df2655162930feaa7ecedc0e5d1cee850f8e2bf16e24a6cb9643134891621810f1bc980e55ec71a3295cbcbf6ae5f01958b2d0636e75b6adc618b0cc9596051bd19bf3fbe0608e6834b616561c8a3d424facaebe7e142183e1008fe7b6a8eb0510860109c9bff16a4009c97c1354ec02461176fe0bd8cb32189fe581c0d00c0f3ec38d68bb14b0d2e6ac680ea7cf3a9a204ba204fa22c6ae3632c7088663dfb726bdf3a82f6387a7cbfb1ff6c7ff2e7c00459e6faf7a90d333a84c0b155ae5d3f04ed0192b1292ce93abcedbdf8ef6762e0dc8b7d48f5b8278e6157464e0785cf1130a39878f376ce742fa4085f34ec9765e759e76e9552bb5548dd8720c89be30204f7fb783a3ac7aec809c6565d7f26aa742cba6c9e134d3e38bbf5e291d741f4d4efbc9474a5fef8df2190f3f59799ac973c2f898b16a60ea96531b25e26edeb66b66a36ddfe8bfe20a46d966533cde8aaec997bef6adecbd50eb75179f09ef2e3c78c629894e43325392ae0cfb7d6d551fc1c910c1e81c680f8800e2e0ce0a069790f7be94181b7e0bba221644501fa89a9ef5efe96fdd1823406cf63d8489ebd4500b4eb04cf7aefea4c096b21cdd2aefe4987e61b9125daf90851296d6cff0ca8938c78f6607c2ef7f0571b2eb11f64717753a4460552f94d40dbde3f5b84a7a8ac9290010f1a50f4cd313a0663637074aac30ce706a51b1e0ecfef67aca4dca06eaa7159950aabc8803741b6f5998e425d9a34111535f2d21a5769cb44ae4530fb6af15a9a1daab99497b4ae99a86ad87fd94ed5801d4da4499cedc310c5c2a7fb2e2448b7eba7287844ba915472fead9a619abf1b4d668e60eed1f336333a0d8fa9568747bc8ccae08639dae981b1fab9c6df51f91567be4f5c61ced3a066474ae3bb3eb44d928796df1fc3981db690505ae6b5b30cb4aa150283215ec13a47aff84571d26f36e3fcaaa388d3137aa53642dd1924d8696b44cab9cc3a3df34b9a389e8a1c3dbd9c3e57115dce745efd66203faa705ed44af4f1281f1ae9f5e022b250d2b0dbd3e3ca4485804405b4f75ac8fd73642b8ad95afb2cbc62329e037ae34d89a6c8a4879e01b7af7c068bc7a817a7a48429cb6d1e3e8470bbe2ab210376b71d4bd223a0db09cedcac1139c289f11328e8fb64e0f79c1d73cfda5bf35173401d49afb145f37e898538f81fba069080ef9e00c93e5930e0ada3696aea15c4ac526dd3472cd4be6df8adba5ff47a1dbca3b5807882ad726d7bcfce616e9f3e6cce4ac84708a244f40b7b6adc95c0d60a513d6da2c439f505fdaefed420c73e5962b3d3a112407a46411a09bdc3c38f53244db77dfe4576ab428bc6eb0707dee7b15c5a01844c148290a18c2a1fec965710509d264d9a5c54020e27ed5e694f61c152511a767c59462a099483d54f21495ea4330fdab32e2cce1ef15ab5bc35ddccfe4415d6e2c62cfa9f1130e79b50feeeaf71b1acd8c76f14ae78af1f44211e1820a311bbc4296d459010541274a7cccc60452f748cb9392a6153c9e65519f2223339f0221231a280e7405f06c65e6a56b264bdc015e2d6263a05a88e5477ea25ea49c959659ae7d63721abb88459d5c19860b561844e79a2a6e2eb5b5f6b7856b1503a0d1a5220f7242aa6e147ee13eceb987c80a5900804c13e02d7c3f51eb24ce4862b08e4966a60ad9c6e8261fd64a01a621201127d8c8444173d6d1a16aad0ca725e847f4184c43dc194cde720d0d6b40840e0bde3563107d374f397d50b6de324cd2caa2ffc2fb4b84db9400514de070b2f88ff7a94fb33ec33cd94932bcddb170c8556b6ffe199969108895f029557bf6a919c825728826cdb1029eb1b1c6d1deff3fa152d88fd66154f83cb9e6704fe06bcec48782f860086c4d57a7da84428e9b912398d30165b14af529d565dce135b2d4eee14c37553c9ea13d8011f56fc5bc1cd92522cb5dd40a60c1c6e4fb5a6e787fa1ba3c8e252af3f3b671193cc11906b431b25b3d0b5654c72945152264131a937d5f0d1702df86487fb6d9c9cee700f2f25310ce0f8097844d4acc31612ef5be98239c3db97b2332ec45b4", 0x1000}}, 0x1006)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2, 0x0, 0x0, 0x0)

16.67942908s ago: executing program 0 (id=3977):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x0, &(0x7f0000000040)}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r2, @ANYBLOB="2da52abd7000fbdbdf2503000000080001000000000008000100000000003400", @ANYRES32=r3, @ANYRES32=r4], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)

16.0888387s ago: executing program 32 (id=3959):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x0, &(0x7f0000000040)}, 0x10)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x9ffc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0)
connect$pppl2tp(r2, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000040)={'ip6gre0\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r9, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001b80)={0x18, 0x0, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}]}, 0x18}}, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp(0x2, 0x3, 0x2)
r11 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r12=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, r11, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r12}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={r8})
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20044001}, 0x11)
sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r6, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000340007800c00018008000100", @ANYRES32=r7, @ANYRES32=r8], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001780)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x48814}, 0xc000)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x4, 0x0, 0x0, @pid}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r14)

16.054624744s ago: executing program 33 (id=3956):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf2503000000080001000000000008000100000000003400", @ANYRES32=r2], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)

15.089237682s ago: executing program 34 (id=3961):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[<r1=>0x0], 0x1})
r2 = socket(0x40000000015, 0x5, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0xffff1000, 0x8000, 0xfffff5a7, 0x7fffffff, 0x0, [{0x3, 0x81, 0x1, '\x00', 0x4}, {0xfe, 0x3, 0x0, '\x00', 0x6}, {0x7, 0xff, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x6, '\x00', 0x2}, {0xf, 0x2, 0xf9, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x2}, {0x8, 0x9, 0x2a, '\x00', 0x8}, {0x4, 0x0, 0xa, '\x00', 0xff}, {0x8, 0xd6, 0x3, '\x00', 0x9}, {0x9e, 0x6, 0x3, '\x00', 0x6}, {0x2, 0xb, 0x0, '\x00', 0x7f}, {0x45, 0x51, 0xa}, {0xe, 0xfc, 0x0, '\x00', 0x1}, {0x8, 0x2, 0x6, '\x00', 0x9}, {0x7, 0x1b, 0xfe, '\x00', 0x3}, {0x2, 0xa, 0xd6, '\x00', 0x7f}, {0xa, 0x0, 0xca, '\x00', 0x6}, {0x0, 0x60, 0x4, '\x00', 0x12}, {0xb, 0x8, 0x4f, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x4, '\x00', 0x7}, {0x8, 0xc, 0x0, '\x00', 0x6}]}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/softlockup_count', 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xac \xe8\xb6\xdf\x16J\xab\xecC\xe2{\xfd\x8a\xb4\x8e\x9c\xfb\xf6\xe9\xd8]B6)\x9f\x9cR\xae\x12G\xd8\xa4y\xef\x02?\xf2\xe7}\ra\x97F', 0x1)
copy_file_range(r0, 0x0, r5, &(0x7f0000000040)=0xfffffffffffffffd, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r6)
rt_sigsuspend(&(0x7f0000000180)={[0x7]}, 0x8)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000c80)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="7f1ad71c5e1e2ffd65015711202c22a1", 0x10}], 0x1, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20000850}], 0x1, 0x8084)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}, 0x1, 0x0, 0x0, 0x4094}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x0, 0x20000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000100), 0x14)
getsockopt(r2, 0x200000000114, 0x8, &(0x7f0000019780)=""/102387, &(0x7f00000003c0)=0xfffffffffffffdc8)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r10=>0x0, <r11=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000200)={r1, r10, r11, 0x80000003, 0xa2a, 0xfffffffc, 0x0, 0x200, 0x7, 0xe, 0xfffffffb, 0x322})
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x400142, 0x0)

10.092712596s ago: executing program 35 (id=3971):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x0, &(0x7f0000000040)}, 0x10)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x9ffc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0)
connect$pppl2tp(r2, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000040)={'ip6gre0\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r9, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001b80)={0x18, 0x0, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}]}, 0x18}}, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp(0x2, 0x3, 0x2)
r11 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r12=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, r11, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r12}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={r8})
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20044001}, 0x11)
sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r6, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000340007800c00018008000100", @ANYRES32=r7, @ANYRES32=r8], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001780)=ANY=[@ANYBLOB="3800000040001901feffffff00000000017c0000140042800f"], 0x38}, 0x1, 0x0, 0x0, 0x48814}, 0xc000)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0x4, 0x0, 0x0, @pid}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r14)

0s ago: executing program 36 (id=3977):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x0, &(0x7f0000000040)}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r2, @ANYBLOB="2da52abd7000fbdbdf2503000000080001000000000008000100000000003400", @ANYRES32=r3, @ANYRES32=r4], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)

kernel console output (not intermixed with test programs):

sive=1
[ 1120.935253][ T5896] usb 5-1: Using ep0 maxpacket: 16
[ 1120.946625][ T5896] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1120.959064][ T5896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 111, changing to 10
[ 1121.003022][ T5896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 42122, setting to 1024
[ 1121.034105][ T5896] usb 5-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a
[ 1121.044701][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.093284][ T5896] usb 5-1: config 0 descriptor??
[ 1121.135118][T19621] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1121.199869][T19634] tipc: Started in network mode
[ 1121.203274][ T5896] pegasus_notetaker 5-1:0.0: probe with driver pegasus_notetaker failed with error -12
[ 1121.221702][T19634] tipc: Node identity 7f000001, cluster identity 4711
[ 1121.342891][T16359] appletouch 4-1:0.85: Geyser mode initialized.
[ 1121.363060][T19634] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1121.492606][T16359] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input16
[ 1121.778244][   T30] audit: type=1400 audit(1763824152.104:1914): avc:  denied  { write } for  pid=19620 comm="syz.4.3728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1122.012042][ T5896] usb 5-1: USB disconnect, device number 42
[ 1122.090672][T19649] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3735'.
[ 1122.563177][ T5896] tipc: Node number set to 2130706433
[ 1122.850207][T19663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3738'.
[ 1122.881189][T16999] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1123.684453][   T10] usb 4-1: USB disconnect, device number 37
[ 1123.736387][T16999] usb 1-1: Using ep0 maxpacket: 16
[ 1123.792155][T16999] usb 1-1: config 0 has an invalid interface number: 199 but max is 7
[ 1123.834167][T16999] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8
[ 1123.850688][   T10] appletouch 4-1:0.85: input: appletouch disconnected
[ 1123.867451][T16999] usb 1-1: config 0 has no interface number 0
[ 1123.907810][T16999] usb 1-1: too many endpoints for config 0 interface 199 altsetting 193: 58, using maximum allowed: 30
[ 1124.321460][T16999] usb 1-1: config 0 interface 199 altsetting 193 has 0 endpoint descriptors, different from the interface descriptor's value: 58
[ 1124.543666][T16999] usb 1-1: config 0 interface 199 has no altsetting 0
[ 1124.555235][T16999] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[ 1124.617711][T16999] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1124.619008][T19681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1124.626058][T16999] usb 1-1: Product: syz
[ 1124.639934][T16999] usb 1-1: Manufacturer: syz
[ 1124.644619][T16999] usb 1-1: SerialNumber: syz
[ 1124.650479][T19681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1124.681059][T16999] usb 1-1: config 0 descriptor??
[ 1124.805923][T16359] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 1124.972881][T19692] FAULT_INJECTION: forcing a failure.
[ 1124.972881][T19692] name failslab, interval 1, probability 0, space 0, times 0
[ 1125.011654][T16359] usb 2-1: Using ep0 maxpacket: 8
[ 1125.019939][T19692] CPU: 0 UID: 0 PID: 19692 Comm: syz.4.3744 Not tainted syzkaller #0 PREEMPT(full) 
[ 1125.019956][T19692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1125.019962][T19692] Call Trace:
[ 1125.019966][T19692]  <TASK>
[ 1125.019970][T19692]  dump_stack_lvl+0x16c/0x1f0
[ 1125.019985][T19692]  should_fail_ex+0x512/0x640
[ 1125.019998][T19692]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[ 1125.020016][T19692]  should_failslab+0xc2/0x120
[ 1125.020029][T19692]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1125.020044][T19692]  ? skb_clone+0x190/0x3f0
[ 1125.020061][T19692]  ? skb_clone+0x190/0x3f0
[ 1125.020073][T19692]  skb_clone+0x190/0x3f0
[ 1125.020088][T19692]  nfnetlink_rcv_batch+0x1cf/0x2350
[ 1125.020100][T19692]  ? kmem_cache_free+0x2d4/0x6c0
[ 1125.020113][T19692]  ? __lock_acquire+0x622/0x1c90
[ 1125.020126][T19692]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[ 1125.020146][T19692]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1125.020163][T19692]  ? __asan_memset+0x23/0x50
[ 1125.020178][T19692]  ? __nla_validate_parse+0x600/0x2880
[ 1125.020197][T19692]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1125.020213][T19692]  ? cap_capable+0xb3/0x250
[ 1125.020225][T19692]  ? __nla_parse+0x40/0x60
[ 1125.020242][T19692]  nfnetlink_rcv+0x3c1/0x430
[ 1125.020254][T19692]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1125.020269][T19692]  netlink_unicast+0x5aa/0x870
[ 1125.020287][T19692]  ? __pfx_netlink_unicast+0x10/0x10
[ 1125.020307][T19692]  netlink_sendmsg+0x8c8/0xdd0
[ 1125.020325][T19692]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1125.020351][T19692]  ____sys_sendmsg+0xa98/0xc70
[ 1125.020363][T19692]  ? copy_msghdr_from_user+0x10a/0x160
[ 1125.020377][T19692]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1125.020393][T19692]  ___sys_sendmsg+0x134/0x1d0
[ 1125.020408][T19692]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1125.020421][T19692]  ? __lock_acquire+0x622/0x1c90
[ 1125.020449][T19692]  __sys_sendmsg+0x16d/0x220
[ 1125.020463][T19692]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1125.020490][T19692]  do_syscall_64+0xcd/0xfa0
[ 1125.020508][T19692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1125.020525][T19692] RIP: 0033:0x7fdb7ab8f749
[ 1125.020539][T19692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1125.020555][T19692] RSP: 002b:00007fdb7ba53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1125.020572][T19692] RAX: ffffffffffffffda RBX: 00007fdb7ade5fa0 RCX: 00007fdb7ab8f749
[ 1125.020583][T19692] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1125.020592][T19692] RBP: 00007fdb7ba53090 R08: 0000000000000000 R09: 0000000000000000
[ 1125.020602][T19692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1125.020613][T19692] R13: 00007fdb7ade6038 R14: 00007fdb7ade5fa0 R15: 00007ffdf26e1028
[ 1125.020637][T19692]  </TASK>
[ 1125.335179][T16359] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1125.390475][T16359] usb 2-1: config index 0 descriptor too short (expected 51, got 18)
[ 1125.420546][T16999] ftdi_sio 1-1:0.199: FTDI USB Serial Device converter detected
[ 1125.492073][T16359] usb 2-1: config 4 has an invalid interface number: 30 but max is 0
[ 1125.503830][T16999] usb 1-1: Detected FT232R
[ 1125.515084][T16999] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[ 1125.861773][T16359] usb 2-1: config 4 has no interface number 0
[ 1125.870076][T16359] usb 2-1: config 4 interface 30 has no altsetting 0
[ 1125.963085][T16999] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1125.980435][T16359] usb 2-1: string descriptor 0 read error: -22
[ 1126.041554][T16999] ftdi_sio 1-1:0.199: GPIO initialisation failed: -71
[ 1126.057266][T16359] usb 2-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[ 1126.070079][T16999] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1126.093197][T16359] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1126.128555][T16999] usb 1-1: USB disconnect, device number 26
[ 1126.148923][T16359] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[ 1126.176938][T16999] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1126.618001][T16999] ftdi_sio 1-1:0.199: device disconnected
[ 1126.837727][    T9] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[ 1127.382238][    T9] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1127.502020][    T9] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1127.714572][T16359] dw2102: su3000_power_ctrl: 1, initialized 0
[ 1127.721043][T16359] dvb-usb: bulk message failed: -22 (2/0)
[ 1127.730201][T16359] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1127.740285][T16359] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[ 1127.748684][T16359] usb 2-1: media controller created
[ 1127.750188][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1127.754022][T16359] dvb-usb: bulk message failed: -22 (6/0)
[ 1127.776202][T16359] dw2102: i2c transfer failed.
[ 1127.786481][T16359] dvb-usb: bulk message failed: -22 (6/0)
[ 1127.792941][T19711] FAULT_INJECTION: forcing a failure.
[ 1127.792941][T19711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1127.806145][T16359] dw2102: i2c transfer failed.
[ 1127.811010][T16359] dvb-usb: bulk message failed: -22 (6/0)
[ 1127.816795][T16359] dw2102: i2c transfer failed.
[ 1127.821673][T16359] dvb-usb: bulk message failed: -22 (6/0)
[ 1127.832258][T16359] dw2102: i2c transfer failed.
[ 1127.837086][T16359] dvb-usb: bulk message failed: -22 (6/0)
[ 1127.839160][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1127.842911][T19711] CPU: 1 UID: 0 PID: 19711 Comm: syz.0.3748 Not tainted syzkaller #0 PREEMPT(full) 
[ 1127.842934][T19711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1127.842944][T19711] Call Trace:
[ 1127.842950][T19711]  <TASK>
[ 1127.842958][T19711]  dump_stack_lvl+0x16c/0x1f0
[ 1127.842981][T19711]  should_fail_ex+0x512/0x640
[ 1127.843006][T19711]  _copy_from_user+0x2e/0xd0
[ 1127.843029][T19711]  kstrtouint_from_user+0xd6/0x1d0
[ 1127.843055][T19711]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1127.843081][T19711]  ? __lock_acquire+0xb8a/0x1c90
[ 1127.843110][T19711]  proc_fail_nth_write+0x83/0x220
[ 1127.843132][T19711]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1127.843156][T19711]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1127.843171][T19711]  vfs_write+0x2a0/0x11d0
[ 1127.843190][T19711]  ? __pfx___mutex_lock+0x10/0x10
[ 1127.843207][T19711]  ? __pfx_vfs_write+0x10/0x10
[ 1127.843227][T19711]  ? __fget_files+0x20e/0x3c0
[ 1127.843250][T19711]  ksys_write+0x12a/0x250
[ 1127.843264][T19711]  ? __pfx_ksys_write+0x10/0x10
[ 1127.843286][T19711]  do_syscall_64+0xcd/0xfa0
[ 1127.843303][T19711]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1127.843318][T19711] RIP: 0033:0x7f7f1b18e1ff
[ 1127.843332][T19711] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1127.843346][T19711] RSP: 002b:00007f7f1c0df030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1127.843362][T19711] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7f1b18e1ff
[ 1127.843372][T19711] RDX: 0000000000000001 RSI: 00007f7f1c0df0a0 RDI: 0000000000000011
[ 1127.843382][T19711] RBP: 00007f7f1c0df090 R08: 0000000000000000 R09: 0000000000000000
[ 1127.843391][T19711] R10: 000000000000006a R11: 0000000000000293 R12: 0000000000000001
[ 1127.843399][T19711] R13: 00007f7f1b3e6128 R14: 00007f7f1b3e6090 R15: 00007ffe5c979638
[ 1127.843422][T19711]  </TASK>
[ 1127.844126][T16359] dw2102: i2c transfer failed.
