last executing test programs:

16.946684988s ago: executing program 4 (id=851):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000b1bc922f0d8f8c7cf94b4aacf8155417dee36022c0c3a5e4f19a44955afc287c74d46d08f25788e875151bcfebf90f79fb5207a01a9ded6ed0"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000180)='skb_copy_datagram_iovec\x00', r4}, 0x10)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
recvfrom$inet6(r5, 0x0, 0x0, 0x40000040, 0x0, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r5, 0x40309410, &(0x7f0000000040)={0x6, 0x7, 0x1, 0x6, 0x3, [0x7, 0x0, 0x39bb, 0x8000]})
sendmsg$unix(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)="0f83", 0x2}], 0x1}, 0x20000001)
recvmsg$unix(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)

16.084171566s ago: executing program 0 (id=856):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000000), 0x8)
setsockopt$sock_int(r3, 0x1, 0x21, &(0x7f0000000100), 0x4)
getsockopt$inet6_tcp_buf(r3, 0x6, 0x1a, 0x0, &(0x7f0000000040))
syz_emit_ethernet(0x5e, &(0x7f0000000080)={@random="3e74d680d863", @empty, @val={@val={0x88a8, 0x1, 0x1}, {0x8100, 0x0, 0x1}}, {@canfd={0xd, {{0x2}, 0xf, 0x1, 0x0, 0x0, "6ad85234b3f45b9d81281401984347913b5787a6c0360a0ba6ab057b06ae4168cd353af4653c546f57d2dc710c157aec9754f2ab03db28cb39b64fc6d0a249ac"}}}}, &(0x7f0000000140)={0x0, 0x4, [0x528, 0xb95, 0xef8, 0xa25]})
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0)
r8 = open(0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000300)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x111091, 0x0)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000480)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r9, 0x84, 0x23, &(0x7f0000000040)={r10}, 0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f00000002c0)={r10, 0x7, 0x20}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000008200000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)

15.064010781s ago: executing program 1 (id=860):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00ff00001000000000e7cfd4ed00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r1, 0x84, 0x80, 0x0, &(0x7f0000001080))
r2 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r5}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = getpid()
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70300"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380), 0x30001, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000003c0)=@o_path={&(0x7f00000002c0)='./file0\x00', r2, 0x4000, r9}, 0x18)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x4}]}}]}, 0x40}}, 0x0)
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r10, 0x800452d2, &(0x7f0000000100))
ioctl$PTP_PIN_GETFUNC2(0xffffffffffffffff, 0xc0603d0f, &(0x7f0000000080)={'\x00', 0x40, 0x2, 0x2e})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ec3ca1c0c"], 0x7)
syz_usb_connect(0x0, 0x17e, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000965bb108a1172801f6050102030109026c0101000000000904"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000))
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

14.810392518s ago: executing program 4 (id=863):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000000700207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000008500000050000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
chdir(0x0)
r1 = socket(0x1, 0x2, 0x0)
ioctl$int_in(r1, 0x5452, 0x0)
sendto$unix(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000440)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4d0fd6cf", @ANYRES16=r2, @ANYRESHEX=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000811}, 0x40008d5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r3)
mount(0x0, &(0x7f0000000000)='./file1/file0\x00', &(0x7f00000005c0)='ncpfs\x00', 0x1c0002, 0x0)
r4 = inotify_init1(0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
fcntl$getownex(r4, 0x10, &(0x7f0000000140)={0x0, <r5=>0x0})
r6 = syz_open_procfs(r5, &(0x7f0000000600)='fd/4\x00')
lseek(r6, 0xe00000, 0x3)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r7 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r7, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000000be28d04ed83f030091000000000000a11ddbcf10d68c6265469a9cc705a34c7b8e4016e331ba5e0000800000001100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r9}, 0x10)
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0)
linkat(r7, &(0x7f0000000100)='./file1\x00', r7, &(0x7f0000000240)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file1/file0\x00', 0x0)

13.630985036s ago: executing program 3 (id=864):
io_uring_register$IORING_REGISTER_ENABLE_RINGS(0xffffffffffffffff, 0xc, 0x0, 0x0)

13.614133891s ago: executing program 0 (id=865):
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000))
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r7 = dup(r4)
ioctl$NBD_SET_SOCK(r6, 0xab00, r7)
ioctl$NBD_SET_SOCK(r6, 0xab00, 0xffffffffffffffff)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)

13.613750002s ago: executing program 2 (id=866):
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000))
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x4018bc0e, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r7 = dup(r4)
ioctl$NBD_SET_SOCK(r6, 0xab00, r7)
ioctl$NBD_SET_SOCK(r6, 0xab00, 0xffffffffffffffff)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)

13.280914739s ago: executing program 3 (id=867):
socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x5, &(0x7f0000001080)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce60300c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35179bd223ec839bc16ee78076e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e898d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f192daa94a0c556f3218ce740068725c37074e468ee207d0f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9f74fbe9c3c6fca5cbfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e26183524cf5cc1b83d34889f40159e800ea2474b540500a30b23bcee46762e2c93bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ff80e87adf394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0b2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869ba2f3caba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958ad009995ae166deb9856291a43a6f7eb2e32cefbf463789e1f79b8d4c22be89f44b032dad13007b82e6044f643fc8cd0e30c378b4a88c39c117d27326850a7c3b570863f532c218b10af13d7be949870c9920c2d2a53b384e88862ee92fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a25468e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361f399d7c091d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8fc90f000000000000eef2e5eb804b9d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e84256f2d62d03cab53aa50c3e6000000000000000000000000000000000000283cbeeb000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edf0a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b404797056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab517124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e030000000000000000000000e14908d973262569d0d6ce62cf3a30aa342f960e838fa39b97e0bf1bc6482bb99717d37b7a54d1e9d794b527a8317efbb1d5f9988e00283c36089e9ab5ee537124396e2964776eb5f02b739260b1371c97158d84ecfd6fadede98c608f4fab805c43e8eaa367f1bf2fad8ccdb058e16c810ddcc543ae417a92f0de850d4180ff08bd2857ebfef435ad23a0cc7bfe8a7928cd9d4ed249cdfc7fcdcf5275c93483be5ebb81af35375e441b09c908e45df79d3b00f031b0ec1e9f3683ded75b1fc9f72af8d690356f9bd26e8ee631b5775b60659ef1aeb789b54aad2004eea0ff225f69a62632574a2a135aa6313aabb5a7fe3ed2a77579ceb4d4af57252a4e8b3aa2a1edb8d6e79eb4aa8b9e9c470d7b53d6d2fd095119a441e19d348e8a774808dbde6b1d4ff83ff3ba6ebfaa4d48f8ce0577e20ea2fe2213946e416d0e08c15016b39eeac426be0a69014bd81d9adb00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x20, 0x3, 0x10, 0xb483, 0x8e8189e6de8dedf8, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x200, 0x0, @value, @void, @value}, 0x48)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100))

11.1789043s ago: executing program 4 (id=868):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c1300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000048aa5e6c85000000040000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, 0x0, 0x0)
socket(0x11, 0x800000003, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x2c41, 0x0)
flock(r2, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000004004880)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000700)={{0x1, 0x1, 0x18, r0, {0x8001}}, './file0\x00'})

11.075167608s ago: executing program 2 (id=869):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r1, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x0)
utime(&(0x7f0000000200)='./file0\x00', 0x0)
umount2(0x0, 0x2)
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, &(0x7f0000000080))

10.254133905s ago: executing program 0 (id=870):
creat(&(0x7f0000000000)='./bus