[ 1127.888646][    T9] usb 3-1: config 1 has no interface number 0
[ 1127.894768][T16359] dvb-usb: bulk message failed: -22 (6/0)
[ 1127.906209][    T9] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1128.091387][T16359] dw2102: i2c transfer failed.
[ 1128.100729][T16359] dvb-usb: MAC address: 02:02:02:02:02:02
[ 1128.121161][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1128.272686][T16359] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1128.293920][T16359] dvb-usb: bulk message failed: -22 (3/0)
[ 1128.300944][T16359] dw2102: command 0x0e transfer failed.
[ 1128.307994][T16359] dvb-usb: bulk message failed: -22 (3/0)
[ 1128.313801][T16359] dw2102: command 0x0e transfer failed.
[ 1128.331099][    T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1128.576031][    T9] snd_usb_pod 3-1:1.1: set_interface failed
[ 1128.582710][    T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1128.589972][    T9] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -71
[ 1128.609692][    T9] usb 3-1: USB disconnect, device number 26
[ 1128.646059][T16359] dvb-usb: bulk message failed: -22 (3/0)
[ 1128.651806][T16359] dw2102: command 0x0e transfer failed.
[ 1128.660718][T16359] dvb-usb: bulk message failed: -22 (3/0)
[ 1128.675287][T16359] dw2102: command 0x0e transfer failed.
[ 1128.688507][T16359] dvb-usb: bulk message failed: -22 (1/0)
[ 1128.701077][T16359] dw2102: command 0x51 transfer failed.
[ 1128.706993][T16359] dvb-usb: bulk message failed: -22 (5/0)
[ 1128.752170][T16359] dw2102: i2c probe for address 0x68 failed.
[ 1128.805421][T16359] dvb-usb: bulk message failed: -22 (5/0)
[ 1128.818465][T16359] dw2102: i2c probe for address 0x69 failed.
[ 1128.848183][T16359] dvb-usb: bulk message failed: -22 (5/0)
[ 1128.916407][T16359] dw2102: i2c probe for address 0x6a failed.
[ 1128.923784][T16359] dw2102: probing for demodulator failed. Is the external power switched on?
[ 1128.940828][T16359] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[ 1129.055264][T16359] rc_core: IR keymap rc-tt-1500 not found
[ 1129.061833][T16359] Registered IR keymap rc-empty
[ 1129.069217][T16359] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[ 1129.084417][T16359] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input18
[ 1129.095476][T16359] dvb-usb: schedule remote query interval to 250 msecs.
[ 1129.102430][T16359] dw2102: su3000_power_ctrl: 0, initialized 1
[ 1129.109606][T16359] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[ 1129.121248][T16359] usb 2-1: USB disconnect, device number 36
[ 1129.171392][T16359] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[ 1129.382802][   T30] audit: type=1326 audit(1763824159.202:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.427726][   T30] audit: type=1326 audit(1763824159.202:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.440973][T19727] netlink: 'syz.2.3752': attribute type 3 has an invalid length.
[ 1129.451621][   T30] audit: type=1326 audit(1763824159.202:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.482697][   T30] audit: type=1326 audit(1763824159.202:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.507206][   T30] audit: type=1326 audit(1763824159.202:1919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.538124][   T30] audit: type=1326 audit(1763824159.202:1920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.561817][   T30] audit: type=1326 audit(1763824159.202:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.585392][   T30] audit: type=1326 audit(1763824159.202:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.611179][   T30] audit: type=1326 audit(1763824159.202:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1129.635731][   T30] audit: type=1326 audit(1763824159.202:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19721 comm="syz.2.3751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1131.235591][T19751] binder: BINDER_SET_CONTEXT_MGR already set
[ 1131.241735][T19751] binder: 19750:19751 ioctl 4018620d 200000000040 returned -16
[ 1131.254150][T19751] binder: 19750:19751 ioctl c0306201 200000000300 returned -11
[ 1133.393996][ T5896] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[ 1133.638526][ T5896] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1133.665489][ T5896] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1133.675925][ T5896] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1133.690505][ T5896] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1133.700719][ T5896] usb 1-1: config 1 has no interface number 0
[ 1133.717414][ T5896] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1133.726737][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1133.749259][ T5896] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[ 1133.792830][T19770] comedi comedi3: comedi_test: 6 microvolt, 2047 microsecond waveform attached
[ 1133.811665][T16921] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1134.003781][T16921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1134.377015][ T5896] snd_usb_pod 1-1:1.1: set_interface failed
[ 1134.709520][ T5896] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[ 1134.716752][T16921] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[ 1134.726707][ T5896] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[ 1134.735877][T16921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1134.746439][ T5896] usb 1-1: USB disconnect, device number 27
[ 1134.754842][T16921] usb 2-1: config 0 descriptor??
[ 1135.141460][T19781] binder: 19780:19781 ioctl c0306201 200000000300 returned -11
[ 1135.243519][T16359] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1135.457503][T16359] usb 3-1: Using ep0 maxpacket: 32
[ 1135.471021][T16359] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[ 1135.536227][T16359] usb 3-1: config 0 has no interface number 0
[ 1135.568382][T16359] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1135.585755][T16921] lenovo 0003:17EF:6047.000A: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0
[ 1135.608854][T16359] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1135.618497][T19768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1135.640086][T16359] usb 3-1: Product: syz
[ 1135.660075][T19768] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1135.667984][T16359] usb 3-1: Manufacturer: syz
[ 1135.691049][T16359] usb 3-1: SerialNumber: syz
[ 1135.705441][   T30] kauditd_printk_skb: 20 callbacks suppressed
[ 1135.705464][   T30] audit: type=1400 audit(1763824165.139:1945): avc:  denied  { bind } for  pid=19785 comm="syz.0.3770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1135.720428][T16359] usb 3-1: config 0 descriptor??
[ 1135.780207][T16359] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1135.808319][   T30] audit: type=1400 audit(1763824165.139:1946): avc:  denied  { listen } for  pid=19785 comm="syz.0.3770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1135.850235][   T30] audit: type=1400 audit(1763824165.139:1947): avc:  denied  { accept } for  pid=19785 comm="syz.0.3770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1135.988945][   T30] audit: type=1400 audit(1763824165.139:1948): avc:  denied  { read } for  pid=19785 comm="syz.0.3770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1136.045108][T16921] lenovo 0003:17EF:6047.000A: Failed to switch middle button: -71
[ 1136.057021][T16921] lenovo 0003:17EF:6047.000A: Fn-lock setting failed: -71
[ 1136.066492][T16921] lenovo 0003:17EF:6047.000A: Sensitivity setting failed: -71
[ 1136.569575][T16921] usb 2-1: USB disconnect, device number 37
[ 1136.692588][T19811] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3774'.
[ 1139.212570][   T30] audit: type=1400 audit(1763824168.403:1949): avc:  denied  { map } for  pid=19835 comm="syz.1.3779" path="socket:[71953]" dev="sockfs" ino=71953 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1139.245971][   T30] audit: type=1400 audit(1763824168.403:1950): avc:  denied  { read } for  pid=19835 comm="syz.1.3779" path="socket:[71953]" dev="sockfs" ino=71953 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1140.849259][T19847] binder: 19846:19847 ioctl c0306201 200000000300 returned -11
[ 1141.126629][T19849] netlink: 277 bytes leftover after parsing attributes in process `syz.4.3783'.
[ 1141.334555][T16920] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 1141.342951][T16359] usb 3-1: qt2_attach - failed to power on unit: -110
[ 1141.350962][T16359] quatech2 3-1:0.51: probe with driver quatech2 failed with error -110
[ 1141.567930][T16920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1141.579077][T16920] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1141.599392][T16920] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[ 1141.616120][T16920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1141.639182][T16920] usb 2-1: config 0 descriptor??
[ 1142.130546][T16920] kovaplus 0003:1E7D:2D50.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0
[ 1142.333651][T19851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1142.346307][T19851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1142.642144][T16920] kovaplus 0003:1E7D:2D50.000B: couldn't init struct kovaplus_device
[ 1142.650498][T16920] kovaplus 0003:1E7D:2D50.000B: couldn't install mouse
[ 1142.666440][T16920] kovaplus 0003:1E7D:2D50.000B: probe with driver kovaplus failed with error -71
[ 1142.685860][T16920] usb 2-1: USB disconnect, device number 38
[ 1142.928784][T19867] tipc: Started in network mode
[ 1142.933869][T19867] tipc: Node identity 969504afafaf, cluster identity 4711
[ 1142.941105][T19867] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1142.959788][T19867] syzkaller0: entered promiscuous mode
[ 1142.966400][T19867] syzkaller0: entered allmulticast mode
[ 1143.003473][  T847] usb 3-1: USB disconnect, device number 27
[ 1143.023659][T19867] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3787'.
[ 1143.054313][T19867] tipc: Resetting bearer <eth:syzkaller0>
[ 1143.066733][T19871] FAULT_INJECTION: forcing a failure.
[ 1143.066733][T19871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1143.091563][T19866] tipc: Resetting bearer <eth:syzkaller0>
[ 1143.136541][T19871] CPU: 0 UID: 0 PID: 19871 Comm: syz.4.3788 Not tainted syzkaller #0 PREEMPT(full) 
[ 1143.136569][T19871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1143.136580][T19871] Call Trace:
[ 1143.136587][T19871]  <TASK>
[ 1143.136595][T19871]  dump_stack_lvl+0x16c/0x1f0
[ 1143.136617][T19871]  should_fail_ex+0x512/0x640
[ 1143.136643][T19871]  _copy_from_iter+0x29f/0x1720
[ 1143.136669][T19871]  ? __alloc_skb+0x200/0x380
[ 1143.136693][T19871]  ? __pfx__copy_from_iter+0x10/0x10
[ 1143.136712][T19871]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1143.136732][T19871]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1143.136760][T19871]  netlink_sendmsg+0x820/0xdd0
[ 1143.136791][T19871]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1143.136827][T19871]  ____sys_sendmsg+0xa98/0xc70
[ 1143.136847][T19871]  ? copy_msghdr_from_user+0x10a/0x160
[ 1143.136872][T19871]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1143.136900][T19871]  ___sys_sendmsg+0x134/0x1d0
[ 1143.136926][T19871]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1143.136948][T19871]  ? __lock_acquire+0x622/0x1c90
[ 1143.136994][T19871]  __sys_sendmsg+0x16d/0x220
[ 1143.137019][T19871]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1143.137058][T19871]  do_syscall_64+0xcd/0xfa0
[ 1143.137078][T19871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1143.137095][T19871] RIP: 0033:0x7fdb7ab8f749
[ 1143.137110][T19871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1143.137127][T19871] RSP: 002b:00007fdb7ba53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1143.137144][T19871] RAX: ffffffffffffffda RBX: 00007fdb7ade5fa0 RCX: 00007fdb7ab8f749
[ 1143.137155][T19871] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[ 1143.137165][T19871] RBP: 00007fdb7ba53090 R08: 0000000000000000 R09: 0000000000000000
[ 1143.137174][T19871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1143.137183][T19871] R13: 00007fdb7ade6038 R14: 00007fdb7ade5fa0 R15: 00007ffdf26e1028
[ 1143.137207][T19871]  </TASK>
[ 1143.343533][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1143.875635][T19866] tipc: Disabling bearer <eth:syzkaller0>
[ 1144.517263][T19891] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1145.083411][T18631] udevd[18631]: inotify_add_watch(7, /dev/nbd49, 10) failed: No such file or directory
[ 1145.102667][T19894] bond1: entered promiscuous mode
[ 1145.110074][T19894] bond1: entered allmulticast mode
[ 1145.125713][T19894] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1145.210071][T19885] nbd49: detected capacity change from 0 to 127
[ 1145.216803][T19890] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3792'.
[ 1145.231908][T18631] udevd[18631]: inotify_add_watch(7, /dev/nbd49, 10) failed: No such file or directory
[ 1145.265442][ T5817] block nbd49: Receive control failed (result -32)
[ 1145.334995][T19897] netlink: 277 bytes leftover after parsing attributes in process `syz.2.3795'.
[ 1146.279433][ T5896] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1146.450518][ T5896] usb 1-1: Using ep0 maxpacket: 8
[ 1146.470344][ T5896] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1146.506725][ T5896] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[ 1146.558193][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1146.566813][ T5896] usb 1-1: Product: syz
[ 1146.571645][ T5896] usb 1-1: Manufacturer: syz
[ 1146.576310][ T5896] usb 1-1: SerialNumber: syz
[ 1146.587785][ T5896] usb 1-1: config 0 descriptor??
[ 1146.647663][   T30] audit: type=1400 audit(1763824175.369:1951): avc:  denied  { create } for  pid=19912 comm="syz.2.3798" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1146.930490][T19909] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3797'.
[ 1147.112259][T19909] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3797'.
[ 1147.527295][T19909] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3797'.
[ 1147.537190][  T847] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 1147.591404][T19931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3802'.
[ 1147.609660][   T30] audit: type=1400 audit(1763824176.267:1952): avc:  denied  { append } for  pid=19932 comm="syz.4.3803" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1147.646868][   T30] audit: type=1400 audit(1763824176.267:1953): avc:  denied  { map } for  pid=19932 comm="syz.4.3803" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1147.768277][   T30] audit: type=1400 audit(1763824176.267:1954): avc:  denied  { execute } for  pid=19932 comm="syz.4.3803" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1147.793464][  T847] usb 4-1: Using ep0 maxpacket: 32
[ 1147.801365][  T847] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[ 1147.819347][  T847] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1147.837280][  T847] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1147.894396][  T847] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1148.067468][  T847] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1148.286124][  T847] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1148.300682][  T847] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1148.309484][  T847] usb 4-1: Product: syz
[ 1148.314089][  T847] usb 4-1: Manufacturer: syz
[ 1148.318775][  T847] usb 4-1: SerialNumber: syz
[ 1148.327929][  T847] usb 4-1: config 0 descriptor??
[ 1148.337370][  T847] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1148.349787][  T847] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1148.386907][T19708] udevd[19708]: inotify_add_watch(7, /dev/nbd50, 10) failed: No such file or directory
[ 1148.451517][T19949] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1148.461054][T19946] nbd50: detected capacity change from 0 to 127
[ 1148.467636][T19948] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3807'.
[ 1148.470289][T18631] udevd[18631]: inotify_add_watch(7, /dev/nbd50, 10) failed: No such file or directory
[ 1148.476835][T19948] block nbd0: reconnected socket
[ 1148.491493][T19948] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1148.502804][ T5817] block nbd50: Receive control failed (result -32)
[ 1148.510035][T16905] block nbd0: Receive control failed (result -32)
[ 1148.526919][T19944] netlink: 277 bytes leftover after parsing attributes in process `syz.2.3808'.
[ 1148.559617][T16359] usb 4-1: USB disconnect, device number 38
[ 1148.685392][T16359] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[ 1148.913435][T16920] usb 1-1: USB disconnect, device number 28
[ 1148.921058][ T5896] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1149.092449][ T5896] usb 5-1: Using ep0 maxpacket: 8
[ 1149.478738][ T5896] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1149.488647][ T5896] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1149.504072][ T5896] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1149.514198][ T5896] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 1149.524329][ T5896] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1149.538242][ T5896] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1149.547851][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.562099][ T5896] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22
[ 1149.712284][T16920] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[ 1149.775538][T19952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1149.847962][T19952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1149.856664][T19952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1149.917965][T19952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1149.927679][T16920] usb 1-1: Using ep0 maxpacket: 32
[ 1149.930782][T19952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1149.992291][T19952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1150.036979][T19952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1150.065422][T19952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1150.074051][T19952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1150.084529][T16920] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1150.093198][T16920] usb 1-1: config 1 has an invalid interface number: 85 but max is 0
[ 1150.101505][T16920] usb 1-1: config 1 has no interface number 0
[ 1150.104914][T19952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1150.107603][T16920] usb 1-1: config 1 interface 85 altsetting 9 bulk endpoint 0xF has invalid maxpacket 64
[ 1150.128864][T16920] usb 1-1: config 1 interface 85 has no altsetting 0
[ 1150.146852][T16920] usb 1-1: string descriptor 0 read error: -22
[ 1150.153582][T16920] usb 1-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=8c.a2
[ 1150.164312][   T30] audit: type=1400 audit(1763824178.652:1955): avc:  denied  { execute_no_trans } for  pid=19973 comm="syz.2.3816" path="/154/file1" dev="tmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1150.164837][T16920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1150.249767][T19960] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1150.266697][T16920] ftdi_sio 1-1:1.85: FTDI USB Serial Device converter detected
[ 1150.369732][T16920] ftdi_sio ttyUSB0: unknown device type: 0x8ca2
[ 1150.992508][T16920] usb 1-1: USB disconnect, device number 29
[ 1150.992790][   T10] usb 5-1: USB disconnect, device number 43
[ 1151.045300][   T30] audit: type=1400 audit(1763824179.474:1956): avc:  denied  { read } for  pid=19986 comm="syz.4.3819" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1151.078481][   T30] audit: type=1400 audit(1763824179.474:1957): avc:  denied  { open } for  pid=19986 comm="syz.4.3819" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1151.086265][T16920] ftdi_sio 1-1:1.85: device disconnected
[ 1151.151620][   T30] audit: type=1400 audit(1763824179.474:1958): avc:  denied  { ioctl } for  pid=19986 comm="syz.4.3819" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x942d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1151.209714][ T5896] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1151.391168][ T5896] usb 4-1: Using ep0 maxpacket: 16
[ 1151.398863][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1151.411231][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1151.422888][ T5896] usb 4-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[ 1151.439704][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.476696][ T5896] usb 4-1: config 0 descriptor??
[ 1151.498113][   T10] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1151.549841][T19991] binder: 19990:19991 ioctl c0306201 200000000000 returned -14
[ 1151.701301][   T10] usb 5-1: Using ep0 maxpacket: 32
[ 1151.736407][   T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[ 1151.766092][   T10] usb 5-1: config 0 has no interface number 0
[ 1151.799769][   T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1151.819034][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1151.827477][   T10] usb 5-1: Product: syz
[ 1151.831715][   T10] usb 5-1: Manufacturer: syz
[ 1151.841505][   T10] usb 5-1: SerialNumber: syz
[ 1151.868338][   T10] usb 5-1: config 0 descriptor??
[ 1151.924617][   T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1151.935088][ T5896] usbhid 4-1:0.0: can't add hid device: -71
[ 1151.944306][ T5896] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1151.989202][ T5896] usb 4-1: USB disconnect, device number 39
[ 1152.118617][T16359] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[ 1152.164865][   T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1152.184458][   T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1152.297902][T16359] usb 1-1: config 5 has an invalid interface number: 123 but max is 0
[ 1152.323911][T16359] usb 1-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 1152.349548][T16359] usb 1-1: config 5 has no interface number 0
[ 1152.364507][T16921] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[ 1152.410475][T16359] usb 1-1: config 5 interface 123 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1152.442871][T16359] usb 1-1: config 5 interface 123 has no altsetting 0
[ 1152.526279][T16359] usb 1-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[ 1152.593533][T16359] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1152.605738][T16359] usb 1-1: Product: syz
[ 1152.610044][T16921] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1152.620658][T16359] usb 1-1: Manufacturer: syz
[ 1152.631189][T16359] usb 1-1: SerialNumber: syz
[ 1152.636094][T16921] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1152.658306][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1152.659473][ T5896] usb 5-1: USB disconnect, device number 44
[ 1152.678151][T16921] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1152.695568][ T5896] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1152.706953][T16921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1152.715427][T16921] usb 3-1: SerialNumber: syz
[ 1152.724789][ T5896] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1152.739467][ T5896] quatech2 5-1:0.51: device disconnected
[ 1152.903394][T19994] netlink: 'syz.0.3821': attribute type 1 has an invalid length.
[ 1152.911305][T19994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3821'.
[ 1152.922504][T20002] netlink: 277 bytes leftover after parsing attributes in process `syz.3.3824'.
[ 1152.930757][T19994] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3821'.
[ 1152.934325][   T30] audit: type=1400 audit(1763824181.232:1959): avc:  denied  { getopt } for  pid=19993 comm="syz.0.3821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1152.968093][T19996] netlink: 'syz.2.3822': attribute type 3 has an invalid length.
[ 1152.993982][T16921] usb 3-1: 0:2 : does not exist
[ 1153.085931][T16359] comedi comedi5: Wrong number of endpoints
[ 1153.096677][T16921] usb 3-1: USB disconnect, device number 28
[ 1153.102719][T16359] ni6501 1-1:5.123: driver 'ni6501' failed to auto-configure device.
[ 1153.126295][T16359] usb 1-1: USB disconnect, device number 30
[ 1153.338995][   T30] audit: type=1400 audit(1763824181.625:1960): avc:  denied  { ioctl } for  pid=20005 comm="syz.4.3825" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x6615 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1153.495300][ T3025] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1153.512805][   T30] audit: type=1400 audit(1763824181.784:1961): avc:  denied  { accept } for  pid=20011 comm="syz.4.3827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1154.567348][   T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1157.668587][   T10] usb 3-1: Using ep0 maxpacket: 32
[ 1157.675719][   T10] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1157.712762][   T10] usb 3-1: config 56 has an invalid interface number: 7 but max is 0
[ 1157.724129][T16999] usb 4-1: new full-speed USB device number 40 using dummy_hcd
[ 1158.024538][   T10] usb 3-1: config 56 has no interface number 0
[ 1158.040901][   T30] audit: type=1400 audit(1763824186.001:1962): avc:  denied  { read write } for  pid=20043 comm="syz.4.3835" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1158.041913][   T10] usb 3-1: New USB device found, idVendor=2020, idProduct=2031, bcdDevice=3b.23
[ 1158.222916][   T30] audit: type=1400 audit(1763824186.001:1963): avc:  denied  { open } for  pid=20043 comm="syz.4.3835" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1158.229245][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.264657][   T30] audit: type=1400 audit(1763824186.020:1964): avc:  denied  { ioctl } for  pid=20043 comm="syz.4.3835" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1158.297800][   T10] usb 3-1: Product: syz
[ 1158.303501][   T10] usb 3-1: Manufacturer: syz
[ 1158.309524][T16999] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1158.322172][T16999] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1158.330925][   T10] usb 3-1: SerialNumber: syz
[ 1158.336363][T16999] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1158.385437][T16999] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1158.572606][T16921] usb 3-1: USB disconnect, device number 29
[ 1158.592793][T16999] usb 4-1: config 1 has no interface number 0
[ 1158.628362][T16999] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1158.660842][T16999] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1158.673267][T20052] netlink: 'syz.2.3838': attribute type 10 has an invalid length.
[ 1158.682709][T20052] netlink: 'syz.2.3838': attribute type 10 has an invalid length.
[ 1158.691659][T20052] team0: Port device dummy0 removed
[ 1158.701043][T20052] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1158.778536][T16999] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[ 1158.923996][T20057] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3840'.
[ 1159.063886][T16999] snd_usb_pod 4-1:1.1: set_interface failed
[ 1159.070169][T16999] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[ 1159.081717][T16999] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -71
[ 1159.153406][T16999] usb 4-1: USB disconnect, device number 40
[ 1159.347573][T16921] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[ 1159.440244][T20062] netlink: 277 bytes leftover after parsing attributes in process `syz.1.3842'.
[ 1159.579246][T16921] usb 3-1: config 5 has an invalid interface number: 123 but max is 0
[ 1159.587543][T16921] usb 3-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 1159.598367][T16921] usb 3-1: config 5 has no interface number 0
[ 1159.606082][T16921] usb 3-1: config 5 interface 123 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1159.626115][T16921] usb 3-1: config 5 interface 123 has no altsetting 0
[ 1159.635429][T16921] usb 3-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[ 1159.671125][T16921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1159.679587][T16921] usb 3-1: Product: syz
[ 1159.684018][T16921] usb 3-1: Manufacturer: syz
[ 1159.688885][T16921] usb 3-1: SerialNumber: syz
[ 1160.074570][T20072] netlink: 'syz.2.3841': attribute type 1 has an invalid length.
[ 1160.365158][T20072] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3841'.
[ 1160.421148][T20071] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3843'.
[ 1160.937741][T16921] comedi comedi5: Wrong number of endpoints
[ 1160.944175][T16921] ni6501 3-1:5.123: driver 'ni6501' failed to auto-configure device.
[ 1160.979839][T16921] usb 3-1: USB disconnect, device number 30
[ 1161.019536][T20075] FAULT_INJECTION: forcing a failure.
[ 1161.019536][T20075] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1161.069281][T20075] CPU: 1 UID: 0 PID: 20075 Comm: syz.3.3846 Not tainted syzkaller #0 PREEMPT(full) 
[ 1161.069307][T20075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1161.069317][T20075] Call Trace:
[ 1161.069323][T20075]  <TASK>
[ 1161.069329][T20075]  dump_stack_lvl+0x16c/0x1f0
[ 1161.069351][T20075]  should_fail_ex+0x512/0x640
[ 1161.069377][T20075]  _copy_from_user+0x2e/0xd0
[ 1161.069399][T20075]  kvm_arch_vm_ioctl+0xee0/0x18b0
[ 1161.069420][T20075]  ? register_lock_class+0x41/0x4c0
[ 1161.069436][T20075]  ? find_held_lock+0x2b/0x80
[ 1161.069456][T20075]  ? __pfx_kvm_arch_vm_ioctl+0x10/0x10
[ 1161.069476][T20075]  ? ima_match_policy+0x7ed/0x22d0
[ 1161.069501][T20075]  ? __lock_acquire+0x622/0x1c90
[ 1161.069520][T20075]  ? __lock_acquire+0x622/0x1c90
[ 1161.069539][T20075]  ? __lock_acquire+0x622/0x1c90
[ 1161.069558][T20075]  ? __lock_acquire+0x622/0x1c90
[ 1161.069587][T20075]  ? bpf_ksym_find+0x127/0x1c0
[ 1161.069611][T20075]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1161.069635][T20075]  ? is_bpf_text_address+0x94/0x1a0
[ 1161.069654][T20075]  ? kernel_text_address+0x8d/0x100
[ 1161.069672][T20075]  ? widen_string+0xdc/0x2d0
[ 1161.069693][T20075]  ? __kernel_text_address+0xd/0x40
[ 1161.069709][T20075]  ? unwind_get_return_address+0x59/0xa0
[ 1161.069728][T20075]  ? arch_stack_walk+0xa6/0x100
[ 1161.069754][T20075]  ? stack_trace_save+0x8e/0xc0
[ 1161.069776][T20075]  ? __pfx_stack_trace_save+0x10/0x10
[ 1161.069799][T20075]  ? stack_depot_save_flags+0x29/0x9c0
[ 1161.069820][T20075]  ? __lock_acquire+0xb8a/0x1c90
[ 1161.069837][T20075]  ? kasan_save_stack+0x42/0x60
[ 1161.069853][T20075]  ? kasan_save_stack+0x33/0x60
[ 1161.069868][T20075]  ? kasan_save_track+0x14/0x30
[ 1161.069883][T20075]  ? __kasan_save_free_info+0x3b/0x60
[ 1161.069905][T20075]  ? __kasan_slab_free+0x5f/0x80
[ 1161.069921][T20075]  ? kfree+0x2b8/0x6d0
[ 1161.069941][T20075]  ? tomoyo_path_number_perm+0x470/0x580
[ 1161.069960][T20075]  kvm_vm_ioctl+0x1a91/0x3fd0
[ 1161.069988][T20075]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1161.070019][T20075]  ? kasan_quarantine_put+0x10a/0x240
[ 1161.070035][T20075]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1161.070054][T20075]  ? find_held_lock+0x2b/0x80
[ 1161.070074][T20075]  ? tomoyo_path_number_perm+0x295/0x580
[ 1161.070093][T20075]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1161.070112][T20075]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1161.070129][T20075]  ? find_held_lock+0x2b/0x80
[ 1161.070155][T20075]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1161.070180][T20075]  ? do_vfs_ioctl+0x128/0x14f0
[ 1161.070209][T20075]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1161.070231][T20075]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1161.070259][T20075]  ? hook_file_ioctl_common+0x145/0x410
[ 1161.070286][T20075]  ? selinux_file_ioctl+0x180/0x270
[ 1161.070301][T20075]  ? selinux_file_ioctl+0xb4/0x270
[ 1161.070320][T20075]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1161.070340][T20075]  __x64_sys_ioctl+0x18e/0x210
[ 1161.070365][T20075]  do_syscall_64+0xcd/0xfa0
[ 1161.070382][T20075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1161.070400][T20075] RIP: 0033:0x7fb791b8f749
[ 1161.070415][T20075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1161.070431][T20075] RSP: 002b:00007fb7929f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1161.070449][T20075] RAX: ffffffffffffffda RBX: 00007fb791de5fa0 RCX: 00007fb791b8f749
[ 1161.070460][T20075] RDX: 0000200000000300 RSI: 000000004070aea0 RDI: 0000000000000004
[ 1161.070471][T20075] RBP: 00007fb7929f2090 R08: 0000000000000000 R09: 0000000000000000
[ 1161.070482][T20075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1161.070492][T20075] R13: 00007fb791de6038 R14: 00007fb791de5fa0 R15: 00007ffd7e07cd98
[ 1161.070515][T20075]  </TASK>
[ 1161.819771][T16999] IPVS: starting estimator thread 0...
[ 1162.055679][T16921] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1162.085473][T20092] IPVS: using max 47 ests per chain, 112800 per kthread
[ 1162.239341][   T30] audit: type=1400 audit(1763824189.929:1965): avc:  denied  { kexec_image_load } for  pid=20080 comm="syz.1.3848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 1162.306055][T16921] usb 1-1: Using ep0 maxpacket: 8
[ 1162.732964][T16921] usb 1-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[ 1162.780456][T16921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1162.789420][T16921] usb 1-1: Product: syz
[ 1162.793728][T16921] usb 1-1: Manufacturer: syz
[ 1162.798533][T16921] usb 1-1: SerialNumber: syz
[ 1162.807750][T16921] usb 1-1: config 0 descriptor??
[ 1162.816401][T16921] gspca_main: sonixj-2.14.0 probing 0c45:614a
[ 1162.983883][T16359] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 1163.064499][T20108] netlink: 277 bytes leftover after parsing attributes in process `syz.2.3855'.
[ 1164.010252][T16359] usb 2-1: Using ep0 maxpacket: 8
[ 1164.119735][T16359] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1164.135738][T16359] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[ 1164.145536][T16359] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.154519][T16359] usb 2-1: Product: syz
[ 1164.158964][T16359] usb 2-1: Manufacturer: syz
[ 1164.174968][T16359] usb 2-1: SerialNumber: syz
[ 1165.087139][T20133] FAULT_INJECTION: forcing a failure.
[ 1165.087139][T20133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1165.100411][T16359] usb 2-1: can't set config #1, error -71
[ 1165.103886][T16359] usb 2-1: USB disconnect, device number 39
[ 1165.108883][T20133] CPU: 0 UID: 0 PID: 20133 Comm: syz.4.3863 Not tainted syzkaller #0 PREEMPT(full) 
[ 1165.108905][T20133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1165.108915][T20133] Call Trace:
[ 1165.108920][T20133]  <TASK>
[ 1165.108926][T20133]  dump_stack_lvl+0x16c/0x1f0
[ 1165.108946][T20133]  should_fail_ex+0x512/0x640
[ 1165.108967][T20133]  _copy_from_user+0x2e/0xd0
[ 1165.108987][T20133]  video_usercopy+0xee2/0x1720
[ 1165.109003][T20133]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1165.109025][T20133]  ? selinux_kernel_read_file+0x50/0x130
[ 1165.109043][T20133]  ? __pfx_video_usercopy+0x10/0x10
[ 1165.109077][T20133]  v4l2_ioctl+0x1bd/0x250
[ 1165.109098][T20133]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1165.109120][T20133]  __x64_sys_ioctl+0x18e/0x210
[ 1165.109143][T20133]  do_syscall_64+0xcd/0xfa0
[ 1165.109160][T20133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.109176][T20133] RIP: 0033:0x7fdb7ab8f749
[ 1165.109189][T20133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1165.109202][T20133] RSP: 002b:00007fdb7ba53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1165.109217][T20133] RAX: ffffffffffffffda RBX: 00007fdb7ade5fa0 RCX: 00007fdb7ab8f749
[ 1165.109227][T20133] RDX: 00002000000000c0 RSI: 0000000040045613 RDI: 0000000000000003
[ 1165.109236][T20133] RBP: 00007fdb7ba53090 R08: 0000000000000000 R09: 0000000000000000
[ 1165.109245][T20133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1165.109254][T20133] R13: 00007fdb7ade6038 R14: 00007fdb7ade5fa0 R15: 00007ffdf26e1028
[ 1165.109275][T20133]  </TASK>
[ 1165.870579][T16359] usb 1-1: USB disconnect, device number 31
[ 1167.452478][T20160] netlink: 277 bytes leftover after parsing attributes in process `syz.3.3871'.
[ 1168.061678][T20169] mmap: syz.0.3873 (20169): VmData 37597184 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[ 1168.841095][T20180] FAULT_INJECTION: forcing a failure.
[ 1168.841095][T20180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1168.907358][T20180] CPU: 0 UID: 0 PID: 20180 Comm: syz.3.3877 Not tainted syzkaller #0 PREEMPT(full) 
[ 1168.907383][T20180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1168.907393][T20180] Call Trace:
[ 1168.907399][T20180]  <TASK>
[ 1168.907405][T20180]  dump_stack_lvl+0x16c/0x1f0
[ 1168.907422][T20180]  should_fail_ex+0x512/0x640
[ 1168.907438][T20180]  _copy_from_iter+0x29f/0x1720
[ 1168.907455][T20180]  ? __pfx__copy_from_iter+0x10/0x10
[ 1168.907468][T20180]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1168.907486][T20180]  copy_page_from_iter+0xde/0x180
[ 1168.907501][T20180]  tun_build_skb.constprop.0+0x2e8/0x1510
[ 1168.907522][T20180]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[ 1168.907536][T20180]  ? unwind_get_return_address+0x59/0xa0
[ 1168.907549][T20180]  ? arch_stack_walk+0xa6/0x100
[ 1168.907569][T20180]  ? _kstrtoull+0x145/0x200
[ 1168.907587][T20180]  tun_get_user+0x149c/0x3cc0
[ 1168.907607][T20180]  ? __pfx_tun_get_user+0x10/0x10
[ 1168.907623][T20180]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1168.907641][T20180]  ? find_held_lock+0x2b/0x80
[ 1168.907655][T20180]  ? tun_get+0x191/0x370
[ 1168.907671][T20180]  tun_chr_write_iter+0xdc/0x210
[ 1168.907687][T20180]  vfs_write+0x7d3/0x11d0
[ 1168.907698][T20180]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1168.907714][T20180]  ? __pfx_vfs_write+0x10/0x10
[ 1168.907723][T20180]  ? find_held_lock+0x2b/0x80
[ 1168.907747][T20180]  ksys_write+0x12a/0x250
[ 1168.907757][T20180]  ? __pfx_ksys_write+0x10/0x10
[ 1168.907771][T20180]  do_syscall_64+0xcd/0xfa0
[ 1168.907782][T20180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1168.907793][T20180] RIP: 0033:0x7fb791b8e1ff
[ 1168.907803][T20180] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1168.907813][T20180] RSP: 002b:00007fb7929f2000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1168.907824][T20180] RAX: ffffffffffffffda RBX: 00007fb791de5fa0 RCX: 00007fb791b8e1ff
[ 1168.907830][T20180] RDX: 000000000000002a RSI: 0000200000000580 RDI: 00000000000000c8
[ 1168.907837][T20180] RBP: 00007fb7929f2090 R08: 0000000000000000 R09: 0000000000000000
[ 1168.907843][T20180] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001
[ 1168.907849][T20180] R13: 00007fb791de6038 R14: 00007fb791de5fa0 R15: 00007ffd7e07cd98
[ 1168.907863][T20180]  </TASK>
[ 1169.132387][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1169.563362][T20188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3879'.
[ 1169.951410][   T30] audit: type=1400 audit(1763824197.157:1966): avc:  denied  { unmount } for  pid=16961 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1170.117894][   T30] audit: type=1400 audit(1763824197.316:1967): avc:  denied  { setopt } for  pid=20197 comm="syz.1.3884" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1170.748055][   T30] audit: type=1400 audit(1763824197.335:1968): avc:  denied  { ioctl } for  pid=20197 comm="syz.1.3884" path="socket:[73549]" dev="sockfs" ino=73549 ioctlcmd=0xae89 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1172.145231][   T30] audit: type=1326 audit(1763824199.205:1969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20216 comm="syz.2.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1172.277692][   T30] audit: type=1326 audit(1763824199.233:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20216 comm="syz.2.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1172.305791][   T30] audit: type=1326 audit(1763824199.355:1971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20216 comm="syz.2.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1172.362424][   T30] audit: type=1326 audit(1763824199.355:1972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20216 comm="syz.2.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1172.478005][   T30] audit: type=1326 audit(1763824199.383:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20216 comm="syz.2.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1172.565359][   T30] audit: type=1400 audit(1763824199.476:1974): avc:  denied  { append } for  pid=20216 comm="syz.2.3889" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1172.631031][   T30] audit: type=1326 audit(1763824199.476:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20216 comm="syz.2.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10cd38f749 code=0x7ffc0000
[ 1173.376518][T20223] mmap: syz.0.3885 (20223) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1174.755203][T20255] FAULT_INJECTION: forcing a failure.
[ 1174.755203][T20255] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1174.789863][T20255] CPU: 0 UID: 0 PID: 20255 Comm: syz.1.3898 Not tainted syzkaller #0 PREEMPT(full) 
[ 1174.789887][T20255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1174.789895][T20255] Call Trace:
[ 1174.789899][T20255]  <TASK>
[ 1174.789903][T20255]  dump_stack_lvl+0x16c/0x1f0
[ 1174.789918][T20255]  should_fail_ex+0x512/0x640
[ 1174.789934][T20255]  _copy_from_user+0x2e/0xd0
[ 1174.789948][T20255]  kvm_arch_vcpu_ioctl+0x1b94/0x5510
[ 1174.789963][T20255]  ? stack_trace_save+0x8e/0xc0
[ 1174.789979][T20255]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[ 1174.789990][T20255]  ? stack_depot_save_flags+0x29/0x9c0
[ 1174.790003][T20255]  ? __lock_acquire+0xb8a/0x1c90
[ 1174.790015][T20255]  ? kasan_save_stack+0x42/0x60
[ 1174.790025][T20255]  ? kasan_save_stack+0x33/0x60
[ 1174.790035][T20255]  ? kasan_save_track+0x14/0x30
[ 1174.790044][T20255]  ? __kasan_save_free_info+0x3b/0x60
[ 1174.790059][T20255]  ? __kasan_slab_free+0x5f/0x80
[ 1174.790069][T20255]  ? kfree+0x2b8/0x6d0
[ 1174.790082][T20255]  ? tomoyo_path_number_perm+0x470/0x580
[ 1174.790097][T20255]  ? security_file_ioctl+0x9b/0x240
[ 1174.790109][T20255]  ? do_syscall_64+0xcd/0xfa0
[ 1174.790120][T20255]  ? __lock_acquire+0xb8a/0x1c90
[ 1174.790135][T20255]  ? __mutex_trylock_common+0xe9/0x250
[ 1174.790149][T20255]  ? rcu_is_watching+0x12/0xc0
[ 1174.790162][T20255]  ? trace_contention_end+0xdd/0x130
[ 1174.790173][T20255]  ? __mutex_lock+0x1c5/0x1060
[ 1174.790186][T20255]  ? kasan_quarantine_put+0x10a/0x240
[ 1174.790197][T20255]  ? __pfx___mutex_lock+0x10/0x10
[ 1174.790213][T20255]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1174.790225][T20255]  ? kvm_vcpu_ioctl+0x1235/0x1690
[ 1174.790239][T20255]  kvm_vcpu_ioctl+0x1235/0x1690
[ 1174.790255][T20255]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1174.790270][T20255]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1174.790285][T20255]  ? do_vfs_ioctl+0x128/0x14f0
[ 1174.790300][T20255]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1174.790315][T20255]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1174.790332][T20255]  ? hook_file_ioctl_common+0x145/0x410
[ 1174.790352][T20255]  ? selinux_file_ioctl+0x180/0x270
[ 1174.790363][T20255]  ? selinux_file_ioctl+0xb4/0x270
[ 1174.790375][T20255]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1174.790390][T20255]  __x64_sys_ioctl+0x18e/0x210
[ 1174.790406][T20255]  do_syscall_64+0xcd/0xfa0
[ 1174.790417][T20255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1174.790428][T20255] RIP: 0033:0x7fe1df58f749
[ 1174.790437][T20255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1174.790447][T20255] RSP: 002b:00007fe1e0502038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1174.790457][T20255] RAX: ffffffffffffffda RBX: 00007fe1df7e5fa0 RCX: 00007fe1df58f749
[ 1174.790464][T20255] RDX: 0000200000001440 RSI: 000000004048aecb RDI: 0000000000000005
[ 1174.790471][T20255] RBP: 00007fe1e0502090 R08: 0000000000000000 R09: 0000000000000000
[ 1174.790477][T20255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1174.790483][T20255] R13: 00007fe1df7e6038 R14: 00007fe1df7e5fa0 R15: 00007ffd24571028
[ 1174.790497][T20255]  </TASK>
[ 1175.476415][T20257] FAULT_INJECTION: forcing a failure.
[ 1175.476415][T20257] name failslab, interval 1, probability 0, space 0, times 0
[ 1175.825458][T20257] CPU: 1 UID: 0 PID: 20257 Comm: syz.1.3900 Not tainted syzkaller #0 PREEMPT(full) 
[ 1175.825483][T20257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1175.825493][T20257] Call Trace:
[ 1175.825502][T20257]  <TASK>
[ 1175.825509][T20257]  dump_stack_lvl+0x16c/0x1f0
[ 1175.825531][T20257]  should_fail_ex+0x512/0x640
[ 1175.825551][T20257]  ? fs_reclaim_acquire+0xae/0x150
[ 1175.825573][T20257]  should_failslab+0xc2/0x120
[ 1175.825593][T20257]  __kmalloc_noprof+0xdd/0x880
[ 1175.825618][T20257]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1175.825644][T20257]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1175.825662][T20257]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1175.825685][T20257]  ? tomoyo_profile+0x47/0x60
[ 1175.825710][T20257]  tomoyo_path_number_perm+0x245/0x580
[ 1175.825727][T20257]  ? tomoyo_path_number_perm+0x237/0x580
[ 1175.825747][T20257]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1175.825764][T20257]  ? find_held_lock+0x2b/0x80
[ 1175.825807][T20257]  ? find_held_lock+0x2b/0x80
[ 1175.825828][T20257]  ? hook_file_ioctl_common+0x145/0x410
[ 1175.825857][T20257]  ? __fget_files+0x20e/0x3c0
[ 1175.825879][T20257]  security_file_ioctl+0x9b/0x240
[ 1175.825900][T20257]  __x64_sys_ioctl+0xb7/0x210
[ 1175.825926][T20257]  do_syscall_64+0xcd/0xfa0
[ 1175.825943][T20257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1175.825960][T20257] RIP: 0033:0x7fe1df58f749
[ 1175.825975][T20257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1175.825991][T20257] RSP: 002b:00007fe1e0502038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1175.826007][T20257] RAX: ffffffffffffffda RBX: 00007fe1df7e5fa0 RCX: 00007fe1df58f749
[ 1175.826018][T20257] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000003
[ 1175.826028][T20257] RBP: 00007fe1e0502090 R08: 0000000000000000 R09: 0000000000000000
[ 1175.826038][T20257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1175.826048][T20257] R13: 00007fe1df7e6038 R14: 00007fe1df7e5fa0 R15: 00007ffd24571028
[ 1175.826073][T20257]  </TASK>
[ 1175.880615][T20257] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1178.607508][   T10] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1178.662028][   T30] kauditd_printk_skb: 3 callbacks suppressed
[ 1178.662044][   T30] audit: type=1400 audit(1763824205.302:1979): avc:  denied  { append } for  pid=20293 comm="syz.2.3908" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1178.870133][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1178.949823][   T10] usb 4-1: Using ep0 maxpacket: 8
[ 1179.022712][   T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1179.045504][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.055009][   T10] usb 4-1: Product: syz
[ 1179.064629][   T10] usb 4-1: Manufacturer: syz
[ 1179.070521][   T10] usb 4-1: SerialNumber: syz
[ 1179.076907][   T10] usb 4-1: config 0 descriptor??
[ 1179.096602][   T30] audit: type=1400 audit(1763824205.704:1980): avc:  denied  { ioctl } for  pid=20293 comm="syz.2.3908" path="socket:[74877]" dev="sockfs" ino=74877 ioctlcmd=0xae82 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1179.476067][   T10] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -71
[ 1179.548104][T20306] nfs: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[ 1179.887185][   T10] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1180.138672][   T10] usb 4-1: USB disconnect, device number 41
[ 1181.984936][ T5896] usb 4-1: new full-speed USB device number 42 using dummy_hcd
[ 1182.155579][ T5896] usb 4-1: config 5 has an invalid interface number: 123 but max is 0
[ 1182.329185][ T5896] usb 4-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 1182.356352][ T5896] usb 4-1: config 5 has no interface number 0
[ 1182.370560][ T5896] usb 4-1: config 5 interface 123 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1182.384417][ T5896] usb 4-1: config 5 interface 123 has no altsetting 0
[ 1182.395581][ T5896] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[ 1182.442234][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1182.605265][ T5896] usb 4-1: Product: syz
[ 1182.611756][ T5896] usb 4-1: Manufacturer: syz
[ 1183.191866][ T5896] usb 4-1: SerialNumber: syz
[ 1183.988029][T20351] netlink: 'syz.3.3914': attribute type 1 has an invalid length.
[ 1183.995949][T20351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3914'.
[ 1186.123199][ T5896] comedi comedi5: Wrong number of endpoints
[ 1186.169472][T20356] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3922'.
[ 1186.189612][ T5896] ni6501 4-1:5.123: driver 'ni6501' failed to auto-configure device.
[ 1186.353899][ T5896] usb 4-1: USB disconnect, device number 42
[ 1186.560744][T20363] FAULT_INJECTION: forcing a failure.
[ 1186.560744][T20363] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1186.690242][T20363] CPU: 1 UID: 0 PID: 20363 Comm: syz.1.3925 Not tainted syzkaller #0 PREEMPT(full) 
[ 1186.690268][T20363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1186.690279][T20363] Call Trace:
[ 1186.690285][T20363]  <TASK>
[ 1186.690293][T20363]  dump_stack_lvl+0x16c/0x1f0
[ 1186.690315][T20363]  should_fail_ex+0x512/0x640
[ 1186.690341][T20363]  should_fail_alloc_page+0xe7/0x130
[ 1186.690364][T20363]  prepare_alloc_pages+0x3c2/0x610
[ 1186.690390][T20363]  __alloc_frozen_pages_noprof+0x18b/0x2470
[ 1186.690418][T20363]  ? __lock_acquire+0x622/0x1c90
[ 1186.690440][T20363]  ? __lock_acquire+0x622/0x1c90
[ 1186.690459][T20363]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1186.690493][T20363]  ? find_held_lock+0x2b/0x80
[ 1186.690515][T20363]  ? is_bpf_text_address+0x8a/0x1a0
[ 1186.690536][T20363]  ? bpf_ksym_find+0x127/0x1c0
[ 1186.690561][T20363]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1186.690585][T20363]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1186.690610][T20363]  ? policy_nodemask+0xea/0x4e0
[ 1186.690632][T20363]  alloc_pages_mpol+0x1fb/0x550
[ 1186.690654][T20363]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1186.690681][T20363]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1186.690706][T20363]  vma_alloc_folio_noprof+0xed/0x1e0
[ 1186.690729][T20363]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1186.690761][T20363]  do_pte_missing+0x2202/0x3ba0
[ 1186.690785][T20363]  ? find_held_lock+0x2b/0x80
[ 1186.690813][T20363]  __handle_mm_fault+0x1556/0x2aa0
[ 1186.690841][T20363]  ? mt_find+0x3e2/0xa20
[ 1186.690861][T20363]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1186.690883][T20363]  ? __pfx_mt_find+0x10/0x10
[ 1186.690915][T20363]  ? find_vma+0xbf/0x140
[ 1186.690932][T20363]  ? __pfx_find_vma+0x10/0x10
[ 1186.690966][T20363]  handle_mm_fault+0x589/0xd10
[ 1186.690991][T20363]  ? __pkru_allows_pkey+0x21/0xb0
[ 1186.691011][T20363]  do_user_addr_fault+0x7a6/0x1370
[ 1186.691032][T20363]  ? rcu_is_watching+0x12/0xc0
[ 1186.691058][T20363]  exc_page_fault+0x64/0xc0
[ 1186.691075][T20363]  asm_exc_page_fault+0x26/0x30
[ 1186.691092][T20363] RIP: 0010:__put_user_4+0xd/0x20
[ 1186.691108][T20363] Code: 66 89 01 31 c9 0f 01 ca e9 c0 80 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 97 80 03 00 0f 1f 80 00 00 00 00 90 90 90
[ 1186.691125][T20363] RSP: 0018:ffffc900108a7dd0 EFLAGS: 00050202
[ 1186.691141][T20363] RAX: 0000000000000400 RBX: 0000000000000000 RCX: 0000200000001180
[ 1186.691152][T20363] RDX: 0000000000000400 RSI: ffffffff88fc71b8 RDI: ffff888030b7507c
[ 1186.691162][T20363] RBP: 1ffff92002114fbc R08: 0000000000000001 R09: ffffed100616ea0f
[ 1186.691173][T20363] R10: ffff888030b7507f R11: 0000000000000000 R12: 0000200000001180
[ 1186.691184][T20363] R13: ffff8880399bf000 R14: dffffc0000000000 R15: 0000000000000003
[ 1186.691203][T20363]  ? snd_seq_kernel_client_ioctl+0xb8/0xd0
[ 1186.691231][T20363]  snd_seq_oss_ioctl+0x301/0xda0
[ 1186.691251][T20363]  ? __pfx_snd_seq_oss_ioctl+0x10/0x10
[ 1186.691268][T20363]  ? hook_file_ioctl_common+0x145/0x410
[ 1186.691298][T20363]  odev_ioctl+0x94/0x120
[ 1186.691321][T20363]  ? __pfx_odev_ioctl+0x10/0x10
[ 1186.691344][T20363]  __x64_sys_ioctl+0x18e/0x210
[ 1186.691369][T20363]  do_syscall_64+0xcd/0xfa0
[ 1186.691385][T20363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1186.691400][T20363] RIP: 0033:0x7fe1df58f749
[ 1186.691413][T20363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1186.691428][T20363] RSP: 002b:00007fe1e0502038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1186.691443][T20363] RAX: ffffffffffffffda RBX: 00007fe1df7e5fa0 RCX: 00007fe1df58f749
[ 1186.691452][T20363] RDX: 0000200000001180 RSI: 0000000080045104 RDI: 0000000000000003
[ 1186.691462][T20363] RBP: 00007fe1e0502090 R08: 0000000000000000 R09: 0000000000000000
[ 1186.691472][T20363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1186.691481][T20363] R13: 00007fe1df7e6038 R14: 00007fe1df7e5fa0 R15: 00007ffd24571028
[ 1186.691503][T20363]  </TASK>
[ 1187.074706][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1188.580246][T20384] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3930'.
[ 1188.735891][T20387] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3929'.
[ 1189.196102][T20395] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3931'.
[ 1189.634823][T20405] FAULT_INJECTION: forcing a failure.
[ 1189.634823][T20405] name failslab, interval 1, probability 0, space 0, times 0
[ 1189.647921][T20405] CPU: 1 UID: 0 PID: 20405 Comm: syz.2.3935 Not tainted syzkaller #0 PREEMPT(full) 
[ 1189.647945][T20405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1189.647956][T20405] Call Trace:
[ 1189.647962][T20405]  <TASK>
[ 1189.647969][T20405]  dump_stack_lvl+0x16c/0x1f0
[ 1189.647992][T20405]  should_fail_ex+0x512/0x640
[ 1189.648018][T20405]  should_failslab+0xc2/0x120
[ 1189.648040][T20405]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1189.648068][T20405]  ? dst_alloc+0x99/0x1a0
[ 1189.648096][T20405]  ? dst_alloc+0x99/0x1a0
[ 1189.648115][T20405]  dst_alloc+0x99/0x1a0
[ 1189.648139][T20405]  rt_dst_alloc+0x35/0x3a0
[ 1189.648159][T20405]  ip_route_output_key_hash_rcu+0x87a/0x28e0
[ 1189.648189][T20405]  ip_route_output_key_hash+0x10f/0x2b0
[ 1189.648212][T20405]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 1189.648238][T20405]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1189.648263][T20405]  ? selinux_xfrm_skb_sid_ingress+0x234/0x320
[ 1189.648288][T20405]  ip_route_output_flow+0x27/0x150
[ 1189.648312][T20405]  ip_send_unicast_reply+0x5a7/0x1600
[ 1189.648339][T20405]  ? __pfx_ip_send_unicast_reply+0x10/0x10
[ 1189.648357][T20405]  ? __lock_acquire+0x622/0x1c90
[ 1189.648384][T20405]  ? lockdep_unlock+0x64/0xe0
[ 1189.648434][T20405]  tcp_v4_send_reset+0x1299/0x2fd0
[ 1189.648458][T20405]  ? __lock_acquire+0x622/0x1c90
[ 1189.648483][T20405]  ? __pfx_tcp_v4_send_reset+0x10/0x10
[ 1189.648532][T20405]  ? __pfx_sk_filter_trim_cap+0x10/0x10
[ 1189.648566][T20405]  ? tcp_v4_do_rcv+0x715/0x10a0
[ 1189.648587][T20405]  tcp_v4_do_rcv+0x715/0x10a0
[ 1189.648611][T20405]  tcp_v4_rcv+0x4204/0x4db0
[ 1189.648652][T20405]  ? __pfx_tcp_v4_rcv+0x10/0x10
[ 1189.648681][T20405]  ? __pfx_raw_local_deliver+0x10/0x10
[ 1189.648709][T20405]  ? __pfx_tcp_v4_rcv+0x10/0x10
[ 1189.648733][T20405]  ip_protocol_deliver_rcu+0xba/0x4c0
[ 1189.648762][T20405]  ip_local_deliver_finish+0x3f2/0x720
[ 1189.648792][T20405]  ip_local_deliver+0x18e/0x1f0
[ 1189.648817][T20405]  ip_rcv+0x2e0/0x600
[ 1189.648841][T20405]  ? __pfx_ip_rcv+0x10/0x10
[ 1189.648862][T20405]  __netif_receive_skb_one_core+0x197/0x1e0
[ 1189.648885][T20405]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[ 1189.648908][T20405]  ? lock_acquire+0x179/0x350
[ 1189.648928][T20405]  ? __phys_addr+0xe8/0x180
[ 1189.648957][T20405]  __netif_receive_skb+0x1d/0x160
[ 1189.648977][T20405]  netif_receive_skb+0x137/0x7b0
[ 1189.648998][T20405]  ? __pfx_netif_receive_skb+0x10/0x10
[ 1189.649028][T20405]  tun_rx_batched.isra.0+0x3ee/0x740
[ 1189.649056][T20405]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[ 1189.649087][T20405]  ? tun_get_user+0x1ded/0x3cc0
[ 1189.649109][T20405]  ? rcu_is_watching+0x12/0xc0
[ 1189.649137][T20405]  tun_get_user+0x28b2/0x3cc0
[ 1189.649174][T20405]  ? __pfx_tun_get_user+0x10/0x10
[ 1189.649200][T20405]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1189.649238][T20405]  ? find_held_lock+0x2b/0x80
[ 1189.649260][T20405]  ? tun_get+0x191/0x370
[ 1189.649289][T20405]  tun_chr_write_iter+0xdc/0x210
[ 1189.649315][T20405]  vfs_write+0x7d3/0x11d0
[ 1189.649337][T20405]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1189.649365][T20405]  ? __pfx_vfs_write+0x10/0x10
[ 1189.649380][T20405]  ? find_held_lock+0x2b/0x80
[ 1189.649420][T20405]  ksys_write+0x12a/0x250
[ 1189.649437][T20405]  ? __pfx_ksys_write+0x10/0x10
[ 1189.649462][T20405]  do_syscall_64+0xcd/0xfa0
[ 1189.649482][T20405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.649499][T20405] RIP: 0033:0x7f10cd38e1ff
[ 1189.649515][T20405] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1189.649531][T20405] RSP: 002b:00007f10ce1b6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1189.649548][T20405] RAX: ffffffffffffffda RBX: 00007f10cd5e5fa0 RCX: 00007f10cd38e1ff
[ 1189.649560][T20405] RDX: 0000000000000042 RSI: 0000200000000140 RDI: 00000000000000c8
[ 1189.649570][T20405] RBP: 00007f10ce1b6090 R08: 0000000000000000 R09: 0000000000000000
[ 1189.649580][T20405] R10: 0000000000000042 R11: 0000000000000293 R12: 0000000000000001
[ 1189.649591][T20405] R13: 00007f10cd5e6038 R14: 00007f10cd5e5fa0 R15: 00007ffcc13d4d18
[ 1189.649617][T20405]  </TASK>
[ 1190.044227][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1190.135674][   T10] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1190.332018][   T10] usb 4-1: Using ep0 maxpacket: 8
[ 1190.486477][   T10] usb 4-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[ 1190.518875][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1190.552797][   T10] usb 4-1: Product: syz
[ 1190.581803][   T10] usb 4-1: Manufacturer: syz
[ 1190.660900][   T10] usb 4-1: SerialNumber: syz
[ 1190.699485][   T10] usb 4-1: config 0 descriptor??
[ 1190.804093][   T10] gspca_main: sonixj-2.14.0 probing 0c45:614a
[ 1190.921762][T20417] FAULT_INJECTION: forcing a failure.
[ 1190.921762][T20417] name failslab, interval 1, probability 0, space 0, times 0
[ 1190.942864][T20417] CPU: 1 UID: 0 PID: 20417 Comm: syz.0.3937 Not tainted syzkaller #0 PREEMPT(full) 
[ 1190.942888][T20417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1190.942898][T20417] Call Trace:
[ 1190.942904][T20417]  <TASK>
[ 1190.942911][T20417]  dump_stack_lvl+0x16c/0x1f0
[ 1190.942934][T20417]  should_fail_ex+0x512/0x640
[ 1190.942954][T20417]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[ 1190.942975][T20417]  should_failslab+0xc2/0x120
[ 1190.942994][T20417]  __kvmalloc_node_noprof+0x141/0x9c0
[ 1190.943013][T20417]  ? keyctl_update_key+0xdf/0x160
[ 1190.943042][T20417]  ? fput+0x9b/0xd0
[ 1190.943065][T20417]  ? keyctl_update_key+0xdf/0x160
[ 1190.943086][T20417]  keyctl_update_key+0xdf/0x160
[ 1190.943113][T20417]  __do_sys_keyctl+0x14b/0x590
[ 1190.943132][T20417]  do_syscall_64+0xcd/0xfa0
[ 1190.943151][T20417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1190.943168][T20417] RIP: 0033:0x7f7f1b18f749
[ 1190.943183][T20417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1190.943198][T20417] RSP: 002b:00007f7f1c0be038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1190.943214][T20417] RAX: ffffffffffffffda RBX: 00007f7f1b3e6180 RCX: 00007f7f1b18f749
[ 1190.943226][T20417] RDX: 0000200000000000 RSI: 000000001a090d4b RDI: 0000000000000002
[ 1190.943236][T20417] RBP: 00007f7f1c0be090 R08: 0000000000000000 R09: 0000000000000000
[ 1190.943245][T20417] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 1190.943255][T20417] R13: 00007f7f1b3e6218 R14: 00007f7f1b3e6180 R15: 00007ffe5c979638
[ 1190.943279][T20417]  </TASK>
[ 1190.950125][   T30] audit: type=1400 audit(1763824216.785:1981): avc:  denied  { write } for  pid=20414 comm="syz.4.3939" dev="sockfs" ino=75318 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1191.024572][T20420] 9pnet_fd: Insufficient options for proto=fd
[ 1191.052281][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1191.125779][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1191.141463][   T30] audit: type=1400 audit(1763824216.794:1982): avc:  denied  { append } for  pid=20414 comm="syz.4.3939" name="usbmon5" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1191.395962][   T30] audit: type=1400 audit(1763824217.206:1983): avc:  denied  { getopt } for  pid=20414 comm="syz.4.3939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1192.502959][T19831] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1196.104088][   T30] audit: type=1400 audit(1763824221.610:1984): avc:  denied  { setattr } for  pid=20414 comm="syz.4.3939" name="NETLINK" dev="sockfs" ino=75322 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1196.275792][   T10] gspca_sonixj: reg_w1 err -71
[ 1196.280611][   T10] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[ 1196.357968][   T10] usb 4-1: USB disconnect, device number 43
[ 1196.369208][T20432] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3942'.
[ 1196.446972][T20436] netlink: 'syz.3.3943': attribute type 3 has an invalid length.
[ 1196.454734][T20436] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3943'.
[ 1196.572353][   T30] audit: type=1400 audit(1763824222.003:1985): avc:  denied  { execute } for  pid=20435 comm="syz.4.3944" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=75358 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1196.673442][T20439] nfs: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[ 1197.044723][T18631] block nbd0: Dead connection, failed to find a fallback
[ 1197.109529][T20440] FAULT_INJECTION: forcing a failure.
[ 1197.109529][T20440] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1197.187494][   T30] audit: type=1400 audit(1763824222.620:1986): avc:  denied  { setopt } for  pid=20443 comm="syz.1.3946" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1197.505954][T20440] CPU: 1 UID: 0 PID: 20440 Comm: syz.4.3944 Not tainted syzkaller #0 PREEMPT(full) 
[ 1197.505984][T20440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1197.505994][T20440] Call Trace:
[ 1197.505999][T20440]  <TASK>
[ 1197.506005][T20440]  dump_stack_lvl+0x16c/0x1f0
[ 1197.506026][T20440]  should_fail_ex+0x512/0x640
[ 1197.506050][T20440]  _copy_to_user+0x32/0xd0
[ 1197.506073][T20440]  simple_read_from_buffer+0xcb/0x170
[ 1197.506100][T20440]  proc_fail_nth_read+0x197/0x240
[ 1197.506121][T20440]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1197.506141][T20440]  ? rw_verify_area+0xcf/0x6c0
[ 1197.506164][T20440]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1197.506183][T20440]  vfs_read+0x1e4/0xcf0
[ 1197.506202][T20440]  ? __pfx___mutex_lock+0x10/0x10
[ 1197.506221][T20440]  ? __pfx_vfs_read+0x10/0x10
[ 1197.506244][T20440]  ? __fget_files+0x20e/0x3c0
[ 1197.506260][T20440]  ? rcu_watching_snap_stopped_since+0xb0/0x110
[ 1197.506290][T20440]  ksys_read+0x12a/0x250
[ 1197.506304][T20440]  ? __pfx_ksys_read+0x10/0x10
[ 1197.506327][T20440]  do_syscall_64+0xcd/0xfa0
[ 1197.506347][T20440]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1197.506365][T20440] RIP: 0033:0x7fdb7ab8e15c
[ 1197.506380][T20440] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1197.506396][T20440] RSP: 002b:00007fdb7ba32030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1197.506414][T20440] RAX: ffffffffffffffda RBX: 00007fdb7ade6090 RCX: 00007fdb7ab8e15c
[ 1197.506425][T20440] RDX: 000000000000000f RSI: 00007fdb7ba320a0 RDI: 0000000000000004
[ 1197.506435][T20440] RBP: 00007fdb7ba32090 R08: 0000000000000000 R09: 0000000000000000
[ 1197.506445][T20440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1197.506455][T20440] R13: 00007fdb7ade6128 R14: 00007fdb7ade6090 R15: 00007ffdf26e1028
[ 1197.506479][T20440]  </TASK>
[ 1198.669050][   T30] audit: type=1400 audit(1763824223.995:1987): avc:  denied  { accept } for  pid=20455 comm="syz.0.3950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1198.755378][T20460] loop9: detected capacity change from 0 to 7
[ 1198.774035][T20460] buffer_io_error: 54 callbacks suppressed
[ 1198.774051][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1198.817048][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1198.845566][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1198.853538][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1198.861975][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1198.883652][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1198.897541][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1198.914633][T20460] ldm_validate_partition_table(): Disk read failed.
[ 1198.929557][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1198.968949][   T10] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 1198.977360][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1199.014515][T20460] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1199.051887][T20460] Dev loop9: unable to read RDB block 0
[ 1199.092664][T20460]  loop9: unable to read partition table
[ 1199.152805][T16921] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1199.169139][   T10] usb 2-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[ 1199.184704][T20460] loop9: partition table beyond EOD, truncated
[ 1199.224447][T20460] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[ 1199.224447][T20460] 
) failed (rc=-5)
[ 1199.288305][   T10] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1199.456094][T16921] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1199.512285][T16921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1199.575013][T19031] udevd[19031]: symlink '../../loop9' '/dev/disk/by-diskseq/106.tmp-b7:9' failed: Read-only file system
[ 1199.593151][   T30] audit: type=1400 audit(1763824224.874:1988): avc:  denied  { setopt } for  pid=20455 comm="syz.0.3950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1199.616079][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1199.643577][T16921] usb 5-1: config 0 descriptor??
[ 1199.673651][T16921] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1199.791971][   T10] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1200.430371][T16921] gspca_stv06xx: I2C: Read error writing address: -71
[ 1200.443206][T19031] udevd[19031]: symlink '../../loop9' '/dev/disk/by-diskseq/106.tmp-b7:9' failed: Read-only file system
[ 1200.451749][T16921] usb 5-1: USB disconnect, device number 45
[ 1200.589089][T19031] udevd[19031]: symlink '../../loop9' '/dev/disk/by-diskseq/106.tmp-b7:9' failed: Read-only file system
[ 1201.505919][  T847] usb 2-1: USB disconnect, device number 40
[ 1201.513620][T20484] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3957'.
[ 1201.559250][T20487] netlink: 'syz.2.3956': attribute type 3 has an invalid length.
[ 1201.615090][T20487] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3956'.
[ 1202.125545][T20498] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1202.802116][T20508] nfs: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[ 1207.217492][T20536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3969'.
[ 1207.991484][T20546] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3971'.
[ 1208.000831][T20546] openvswitch: netlink: Flow key attr not present in new flow.
[ 1208.012118][T20546] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1212.637480][   T30] audit: type=1400 audit(1763824237.077:1989): avc:  denied  { unmount } for  pid=16961 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1213.981059][   T30] audit: type=1400 audit(1763824238.330:1990): avc:  denied  { mount } for  pid=20563 comm="syz.0.3976" name="/" dev="ramfs" ino=76832 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[ 1217.939563][T16905] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1217.949870][T16905] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1217.958231][T16905] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1217.969632][T16905] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1217.972768][T15138] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1217.981760][T16905] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1217.986255][T15138] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1217.994537][T16905] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1218.006406][T16905] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1218.013943][T16905] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1218.286746][T20571] chnl_net:caif_netlink_parms(): no params data found
[ 1218.380167][T20571] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1218.387285][T20571] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1218.394575][T20571] bridge_slave_0: entered allmulticast mode
[ 1218.401572][T20571] bridge_slave_0: entered promiscuous mode
[ 1218.415884][T20571] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1218.423974][T20571] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1218.432500][T20571] bridge_slave_1: entered allmulticast mode
[ 1218.439188][T20571] bridge_slave_1: entered promiscuous mode
[ 1218.475250][T20571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1218.494595][T20571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1218.542845][T20571] team0: Port device team_slave_0 added
[ 1218.551959][T20571] team0: Port device team_slave_1 added
[ 1218.583405][T20571] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1218.590362][T20571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1218.616602][T20571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1218.629871][T20573] chnl_net:caif_netlink_parms(): no params data found
[ 1218.640445][T20571] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1218.648252][T20571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1218.674432][T20571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1218.770716][T20571] hsr_slave_0: entered promiscuous mode
[ 1218.778061][T20571] hsr_slave_1: entered promiscuous mode
[ 1218.784307][T20571] debugfs: 'hsr0' already exists in 'hsr'
[ 1218.790156][T20571] Cannot create hsr debugfs directory
[ 1218.880207][T20573] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1218.887787][T20573] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1218.895932][T20573] bridge_slave_0: entered allmulticast mode
[ 1218.904059][T20573] bridge_slave_0: entered promiscuous mode
[ 1218.905408][   T53] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1218.911927][T20573] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1218.924758][T20573] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1218.927221][   T53] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1218.931970][T20573] bridge_slave_1: entered allmulticast mode
[ 1218.945303][   T53] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1218.946432][T20573] bridge_slave_1: entered promiscuous mode
[ 1218.952980][   T53] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1218.972501][   T53] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1219.028073][T20573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1219.039590][T20573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1219.094620][T20573] team0: Port device team_slave_0 added
[ 1219.106621][T20573] team0: Port device team_slave_1 added
[ 1219.172354][T20573] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1219.179388][T20573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1219.208529][T20573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1219.224518][T20573] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1219.235853][T20573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1219.261954][T20573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1219.327258][T20573] hsr_slave_0: entered promiscuous mode
[ 1219.339650][T20573] hsr_slave_1: entered promiscuous mode
[ 1219.345863][T20573] debugfs: 'hsr0' already exists in 'hsr'
[ 1219.351580][T20573] Cannot create hsr debugfs directory
[ 1219.551438][T20589] chnl_net:caif_netlink_parms(): no params data found
[ 1219.627305][T20589] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1219.634873][T20589] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1219.642139][T20589] bridge_slave_0: entered allmulticast mode
[ 1219.648869][T20589] bridge_slave_0: entered promiscuous mode
[ 1219.656252][T20589] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1219.663436][T20589] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1219.670594][T20589] bridge_slave_1: entered allmulticast mode
[ 1219.677885][T20589] bridge_slave_1: entered promiscuous mode
[ 1219.712404][T20589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1219.723494][T20589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1219.750514][T20589] team0: Port device team_slave_0 added
[ 1219.757527][T20589] team0: Port device team_slave_1 added
[ 1219.776769][T20589] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1219.783833][T20589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1219.810073][T20589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1219.823618][T20589] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1219.830551][T20589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1219.859385][T20589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1219.898126][T20589] hsr_slave_0: entered promiscuous mode
[ 1219.904216][T20589] hsr_slave_1: entered promiscuous mode
[ 1219.910309][T20589] debugfs: 'hsr0' already exists in 'hsr'
[ 1219.916013][T20589] Cannot create hsr debugfs directory
[ 1220.207355][   T53] Bluetooth: hci1: command tx timeout
[ 1220.207432][T16905] Bluetooth: hci6: command tx timeout
[ 1221.148619][T16905] Bluetooth: hci7: command tx timeout
[ 1222.431743][T16905] Bluetooth: hci1: command tx timeout
[ 1222.431757][   T53] Bluetooth: hci6: command tx timeout
[ 1223.372807][T16905] Bluetooth: hci7: command tx timeout
[ 1223.815906][   T53] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1223.824809][   T53] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1223.834298][   T53] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1223.841938][   T53] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1223.849806][   T53] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1224.031770][T20598] chnl_net:caif_netlink_parms(): no params data found
[ 1224.083381][T20598] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1224.091330][T20598] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1224.098605][T20598] bridge_slave_0: entered allmulticast mode
[ 1224.106482][T20598] bridge_slave_0: entered promiscuous mode
[ 1224.115492][T20598] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1224.123621][T20598] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1224.130812][T20598] bridge_slave_1: entered allmulticast mode
[ 1224.137696][T20598] bridge_slave_1: entered promiscuous mode
[ 1224.159398][T20598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1224.170349][T20598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1224.193121][T20598] team0: Port device team_slave_0 added
[ 1224.200600][T20598] team0: Port device team_slave_1 added
[ 1224.222429][T20598] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1224.230102][T20598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1224.257164][T20598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1224.268878][T20598] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1224.275872][T20598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1224.301831][T20598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1224.339511][T20598] hsr_slave_0: entered promiscuous mode
[ 1224.346921][T20598] hsr_slave_1: entered promiscuous mode
[ 1224.352845][T20598] debugfs: 'hsr0' already exists in 'hsr'
[ 1224.359105][T20598] Cannot create hsr debugfs directory
[ 1224.656329][   T53] Bluetooth: hci1: command tx timeout
[ 1224.666785][   T53] Bluetooth: hci6: command tx timeout
[ 1225.597344][   T53] Bluetooth: hci7: command tx timeout
[ 1226.025265][   T53] Bluetooth: hci8: command tx timeout
[ 1226.880452][T16905] Bluetooth: hci1: command tx timeout
[ 1226.881212][   T53] Bluetooth: hci6: command tx timeout
[ 1227.821749][   T53] Bluetooth: hci7: command tx timeout
[ 1228.249594][   T53] Bluetooth: hci8: command tx timeout
[ 1230.132647][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1230.473988][   T53] Bluetooth: hci8: command tx timeout
[ 1232.698330][   T53] Bluetooth: hci8: command tx timeout
[ 1233.917650][T16905] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[ 1233.926186][T16905] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 1233.934274][T16905] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[ 1233.943276][T16905] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[ 1233.950888][T16905] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[ 1234.125820][T20607] chnl_net:caif_netlink_parms(): no params data found
[ 1234.173438][T20607] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1234.180692][T20607] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1234.189175][T20607] bridge_slave_0: entered allmulticast mode
[ 1234.196050][T20607] bridge_slave_0: entered promiscuous mode
[ 1234.204926][T20607] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1234.212950][T20607] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1234.220222][T20607] bridge_slave_1: entered allmulticast mode
[ 1234.226994][T20607] bridge_slave_1: entered promiscuous mode
[ 1234.249571][T20607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1234.260641][T20607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1234.284616][T20607] team0: Port device team_slave_0 added
[ 1234.294799][T20607] team0: Port device team_slave_1 added
[ 1234.317971][T20607] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1234.325770][T20607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1234.351944][T20607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1234.363677][T20607] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1234.370706][T20607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1234.396734][T20607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1234.429114][T20607] hsr_slave_0: entered promiscuous mode
[ 1234.435427][T20607] hsr_slave_1: entered promiscuous mode
[ 1234.442156][T20607] debugfs: 'hsr0' already exists in 'hsr'
[ 1234.447870][T20607] Cannot create hsr debugfs directory
[ 1236.120313][   T53] Bluetooth: hci9: command tx timeout
[ 1238.346306][   T53] Bluetooth: hci9: command tx timeout
[ 1240.568910][   T53] Bluetooth: hci9: command tx timeout
[ 1242.793450][   T53] Bluetooth: hci9: command tx timeout
[ 1244.506484][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1263.483833][ T5184] udevd[5184]: worker [18631] /devices/virtual/block/nbd0 is taking a long time
[ 1263.668383][T19832] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1282.491495][T16905] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[ 1282.502384][T16905] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[ 1282.511253][ T5817] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[ 1282.514074][T16905] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[ 1282.519069][ T5817] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[ 1282.528702][T16905] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[ 1282.535558][ T5817] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[ 1282.542356][T16905] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[ 1282.560752][ T5817] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[ 1282.569651][ T5817] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[ 1282.839530][T20623] chnl_net:caif_netlink_parms(): no params data found
[ 1282.910107][T20623] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1282.918325][T20623] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1282.925538][T20623] bridge_slave_0: entered allmulticast mode
[ 1282.932597][T20623] bridge_slave_0: entered promiscuous mode
[ 1282.949393][T20623] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1282.956696][T20623] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1282.964588][T20623] bridge_slave_1: entered allmulticast mode
[ 1282.971644][T20623] bridge_slave_1: entered promiscuous mode
[ 1283.009113][T20623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1283.031317][T20623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1283.069140][T20623] team0: Port device team_slave_0 added
[ 1283.077873][T20623] team0: Port device team_slave_1 added
[ 1283.101796][T20625] chnl_net:caif_netlink_parms(): no params data found
[ 1283.112104][T20623] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1283.119040][T20623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1283.147705][T20623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1283.162729][T20623] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1283.169940][T20623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1283.195940][T20623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1283.285464][T20623] hsr_slave_0: entered promiscuous mode
[ 1283.293526][T20623] hsr_slave_1: entered promiscuous mode
[ 1283.299887][T20623] debugfs: 'hsr0' already exists in 'hsr'
[ 1283.306009][T20623] Cannot create hsr debugfs directory
[ 1283.311711][T20625] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1283.319628][T20625] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1283.329583][T20625] bridge_slave_0: entered allmulticast mode
[ 1283.338034][T20625] bridge_slave_0: entered promiscuous mode
[ 1283.367409][T20625] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1283.374541][T20625] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1283.383556][T20625] bridge_slave_1: entered allmulticast mode
[ 1283.391474][T20625] bridge_slave_1: entered promiscuous mode
[ 1283.464509][T20625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1283.484310][T20625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1283.487390][ T5817] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[ 1283.504039][ T5817] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[ 1283.512827][ T5817] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[ 1283.520768][ T5817] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[ 1283.529586][ T5817] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[ 1283.547376][T20625] team0: Port device team_slave_0 added
[ 1283.569070][T20625] team0: Port device team_slave_1 added
[ 1283.613776][T20625] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1283.620745][T20625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1283.648267][T20625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1283.663753][T20625] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1283.671022][T20625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1283.697662][T20625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1283.758031][T20625] hsr_slave_0: entered promiscuous mode
[ 1283.765049][T20625] hsr_slave_1: entered promiscuous mode
[ 1283.771359][T20625] debugfs: 'hsr0' already exists in 'hsr'
[ 1283.779085][T20625] Cannot create hsr debugfs directory
[ 1284.026110][T20640] chnl_net:caif_netlink_parms(): no params data found
[ 1284.119271][T20640] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1284.126584][T20640] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1284.134788][T20640] bridge_slave_0: entered allmulticast mode
[ 1284.141847][T20640] bridge_slave_0: entered promiscuous mode
[ 1284.154429][T20640] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1284.161869][T20640] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1284.169191][T20640] bridge_slave_1: entered allmulticast mode
[ 1284.175960][T20640] bridge_slave_1: entered promiscuous mode
[ 1284.212375][T20640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1284.223941][T20640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1284.253342][T20640] team0: Port device team_slave_0 added
[ 1284.266609][T20640] team0: Port device team_slave_1 added
[ 1284.285570][T20640] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1284.292668][T20640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1284.319533][T20640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1284.337572][T20640] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1284.344608][T20640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1284.370768][T20640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1284.410106][T20640] hsr_slave_0: entered promiscuous mode
[ 1284.417703][T20640] hsr_slave_1: entered promiscuous mode
[ 1284.423763][T20640] debugfs: 'hsr0' already exists in 'hsr'
[ 1284.429571][T20640] Cannot create hsr debugfs directory
[ 1284.713910][ T5817] Bluetooth: hci10: command tx timeout
[ 1284.811418][ T5817] Bluetooth: hci11: command tx timeout
[ 1285.742305][ T5817] Bluetooth: hci12: command tx timeout
[ 1286.938188][ T5817] Bluetooth: hci10: command tx timeout
[ 1287.023791][ T5817] Bluetooth: hci11: command tx timeout
[ 1287.975571][ T5817] Bluetooth: hci12: command tx timeout
[ 1288.407695][T15138] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[ 1288.418234][T15138] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[ 1288.426699][T15138] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[ 1288.434614][T15138] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[ 1288.442552][T15138] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[ 1288.619712][T20649] chnl_net:caif_netlink_parms(): no params data found
[ 1288.671439][T20649] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1288.678537][T20649] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1288.685885][T20649] bridge_slave_0: entered allmulticast mode
[ 1288.693294][T20649] bridge_slave_0: entered promiscuous mode
[ 1288.700558][T20649] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1288.707947][T20649] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1288.715579][T20649] bridge_slave_1: entered allmulticast mode
[ 1288.723601][T20649] bridge_slave_1: entered promiscuous mode
[ 1288.748258][T20649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1288.759625][T20649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1288.785395][T20649] team0: Port device team_slave_0 added
[ 1288.793418][T20649] team0: Port device team_slave_1 added
[ 1288.813014][T20649] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1288.819970][T20649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1288.847959][T20649] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1288.859883][T20649] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1288.866978][T20649] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1288.893099][T20649] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1288.926070][T20649] hsr_slave_0: entered promiscuous mode
[ 1288.932489][T20649] hsr_slave_1: entered promiscuous mode
[ 1288.940356][T20649] debugfs: 'hsr0' already exists in 'hsr'
[ 1288.946077][T20649] Cannot create hsr debugfs directory
[ 1289.162591][ T5817] Bluetooth: hci10: command tx timeout
[ 1289.249239][ T5817] Bluetooth: hci11: command tx timeout
[ 1290.189156][ T5817] Bluetooth: hci12: command tx timeout
[ 1290.617153][ T5817] Bluetooth: hci13: command tx timeout
[ 1291.386920][ T5817] Bluetooth: hci10: command tx timeout
[ 1291.483217][ T5817] Bluetooth: hci11: command tx timeout
[ 1292.413852][ T5817] Bluetooth: hci12: command tx timeout
[ 1292.841389][ T5817] Bluetooth: hci13: command tx timeout
[ 1295.065797][ T5817] Bluetooth: hci13: command tx timeout
[ 1297.290098][ T5817] Bluetooth: hci13: command tx timeout
[ 1297.889827][T19832] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1298.920327][T15138] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[ 1298.930711][T15138] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[ 1298.938803][T15138] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[ 1298.946548][T15138] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[ 1298.955750][T15138] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[ 1299.132990][T20658] chnl_net:caif_netlink_parms(): no params data found
[ 1299.184731][T20658] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1299.191884][T20658] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1299.199449][T20658] bridge_slave_0: entered allmulticast mode
[ 1299.206404][T20658] bridge_slave_0: entered promiscuous mode
[ 1299.213595][T20658] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1299.220832][T20658] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1299.228091][T20658] bridge_slave_1: entered allmulticast mode
[ 1299.236981][T20658] bridge_slave_1: entered promiscuous mode
[ 1299.260518][T20658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1299.272710][T20658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1299.297468][T20658] team0: Port device team_slave_0 added
[ 1299.304986][T20658] team0: Port device team_slave_1 added
[ 1299.325305][T20658] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1299.332253][T20658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1299.362113][T20658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1299.374118][T20658] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1299.381477][T20658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1299.407675][T20658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1299.442129][T20658] hsr_slave_0: entered promiscuous mode
[ 1299.449600][T20658] hsr_slave_1: entered promiscuous mode
[ 1299.455973][T20658] debugfs: 'hsr0' already exists in 'hsr'
[ 1299.461828][T20658] Cannot create hsr debugfs directory
[ 1301.139918][ T5817] Bluetooth: hci14: command tx timeout
[ 1303.375261][ T5817] Bluetooth: hci14: command tx timeout
[ 1305.588685][ T5817] Bluetooth: hci14: command tx timeout
[ 1307.823740][ T5817] Bluetooth: hci14: command tx timeout
[ 1310.210739][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1332.110258][ T1162] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1347.075963][T15138] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[ 1347.090783][T16905] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[ 1347.091712][T15138] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[ 1347.099102][T16905] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[ 1347.111319][T15138] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[ 1347.115685][T16905] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[ 1347.128486][T15138] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[ 1347.129464][T16905] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[ 1347.137322][T15138] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[ 1347.152925][T16905] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[ 1347.443106][T20674] chnl_net:caif_netlink_parms(): no params data found
[ 1347.513962][T20674] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1347.521236][T20674] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1347.529834][T20674] bridge_slave_0: entered allmulticast mode
[ 1347.538348][T20674] bridge_slave_0: entered promiscuous mode
[ 1347.548963][T20674] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1347.556180][T20674] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1347.563957][T20674] bridge_slave_1: entered allmulticast mode
[ 1347.570708][T20674] bridge_slave_1: entered promiscuous mode
[ 1347.609539][T20674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1347.621731][T20674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1347.666476][T20674] team0: Port device team_slave_0 added
[ 1347.675134][T20674] team0: Port device team_slave_1 added
[ 1347.700724][T20674] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1347.707744][T20674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1347.734336][T20674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1347.747890][T20676] chnl_net:caif_netlink_parms(): no params data found
[ 1347.759835][T20674] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1347.767437][T20674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1347.793646][T20674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1347.869713][T20674] hsr_slave_0: entered promiscuous mode
[ 1347.876539][T20674] hsr_slave_1: entered promiscuous mode
[ 1347.882599][T20674] debugfs: 'hsr0' already exists in 'hsr'
[ 1347.888435][T20674] Cannot create hsr debugfs directory
[ 1347.902204][T20676] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1347.909575][T20676] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1347.917131][T20676] bridge_slave_0: entered allmulticast mode
[ 1347.924044][T20676] bridge_slave_0: entered promiscuous mode
[ 1347.943521][T20676] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1347.950728][T20676] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1347.958029][T20676] bridge_slave_1: entered allmulticast mode
[ 1347.965911][T20676] bridge_slave_1: entered promiscuous mode
[ 1348.006684][T20676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1348.021966][T20676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1348.057246][T20676] team0: Port device team_slave_0 added
[ 1348.068340][T20676] team0: Port device team_slave_1 added
[ 1348.110098][T20676] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1348.117052][T20676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1348.143081][T20676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1348.158232][T20676] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1348.165509][T20676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1348.192132][T20676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1348.245828][T20676] hsr_slave_0: entered promiscuous mode
[ 1348.252566][T20676] hsr_slave_1: entered promiscuous mode
[ 1348.258766][T20676] debugfs: 'hsr0' already exists in 'hsr'
[ 1348.264482][T20676] Cannot create hsr debugfs directory
[ 1348.492511][ T5817] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[ 1348.501045][ T5817] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[ 1348.512193][ T5817] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[ 1348.520637][ T5817] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[ 1348.529595][ T5817] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[ 1348.759618][T20691] chnl_net:caif_netlink_parms(): no params data found
[ 1348.817949][T20691] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1348.825223][T20691] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1348.832492][T20691] bridge_slave_0: entered allmulticast mode
[ 1348.841620][T20691] bridge_slave_0: entered promiscuous mode
[ 1348.849167][T20691] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1348.857510][T20691] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1348.864797][T20691] bridge_slave_1: entered allmulticast mode
[ 1348.872791][T20691] bridge_slave_1: entered promiscuous mode
[ 1348.909141][T20691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1348.931781][T20691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1348.983597][T20691] team0: Port device team_slave_0 added
[ 1348.991979][T20691] team0: Port device team_slave_1 added
[ 1349.027113][T20691] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1349.034103][T20691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1349.065680][T20691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1349.079307][T20691] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1349.086337][T20691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1349.112362][T20691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1349.161835][T20691] hsr_slave_0: entered promiscuous mode
[ 1349.169200][T20691] hsr_slave_1: entered promiscuous mode
[ 1349.175205][T20691] debugfs: 'hsr0' already exists in 'hsr'
[ 1349.182233][T20691] Cannot create hsr debugfs directory
[ 1349.306096][T20693] Bluetooth: hci15: command tx timeout
[ 1349.391440][T20693] Bluetooth: hci16: command tx timeout
[ 1350.760251][   T53] Bluetooth: hci1: command 0x0406 tx timeout
[ 1350.764794][T20693] Bluetooth: hci17: command tx timeout
[ 1350.768337][   T53] Bluetooth: hci6: command 0x0406 tx timeout
[ 1350.772349][T20693] Bluetooth: hci7: command 0x0406 tx timeout
[ 1351.530313][T15138] Bluetooth: hci15: command tx timeout
[ 1351.615826][T15138] Bluetooth: hci16: command tx timeout
[ 1352.983624][ T5817] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1
[ 1352.992139][T16905] Bluetooth: hci17: command tx timeout
[ 1352.994407][ T5817] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9
[ 1353.009669][ T5817] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9
[ 1353.019302][ T5817] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4
[ 1353.026829][ T5817] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2
[ 1353.208629][T20702] chnl_net:caif_netlink_parms(): no params data found
[ 1353.259757][T20702] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1353.267043][T20702] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1353.274351][T20702] bridge_slave_0: entered allmulticast mode
[ 1353.281122][T20702] bridge_slave_0: entered promiscuous mode
[ 1353.288673][T20702] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1353.296004][T20702] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1353.303243][T20702] bridge_slave_1: entered allmulticast mode
[ 1353.310557][T20702] bridge_slave_1: entered promiscuous mode
[ 1353.338602][T20702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1353.351361][T20702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1353.376335][T20702] team0: Port device team_slave_0 added
[ 1353.383704][T20702] team0: Port device team_slave_1 added
[ 1353.403153][T20702] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1353.410093][T20702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1353.438436][T20702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1353.451676][T20702] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1353.459125][T20702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1353.485252][T20702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1353.517835][T20702] hsr_slave_0: entered promiscuous mode
[ 1353.524179][T20702] hsr_slave_1: entered promiscuous mode
[ 1353.530498][T20702] debugfs: 'hsr0' already exists in 'hsr'
[ 1353.536215][T20702] Cannot create hsr debugfs directory
[ 1353.755447][T15138] Bluetooth: hci15: command tx timeout
[ 1353.840409][T15138] Bluetooth: hci16: command tx timeout
[ 1355.208976][T15138] Bluetooth: hci18: command tx timeout
[ 1355.208989][T16905] Bluetooth: hci17: command tx timeout
[ 1355.979165][T15138] Bluetooth: hci15: command tx timeout
[ 1356.065029][T16905] Bluetooth: hci16: command tx timeout
[ 1356.235750][T16905] Bluetooth: hci8: command 0x0406 tx timeout
[ 1357.433726][ T5817] Bluetooth: hci18: command tx timeout
[ 1357.433757][T16905] Bluetooth: hci17: command tx timeout
[ 1359.657640][T16905] Bluetooth: hci18: command tx timeout
[ 1361.883177][T16905] Bluetooth: hci18: command tx timeout
[ 1362.225003][   T31] INFO: task udevd:18631 blocked for more than 143 seconds.
[ 1362.232335][   T31]       Not tainted syzkaller #0
[ 1362.238591][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1362.247856][   T31] task:udevd           state:D stack:24720 pid:18631 tgid:18631 ppid:5184   task_flags:0x400140 flags:0x00080001
[ 1362.259854][   T31] Call Trace:
[ 1362.263122][   T31]  <TASK>
[ 1362.266044][   T31]  __schedule+0x1190/0x5de0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1362.270659][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1362.276038][   T31]  ? blk_mq_flush_plug_list+0x145/0x600
[ 1362.281613][   T30] audit: type=1400 audit(1763824377.005:1991): avc:  denied  { write } for  pid=5797 comm="syz-executor" path="pipe:[4833]" dev="pipefs" ino=4833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1362.304869][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1362.311624][   T31]  ? __pfx___schedule+0x10/0x10
[ 1362.341783][   T31]  ? __blk_flush_plug+0x2f3/0x4b0
[ 1362.346859][   T31]  ? find_held_lock+0x2b/0x80
[ 1362.351549][   T31]  ? schedule+0x2d7/0x3a0
[ 1362.373239][   T31]  schedule+0xe7/0x3a0
[ 1362.377666][   T31]  schedule_timeout+0x123/0x290
[ 1362.382546][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1362.388143][   T31]  ? __pfx_process_timeout+0x10/0x10
[ 1362.393463][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1362.399573][   T31]  ? prepare_to_wait_event+0xd0/0x6a0
[ 1362.404969][   T31]  nbd_queue_rq+0xd12/0x12d0
[ 1362.410098][   T31]  ? __pfx_nbd_queue_rq+0x10/0x10
[ 1362.415792][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1362.421983][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1362.426938][   T31]  blk_mq_dispatch_rq_list+0x416/0x1e20
[ 1362.432690][   T31]  ? sbitmap_find_bit+0x420/0x6f0
[ 1362.437733][   T31]  ? sbitmap_get+0x1e5/0x360
[ 1362.442556][   T31]  ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10
[ 1362.448565][   T31]  ? __blk_mq_alloc_driver_tag+0x4f7/0x7a0
[ 1362.454474][   T31]  __blk_mq_sched_dispatch_requests+0xcb7/0x15f0
[ 1362.460856][   T31]  ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10
[ 1362.467613][   T31]  blk_mq_sched_dispatch_requests+0xd8/0x1b0
[ 1362.473693][   T31]  blk_mq_run_hw_queue+0x239/0x670
[ 1362.478801][   T31]  ? blk_mq_run_hw_queue+0x22b/0x670
[ 1362.484237][   T31]  blk_mq_dispatch_list+0x514/0x1310
[ 1362.489536][   T31]  ? __pfx_blk_mq_dispatch_list+0x10/0x10
[ 1362.495530][   T31]  blk_mq_flush_plug_list+0x130/0x600
[ 1362.500911][   T31]  ? trace_block_plug+0x17f/0x200
[ 1362.506028][   T31]  ? blk_add_rq_to_plug+0x30a/0x540
[ 1362.511236][   T31]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[ 1362.517213][   T31]  ? blk_mq_submit_bio+0x9e6/0x3380
[ 1362.522421][   T31]  __blk_flush_plug+0x2c4/0x4b0
[ 1362.527803][   T31]  ? __pfx___blk_flush_plug+0x10/0x10
[ 1362.533197][   T31]  __submit_bio+0x545/0x690
[ 1362.537835][   T31]  ? bio_associate_blkg_from_css+0x4d5/0x13e0
[ 1362.544065][   T31]  ? __pfx___submit_bio+0x10/0x10
[ 1362.549161][   T31]  ? __pfx_blk_cgroup_bio_start+0x10/0x10
[ 1362.554897][   T31]  ? bio_associate_blkg+0x137/0x2a0
[ 1362.560271][   T31]  ? submit_bio_noacct_nocheck+0x53d/0xc10
[ 1362.566096][   T31]  submit_bio_noacct_nocheck+0x53d/0xc10
[ 1362.571911][   T31]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[ 1362.578173][   T31]  ? __pfx___might_resched+0x10/0x10
[ 1362.583494][   T31]  submit_bio_noacct+0x5bd/0x1f60
[ 1362.588795][   T31]  block_read_full_folio+0x34e/0x850
[ 1362.594117][   T31]  ? __pfx_blkdev_get_block+0x10/0x10
[ 1362.599578][   T31]  ? __pfx_blkdev_read_folio+0x10/0x10
[ 1362.605038][   T31]  filemap_read_folio+0xc8/0x2a0
[ 1362.610196][   T31]  ? __pfx_filemap_read_folio+0x10/0x10
[ 1362.615728][   T31]  ? __filemap_get_folio+0x32b/0xc30
[ 1362.621064][   T31]  do_read_cache_folio+0x263/0x5c0
[ 1362.626168][   T31]  ? __pfx_blkdev_read_folio+0x10/0x10
[ 1362.631700][   T31]  read_part_sector+0xd4/0x370
[ 1362.636991][   T31]  adfspart_check_ICS+0x93/0x940
[ 1362.642006][   T31]  ? snprintf+0xc7/0x100
[ 1362.646251][   T31]  ? __pfx_snprintf+0x10/0x10
[ 1362.650991][   T31]  ? __pfx_adfspart_check_ICS+0x10/0x10
[ 1362.656864][   T31]  ? __pfx_adfspart_check_ICS+0x10/0x10
[ 1362.662457][   T31]  bdev_disk_changed+0x723/0x1520
[ 1362.667551][   T31]  ? __pfx_bdev_disk_changed+0x10/0x10
[ 1362.673034][   T31]  blkdev_get_whole+0x187/0x290
[ 1362.677966][   T31]  bdev_open+0x2c7/0xe40
[ 1362.682219][   T31]  blkdev_open+0x34e/0x4f0
[ 1362.686672][   T31]  do_dentry_open+0x982/0x1530
[ 1362.691455][   T31]  ? __pfx_blkdev_open+0x10/0x10
[ 1362.696454][   T31]  vfs_open+0x82/0x3f0
[ 1362.700522][   T31]  path_openat+0x1de4/0x2cb0
[ 1362.705109][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1362.710116][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1362.715080][   T31]  do_filp_open+0x20b/0x470
[ 1362.719650][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1362.724678][   T31]  ? alloc_fd+0x471/0x7d0
[ 1362.729222][   T31]  do_sys_openat2+0x11b/0x1d0
[ 1362.733887][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1362.739442][   T31]  ? __sys_recvmsg+0x189/0x220
[ 1362.744775][   T31]  ? __pfx___sys_recvmsg+0x10/0x10
[ 1362.749950][   T31]  __x64_sys_openat+0x174/0x210
[ 1362.754801][   T31]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1362.760380][   T31]  do_syscall_64+0xcd/0xfa0
[ 1362.764914][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1362.770916][   T31] RIP: 0033:0x7f62693c8407
[ 1362.775332][   T31] RSP: 002b:00007fffc87b8aa0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1362.783824][   T31] RAX: ffffffffffffffda RBX: 00007f6268d9b880 RCX: 00007f62693c8407
[ 1362.791811][   T31] RDX: 00000000000a0800 RSI: 00005633d39afe30 RDI: ffffffffffffff9c
[ 1362.799758][   T31] RBP: 00005633d376e2c0 R08: 0000000000000000 R09: 0000000000000000
[ 1362.807765][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 00005633d3771830
[ 1362.815781][   T31] R13: 00005633d39a98d0 R14: 0000000000000000 R15: 00005633d3771830
[ 1362.824473][   T31]  </TASK>
[ 1362.827524][   T31] INFO: task syz.2.3956:20487 blocked for more than 143 seconds.
[ 1362.835311][   T31]       Not tainted syzkaller #0
[ 1362.840245][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1362.849115][   T31] task:syz.2.3956      state:D stack:27000 pid:20487 tgid:20486 ppid:16779  task_flags:0x480140 flags:0x00080002
[ 1362.861513][   T31] Call Trace:
[ 1362.864792][   T31]  <TASK>
[ 1362.867850][   T31]  __schedule+0x1190/0x5de0
[ 1362.872392][   T31]  ? __pfx___schedule+0x10/0x10
[ 1362.877322][   T31]  ? find_held_lock+0x2b/0x80
[ 1362.882008][   T31]  ? schedule+0x2d7/0x3a0
[ 1362.886337][   T31]  schedule+0xe7/0x3a0
[ 1362.890511][   T31]  blk_mq_freeze_queue_wait+0x143/0x1b0
[ 1362.896054][   T31]  ? __pfx_blk_mq_freeze_queue_wait+0x10/0x10
[ 1362.902179][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1362.908259][   T31]  ? blk_freeze_queue_start+0xec/0x140
[ 1362.913959][   T31]  queue_limits_commit_update_frozen+0x93/0x110
[ 1362.920259][   T31]  nbd_set_size+0x4da/0x720
[ 1362.924765][   T31]  ? __pfx_nbd_set_size+0x10/0x10
[ 1362.929784][   T31]  ? __asan_memcpy+0x3c/0x60
[ 1362.934419][   T31]  nbd_genl_size_set+0x2d7/0x3e0
[ 1362.939351][   T31]  ? __pfx_nbd_genl_size_set+0x10/0x10
[ 1362.944871][   T31]  ? nbd_genl_reconfigure+0x494/0x1ca0
[ 1362.950344][   T31]  nbd_genl_reconfigure+0x604/0x1ca0
[ 1362.955688][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1362.960890][   T31]  ? __pfx_nbd_genl_reconfigure+0x10/0x10
[ 1362.967261][   T31]  ? __nla_validate_parse+0x600/0x2880
[ 1362.972782][   T31]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x19e/0x290
[ 1362.980203][   T31]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 1362.987617][   T31]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 1362.995232][   T31]  genl_family_rcv_msg_doit+0x209/0x2f0
[ 1363.000808][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1363.006994][   T31]  ? genl_get_cmd+0x194/0x580
[ 1363.011682][   T31]  ? ____sys_sendmsg+0xa98/0xc70
[ 1363.016678][   T31]  ? ___sys_sendmsg+0x134/0x1d0
[ 1363.021525][   T31]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1363.026860][   T31]  genl_rcv_msg+0x55c/0x800
[ 1363.031370][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1363.036390][   T31]  ? __pfx_nbd_genl_reconfigure+0x10/0x10
[ 1363.042162][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1363.047102][   T31]  netlink_rcv_skb+0x158/0x420
[ 1363.051927][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1363.056949][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1363.062289][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1363.067573][   T31]  genl_rcv+0x28/0x40
[ 1363.071635][   T31]  netlink_unicast+0x5aa/0x870
[ 1363.076864][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1363.082501][   T31]  netlink_sendmsg+0x8c8/0xdd0
[ 1363.088396][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1363.093949][   T31]  ____sys_sendmsg+0xa98/0xc70
[ 1363.098710][   T31]  ? copy_msghdr_from_user+0x10a/0x160
[ 1363.104323][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1363.109607][   T31]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1363.115753][   T31]  ___sys_sendmsg+0x134/0x1d0
[ 1363.120440][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1363.125771][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1363.130729][   T31]  __sys_sendmsg+0x16d/0x220
[ 1363.135437][   T31]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1363.140563][   T31]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1363.145559][   T31]  do_syscall_64+0xcd/0xfa0
[ 1363.150059][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1363.155984][   T31] RIP: 0033:0x7f10cd38f749
[ 1363.160389][   T31] RSP: 002b:00007f10ce1b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1363.168984][   T31] RAX: ffffffffffffffda RBX: 00007f10cd5e5fa0 RCX: 00007f10cd38f749
[ 1363.177012][   T31] RDX: 0000000000004000 RSI: 0000200000000200 RDI: 0000000000000004
[ 1363.185480][   T31] RBP: 00007f10cd413f91 R08: 0000000000000000 R09: 0000000000000000
[ 1363.193564][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1363.201707][   T31] R13: 00007f10cd5e6038 R14: 00007f10cd5e5fa0 R15: 00007ffcc13d4d18
[ 1363.209744][   T31]  </TASK>
[ 1363.212777][   T31] INFO: task syz.1.3959:20492 blocked for more than 144 seconds.
[ 1363.220587][   T31]       Not tainted syzkaller #0
[ 1363.225511][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1363.234292][   T31] task:syz.1.3959      state:D stack:28008 pid:20492 tgid:20491 ppid:16235  task_flags:0x400140 flags:0x00080002
[ 1363.246268][   T31] Call Trace:
[ 1363.249535][   T31]  <TASK>
[ 1363.252593][   T31]  __schedule+0x1190/0x5de0
[ 1363.257118][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1363.262119][   T31]  ? __pfx___schedule+0x10/0x10
[ 1363.266999][   T31]  ? find_held_lock+0x2b/0x80
[ 1363.271675][   T31]  ? schedule+0x2d7/0x3a0
[ 1363.276057][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.280725][   T31]  schedule+0xe7/0x3a0
[ 1363.284841][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1363.290309][   T31]  __mutex_lock+0x818/0x1060
[ 1363.295446][   T31]  ? kfree_skbmem+0x1a4/0x1f0
[ 1363.300128][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.304846][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1363.309986][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[ 1363.315541][   T31]  ? __dev_queue_xmit+0xaf1/0x4490
[ 1363.320659][   T31]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1363.326002][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.330675][   T31]  genl_rcv_msg+0x577/0x800
[ 1363.335154][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1363.341586][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1363.346630][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1363.351624][   T31]  netlink_rcv_skb+0x158/0x420
[ 1363.356395][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1363.361484][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1363.366786][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1363.372167][   T31]  genl_rcv+0x28/0x40
[ 1363.376145][   T31]  netlink_unicast+0x5aa/0x870
[ 1363.380960][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1363.386258][   T31]  netlink_sendmsg+0x8c8/0xdd0
[ 1363.391091][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1363.396383][   T31]  __sys_sendto+0x4a3/0x520
[ 1363.401580][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1363.406614][   T31]  ? find_held_lock+0x2b/0x80
[ 1363.411355][   T31]  __x64_sys_sendto+0xe0/0x1c0
[ 1363.416509][   T31]  ? do_syscall_64+0x91/0xfa0
[ 1363.421193][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1363.426555][   T31]  do_syscall_64+0xcd/0xfa0
[ 1363.431066][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1363.437075][   T31] RIP: 0033:0x7fe1df5915dc
[ 1363.441491][   T31] RSP: 002b:00007fe1e0500ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1363.450045][   T31] RAX: ffffffffffffffda RBX: 00007fe1e0500fc0 RCX: 00007fe1df5915dc
[ 1363.458110][   T31] RDX: 000000000000001c RSI: 00007fe1e0501010 RDI: 0000000000000008
[ 1363.466208][   T31] RBP: 0000000000000000 R08: 00007fe1e0500f14 R09: 000000000000000c
[ 1363.474270][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[ 1363.482304][   T31] R13: 00007fe1e0500f68 R14: 00007fe1e0501010 R15: 0000000000000000
[ 1363.490373][   T31]  </TASK>
[ 1363.493394][   T31] INFO: task syz.1.3959:20497 blocked for more than 144 seconds.
[ 1363.501267][   T31]       Not tainted syzkaller #0
[ 1363.506199][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1363.516628][   T31] task:syz.1.3959      state:D stack:28856 pid:20497 tgid:20491 ppid:16235  task_flags:0x400140 flags:0x00080002
[ 1363.528918][   T31] Call Trace:
[ 1363.532197][   T31]  <TASK>
[ 1363.535130][   T31]  __schedule+0x1190/0x5de0
[ 1363.539727][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1363.544677][   T31]  ? __pfx___schedule+0x10/0x10
[ 1363.549533][   T31]  ? find_held_lock+0x2b/0x80
[ 1363.554534][   T31]  ? schedule+0x2d7/0x3a0
[ 1363.558881][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.563657][   T31]  schedule+0xe7/0x3a0
[ 1363.567741][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1363.573338][   T31]  __mutex_lock+0x818/0x1060
[ 1363.577932][   T31]  ? kfree_skbmem+0x1a4/0x1f0
[ 1363.582732][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.588110][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1363.593329][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[ 1363.598649][   T31]  ? __dev_queue_xmit+0xaf1/0x4490
[ 1363.603880][   T31]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1363.609427][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.614132][   T31]  genl_rcv_msg+0x577/0x800
[ 1363.618862][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1363.624725][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1363.629857][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1363.634890][   T31]  netlink_rcv_skb+0x158/0x420
[ 1363.639782][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1363.644806][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1363.650140][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1363.655438][   T31]  genl_rcv+0x28/0x40
[ 1363.660396][   T31]  netlink_unicast+0x5aa/0x870
[ 1363.665197][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1363.670706][   T31]  netlink_sendmsg+0x8c8/0xdd0
[ 1363.675473][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1363.680941][   T31]  __sys_sendto+0x4a3/0x520
[ 1363.685448][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1363.690532][   T31]  ? fd_install+0x225/0x750
[ 1363.695033][   T31]  ? __pfx___sys_socket+0x10/0x10
[ 1363.700162][   T31]  __x64_sys_sendto+0xe0/0x1c0
[ 1363.704930][   T31]  ? do_syscall_64+0x91/0xfa0
[ 1363.709591][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1363.714927][   T31]  do_syscall_64+0xcd/0xfa0
[ 1363.719444][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1363.725521][   T31] RIP: 0033:0x7fe1df5915dc
[ 1363.730569][   T31] RSP: 002b:00007fe1e04dfec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1363.739782][   T31] RAX: ffffffffffffffda RBX: 00007fe1e04dffc0 RCX: 00007fe1df5915dc
[ 1363.747889][   T31] RDX: 000000000000001c RSI: 00007fe1e04e0010 RDI: 000000000000000f
[ 1363.755906][   T31] RBP: 0000000000000000 R08: 00007fe1e04dff14 R09: 000000000000000c
[ 1363.763968][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000f
[ 1363.772274][   T31] R13: 00007fe1e04dff68 R14: 00007fe1e04e0010 R15: 0000000000000000
[ 1363.780318][   T31]  </TASK>
[ 1363.783348][   T31] INFO: task syz.1.3959:20498 blocked for more than 144 seconds.
[ 1363.791551][   T31]       Not tainted syzkaller #0
[ 1363.796531][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1363.805185][   T31] task:syz.1.3959      state:D stack:25232 pid:20498 tgid:20491 ppid:16235  task_flags:0x400140 flags:0x00080002
[ 1363.817130][   T31] Call Trace:
[ 1363.820625][   T31]  <TASK>
[ 1363.823539][   T31]  __schedule+0x1190/0x5de0
[ 1363.828033][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1363.833043][   T31]  ? __pfx___schedule+0x10/0x10
[ 1363.837908][   T31]  ? find_held_lock+0x2b/0x80
[ 1363.843134][   T31]  ? schedule+0x2d7/0x3a0
[ 1363.847480][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.852472][   T31]  schedule+0xe7/0x3a0
[ 1363.856606][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1363.862118][   T31]  __mutex_lock+0x818/0x1060
[ 1363.866706][   T31]  ? kfree_skbmem+0x1a4/0x1f0
[ 1363.871463][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.876132][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1363.881149][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[ 1363.886463][   T31]  ? __dev_queue_xmit+0xaf1/0x4490
[ 1363.891576][   T31]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1363.896908][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1363.901585][   T31]  genl_rcv_msg+0x577/0x800
[ 1363.906293][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1363.911650][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1363.916711][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1363.921663][   T31]  netlink_rcv_skb+0x158/0x420
[ 1363.926463][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1363.931493][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1363.937033][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1363.942305][   T31]  genl_rcv+0x28/0x40
[ 1363.946315][   T31]  netlink_unicast+0x5aa/0x870
[ 1363.951680][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1363.957094][   T31]  netlink_sendmsg+0x8c8/0xdd0
[ 1363.961864][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1363.967294][   T31]  __sys_sendto+0x4a3/0x520
[ 1363.971801][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1363.976809][   T31]  ? find_held_lock+0x2b/0x80
[ 1363.981562][   T31]  __x64_sys_sendto+0xe0/0x1c0
[ 1363.986333][   T31]  ? do_syscall_64+0x91/0xfa0
[ 1363.991037][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1363.996253][   T31]  do_syscall_64+0xcd/0xfa0
[ 1364.000877][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1364.006776][   T31] RIP: 0033:0x7fe1df5915dc
[ 1364.011280][   T31] RSP: 002b:00007fe1e04beec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1364.019689][   T31] RAX: ffffffffffffffda RBX: 00007fe1e04befc0 RCX: 00007fe1df5915dc
[ 1364.027971][   T31] RDX: 0000000000000020 RSI: 00007fe1e04bf010 RDI: 0000000000000015
[ 1364.036000][   T31] RBP: 0000000000000000 R08: 00007fe1e04bef14 R09: 000000000000000c
[ 1364.044018][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000015
[ 1364.051979][   T31] R13: 00007fe1e04bef68 R14: 00007fe1e04bf010 R15: 0000000000000000
[ 1364.060522][   T31]  </TASK>
[ 1364.063620][   T31] INFO: task syz.3.3961:20495 blocked for more than 145 seconds.
[ 1364.071688][   T31]       Not tainted syzkaller #0
[ 1364.076778][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1364.085516][   T31] task:syz.3.3961      state:D stack:25864 pid:20495 tgid:20493 ppid:17158  task_flags:0x400140 flags:0x00080002
[ 1364.097499][   T31] Call Trace:
[ 1364.100775][   T31]  <TASK>
[ 1364.103692][   T31]  __schedule+0x1190/0x5de0
[ 1364.108382][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1364.113344][   T31]  ? __pfx___schedule+0x10/0x10
[ 1364.118295][   T31]  ? find_held_lock+0x2b/0x80
[ 1364.122972][   T31]  ? schedule+0x2d7/0x3a0
[ 1364.127377][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.132132][   T31]  schedule+0xe7/0x3a0
[ 1364.136238][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1364.141899][   T31]  __mutex_lock+0x818/0x1060
[ 1364.146490][   T31]  ? kfree_skbmem+0x1a4/0x1f0
[ 1364.151249][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.155938][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1364.161006][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[ 1364.166303][   T31]  ? __dev_queue_xmit+0xaf1/0x4490
[ 1364.172014][   T31]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1364.177316][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.182145][   T31]  genl_rcv_msg+0x577/0x800
[ 1364.186664][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1364.192192][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1364.197249][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1364.202205][   T31]  netlink_rcv_skb+0x158/0x420
[ 1364.207033][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1364.212063][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1364.217463][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1364.222777][   T31]  genl_rcv+0x28/0x40
[ 1364.226795][   T31]  netlink_unicast+0x5aa/0x870
[ 1364.231567][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1364.236910][   T31]  netlink_sendmsg+0x8c8/0xdd0
[ 1364.241677][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1364.247002][   T31]  __sys_sendto+0x4a3/0x520
[ 1364.251526][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1364.256813][   T31]  ? find_held_lock+0x2b/0x80
[ 1364.261521][   T31]  __x64_sys_sendto+0xe0/0x1c0
[ 1364.266282][   T31]  ? do_syscall_64+0x91/0xfa0
[ 1364.271001][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1364.276195][   T31]  do_syscall_64+0xcd/0xfa0
[ 1364.281525][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1364.287435][   T31] RIP: 0033:0x7fb791b915dc
[ 1364.291978][   T31] RSP: 002b:00007fb7929f0ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1364.300486][   T31] RAX: ffffffffffffffda RBX: 00007fb7929f0fc0 RCX: 00007fb791b915dc
[ 1364.308444][   T31] RDX: 0000000000000020 RSI: 00007fb7929f1010 RDI: 000000000000000a
[ 1364.316495][   T31] RBP: 0000000000000000 R08: 00007fb7929f0f14 R09: 000000000000000c
[ 1364.324497][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000a
[ 1364.332488][   T31] R13: 00007fb7929f0f68 R14: 00007fb7929f1010 R15: 0000000000000000
[ 1364.340458][   T31]  </TASK>
[ 1364.343553][   T31] INFO: task syz.4.3971:20544 blocked for more than 145 seconds.
[ 1364.351268][   T31]       Not tainted syzkaller #0
[ 1364.356414][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1364.365114][   T31] task:syz.4.3971      state:D stack:28008 pid:20544 tgid:20543 ppid:16528  task_flags:0x400140 flags:0x00080002
[ 1364.377244][   T31] Call Trace:
[ 1364.380508][   T31]  <TASK>
[ 1364.383423][   T31]  __schedule+0x1190/0x5de0
[ 1364.388551][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1364.393506][   T31]  ? __pfx___schedule+0x10/0x10
[ 1364.398433][   T31]  ? find_held_lock+0x2b/0x80
[ 1364.403188][   T31]  ? schedule+0x2d7/0x3a0
[ 1364.407570][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.412243][   T31]  schedule+0xe7/0x3a0
[ 1364.416408][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1364.421873][   T31]  __mutex_lock+0x818/0x1060
[ 1364.426466][   T31]  ? kfree_skbmem+0x1a4/0x1f0
[ 1364.431259][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.435937][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1364.441011][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[ 1364.446293][   T31]  ? __dev_queue_xmit+0xaf1/0x4490
[ 1364.452163][   T31]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1364.457463][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.462184][   T31]  genl_rcv_msg+0x577/0x800
[ 1364.466684][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1364.472114][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1364.477128][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1364.482122][   T31]  netlink_rcv_skb+0x158/0x420
[ 1364.486885][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1364.492123][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1364.497884][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1364.503245][   T31]  genl_rcv+0x28/0x40
[ 1364.507215][   T31]  netlink_unicast+0x5aa/0x870
[ 1364.512019][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1364.517369][   T31]  netlink_sendmsg+0x8c8/0xdd0
[ 1364.522139][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1364.527470][   T31]  __sys_sendto+0x4a3/0x520
[ 1364.531967][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1364.537316][   T31]  ? find_held_lock+0x2b/0x80
[ 1364.542000][   T31]  __x64_sys_sendto+0xe0/0x1c0
[ 1364.546861][   T31]  ? do_syscall_64+0x91/0xfa0
[ 1364.551553][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1364.556783][   T31]  do_syscall_64+0xcd/0xfa0
[ 1364.561301][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1364.567246][   T31] RIP: 0033:0x7fdb7ab915dc
[ 1364.571661][   T31] RSP: 002b:00007fdb7ba51ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1364.580125][   T31] RAX: ffffffffffffffda RBX: 00007fdb7ba51fc0 RCX: 00007fdb7ab915dc
[ 1364.588129][   T31] RDX: 000000000000001c RSI: 00007fdb7ba52010 RDI: 0000000000000008
[ 1364.596075][   T31] RBP: 0000000000000000 R08: 00007fdb7ba51f14 R09: 000000000000000c
[ 1364.604078][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[ 1364.612586][   T31] R13: 00007fdb7ba51f68 R14: 00007fdb7ba52010 R15: 0000000000000000
[ 1364.620882][   T31]  </TASK>
[ 1364.623935][   T31] INFO: task syz.4.3971:20545 blocked for more than 145 seconds.
[ 1364.631843][   T31]       Not tainted syzkaller #0
[ 1364.636777][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1364.645514][   T31] task:syz.4.3971      state:D stack:28856 pid:20545 tgid:20543 ppid:16528  task_flags:0x400140 flags:0x00080002
[ 1364.657482][   T31] Call Trace:
[ 1364.660755][   T31]  <TASK>
[ 1364.663755][   T31]  __schedule+0x1190/0x5de0
[ 1364.668281][   T31]  ? __lock_acquire+0x622/0x1c90
[ 1364.673270][   T31]  ? __pfx___schedule+0x10/0x10
[ 1364.678121][   T31]  ? find_held_lock+0x2b/0x80
[ 1364.682773][   T31]  ? schedule+0x2d7/0x3a0
[ 1364.687143][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.691822][   T31]  schedule+0xe7/0x3a0
[ 1364.695949][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1364.701426][   T31]  __mutex_lock+0x818/0x1060
[ 1364.706066][   T31]  ? kfree_skbmem+0x1a4/0x1f0
[ 1364.710728][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.716193][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1364.721216][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[ 1364.726722][   T31]  ? __dev_queue_xmit+0xaf1/0x4490
[ 1364.731883][   T31]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1364.737232][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.741906][   T31]  genl_rcv_msg+0x577/0x800
[ 1364.746384][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1364.752268][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1364.757285][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1364.762261][   T31]  netlink_rcv_skb+0x158/0x420
[ 1364.767022][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1364.772098][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1364.777396][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1364.782757][   T31]  genl_rcv+0x28/0x40
[ 1364.786733][   T31]  netlink_unicast+0x5aa/0x870
[ 1364.791622][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1364.796924][   T31]  netlink_sendmsg+0x8c8/0xdd0
[ 1364.801739][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1364.807026][   T31]  __sys_sendto+0x4a3/0x520
[ 1364.811513][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1364.816597][   T31]  ? fd_install+0x225/0x750
[ 1364.821099][   T31]  ? __pfx___sys_socket+0x10/0x10
[ 1364.826659][   T31]  __x64_sys_sendto+0xe0/0x1c0
[ 1364.831438][   T31]  ? do_syscall_64+0x91/0xfa0
[ 1364.836186][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1364.841459][   T31]  do_syscall_64+0xcd/0xfa0
[ 1364.846188][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1364.852095][   T31] RIP: 0033:0x7fdb7ab915dc
[ 1364.856544][   T31] RSP: 002b:00007fdb7ba30ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1364.864979][   T31] RAX: ffffffffffffffda RBX: 00007fdb7ba30fc0 RCX: 00007fdb7ab915dc
[ 1364.873016][   T31] RDX: 000000000000001c RSI: 00007fdb7ba31010 RDI: 000000000000000f
[ 1364.881321][   T31] RBP: 0000000000000000 R08: 00007fdb7ba30f14 R09: 000000000000000c
[ 1364.889349][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000f
[ 1364.897317][   T31] R13: 00007fdb7ba30f68 R14: 00007fdb7ba31010 R15: 0000000000000000
[ 1364.905392][   T31]  </TASK>
[ 1364.908440][   T31] INFO: task syz.4.3971:20546 blocked for more than 145 seconds.
[ 1364.916152][   T31]       Not tainted syzkaller #0
[ 1364.921192][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1364.929904][   T31] task:syz.4.3971      state:D stack:25232 pid:20546 tgid:20543 ppid:16528  task_flags:0x400140 flags:0x00080002
[ 1364.942457][   T31] Call Trace:
[ 1364.945740][   T31]  <TASK>
[ 1364.948763][   T31]  __schedule+0x1190/0x5de0
[ 1364.953360][   T31]  ? __pfx___schedule+0x10/0x10
[ 1364.958231][   T31]  ? find_held_lock+0x2b/0x80
[ 1364.964330][   T31]  ? schedule+0x2d7/0x3a0
[ 1364.968702][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1364.976142][   T31]  schedule+0xe7/0x3a0
[ 1364.980290][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1364.985952][   T31]  __mutex_lock+0x818/0x1060
[ 1364.990537][   T31]  ? kfree_skbmem+0x1a4/0x1f0
[ 1364.995295][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1365.000009][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1365.005209][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[ 1365.010487][   T31]  ? __dev_queue_xmit+0xaf1/0x4490
[ 1365.015695][   T31]  ? __radix_tree_lookup+0x21f/0x2c0
[ 1365.020989][   T31]  ? genl_rcv_msg+0x577/0x800
[ 1365.025654][   T31]  genl_rcv_msg+0x577/0x800
[ 1365.030276][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1365.035652][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1365.040727][   T31]  ? __lock_acquire+0xb8a/0x1c90
[ 1365.046099][   T31]  netlink_rcv_skb+0x158/0x420
[ 1365.051184][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1365.056215][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1365.061648][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1365.066941][   T31]  genl_rcv+0x28/0x40
[ 1365.070981][   T31]  netlink_unicast+0x5aa/0x870
[ 1365.075743][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1365.081275][   T31]  netlink_sendmsg+0x8c8/0xdd0
[ 1365.086059][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1365.091459][   T31]  __sys_sendto+0x4a3/0x520
[ 1365.095970][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1365.101067][   T31]  ? find_held_lock+0x2b/0x80
[ 1365.105752][   T31]  __x64_sys_sendto+0xe0/0x1c0
[ 1365.110508][   T31]  ? do_syscall_64+0x91/0xfa0
[ 1365.115241][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1365.120435][   T31]  do_syscall_64+0xcd/0xfa0
[ 1365.124990][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1365.130879][   T31] RIP: 0033:0x7fdb7ab915dc
[ 1365.135387][   T31] RSP: 002b:00007fdb7ba0fec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1365.143901][   T31] RAX: ffffffffffffffda RBX: 00007fdb7ba0ffc0 RCX: 00007fdb7ab915dc
[ 1365.151922][   T31] RDX: 0000000000000020 RSI: 00007fdb7ba10010 RDI: 0000000000000015
[ 1365.160521][   T31] RBP: 0000000000000000 R08: 00007fdb7ba0ff14 R09: 000000000000000c
[ 1365.168657][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000015
[ 1365.176724][   T31] R13: 00007fdb7ba0ff68 R14: 00007fdb7ba10010 R15: 0000000000000000
[ 1365.184705][   T31]  </TASK>
[ 1365.187804][   T31] 
[ 1365.187804][   T31] Showing all locks held in the system:
[ 1365.195517][   T31] 1 lock held by khungtaskd/31:
[ 1365.200657][   T31]  #0: ffffffff8e3c4760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1365.210551][   T31] 1 lock held by klogd/5173:
[ 1365.215133][   T31]  #0: ffff8880b843a398 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130
[ 1365.225251][   T31] 2 locks held by getty/5576:
[ 1365.229960][   T31]  #0: ffff888035c0d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1365.239728][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1365.249942][   T31] 3 locks held by kworker/u9:3/16905:
[ 1365.255348][   T31]  #0: ffff8880571f7148 ((wq_completion)hci9){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1365.266347][   T31]  #1: ffffc9000c4c7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1365.278431][   T31]  #2: ffff888062538dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x175/0x430
[ 1365.288344][   T31] 3 locks held by udevd/18631:
[ 1365.293109][   T31]  #0: ffff888142bc9358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[ 1365.302471][   T31]  #1: ffff88814277ab90 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x22b/0x670
[ 1365.312069][   T31]  #2: ffff888026354938 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xbd/0x12d0
[ 1365.321277][   T31] 6 locks held by syz.2.3956/20487:
[ 1365.326503][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.334673][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.343670][   T31]  #2: ffff88802629ca70 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_reconfigure+0x487/0x1ca0
[ 1365.354069][   T31]  #3: ffff888142b7f2f8 (&q->limits_lock){+.+.}-{4:4}, at: nbd_set_size+0x2b6/0x720
[ 1365.363543][   T31]  #4: ffff888142b7ec98 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[ 1365.375799][   T31]  #5: ffff888142b7ecd0 (&q->q_usage_counter(queue)#33){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[ 1365.387929][   T31] 2 locks held by syz.1.3959/20492:
[ 1365.393173][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.401396][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.410379][   T31] 2 locks held by syz.1.3959/20497:
[ 1365.415658][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.423887][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.433217][   T31] 2 locks held by syz.1.3959/20498:
[ 1365.438403][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.446620][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.455618][   T31] 2 locks held by syz.3.3961/20495:
[ 1365.460796][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.468996][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.478015][   T31] 2 locks held by syz.4.3971/20544:
[ 1365.483626][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.491902][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.501020][   T31] 2 locks held by syz.4.3971/20545:
[ 1365.506195][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.514420][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.523410][   T31] 2 locks held by syz.4.3971/20546:
[ 1365.528618][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.536836][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.545829][   T31] 2 locks held by syz.0.3977/20567:
[ 1365.551268][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.559453][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.569141][   T31] 2 locks held by syz-executor/20571:
[ 1365.574667][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.582945][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.592484][   T31] 2 locks held by syz-executor/20573:
[ 1365.597930][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.606315][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.615409][   T31] 2 locks held by syz-executor/20589:
[ 1365.620767][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.628985][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.637990][   T31] 2 locks held by syz-executor/20598:
[ 1365.643353][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.651719][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.660798][   T31] 2 locks held by syz-executor/20607:
[ 1365.666510][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.674986][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.684022][   T31] 2 locks held by syz-executor/20623:
[ 1365.689414][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.697586][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.707078][   T31] 2 locks held by syz-executor/20625:
[ 1365.712515][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.720870][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.730000][   T31] 2 locks held by syz-executor/20640:
[ 1365.735634][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.743861][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.752926][   T31] 2 locks held by syz-executor/20649:
[ 1365.758354][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.766556][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.775546][   T31] 2 locks held by syz-executor/20658:
[ 1365.780912][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.789289][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.798609][   T31] 2 locks held by syz-executor/20674:
[ 1365.803973][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.813213][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.822622][   T31] 2 locks held by syz-executor/20676:
[ 1365.829289][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.837505][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.846705][   T31] 2 locks held by syz-executor/20691:
[ 1365.852103][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.860420][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.869406][   T31] 2 locks held by syz-executor/20702:
[ 1365.874858][   T31]  #0: ffffffff9018bad0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1365.883277][   T31]  #1: ffffffff9018bb88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[ 1365.892381][   T31] 
[ 1365.894703][   T31] =============================================
[ 1365.894703][   T31] 
[ 1365.905373][   T31] NMI backtrace for cpu 0
[ 1365.905388][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1365.905408][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1365.905417][   T31] Call Trace:
[ 1365.905423][   T31]  <TASK>
[ 1365.905431][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1365.905453][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1365.905476][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1365.905502][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1365.905527][   T31]  watchdog+0xf3f/0x1170
[ 1365.905553][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1365.905575][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1365.905595][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1365.905614][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1365.905640][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1365.905662][   T31]  kthread+0x3c5/0x780
[ 1365.905679][   T31]  ? __pfx_kthread+0x10/0x10
[ 1365.905697][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1365.905719][   T31]  ? __pfx_kthread+0x10/0x10
[ 1365.905737][   T31]  ret_from_fork+0x675/0x7d0
[ 1365.905753][   T31]  ? __pfx_kthread+0x10/0x10
[ 1365.905770][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1365.905806][   T31]  </TASK>
[ 1365.905813][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1366.028029][    C1] NMI backtrace for cpu 1
[ 1366.028042][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1366.028058][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1366.028067][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1366.028091][    C1] Code: a7 6c 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 55 29 00 fb f4 <e9> 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 1366.028104][    C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
[ 1366.028116][    C1] RAX: 0000000007655fcb RBX: 0000000000000001 RCX: ffffffff8b60d2a9
[ 1366.028126][    C1] RDX: 0000000000000000 RSI: ffffffff8da2c59c RDI: ffffffff8bf073c0
[ 1366.028135][    C1] RBP: ffffed1003ad7490 R08: 0000000000000001 R09: ffffed10170a6655
[ 1366.028144][    C1] R10: ffff8880b85332ab R11: 0000000000000001 R12: 0000000000000001
[ 1366.028152][    C1] R13: ffff88801d6ba480 R14: ffffffff908216d0 R15: 0000000000000000
[ 1366.028161][    C1] FS:  0000000000000000(0000) GS:ffff888124b05000(0000) knlGS:0000000000000000
[ 1366.028175][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1366.028184][    C1] CR2: 000055928fb28ad8 CR3: 000000000e182000 CR4: 00000000003526f0
[ 1366.028193][    C1] Call Trace:
[ 1366.028197][    C1]  <TASK>
[ 1366.028202][    C1]  default_idle+0x13/0x20
[ 1366.028217][    C1]  default_idle_call+0x6c/0xb0
[ 1366.028231][    C1]  do_idle+0x38d/0x500
[ 1366.028250][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1366.028266][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[ 1366.028282][    C1]  cpu_startup_entry+0x4f/0x60
[ 1366.028299][    C1]  start_secondary+0x21d/0x2b0
[ 1366.028318][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1366.028337][    C1]  common_startup_64+0x13e/0x148
[ 1366.028357][    C1]  </TASK>
[ 1366.331964][ T3025] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1367.186328][T15138] Bluetooth: hci9: command 0x0406 tx timeout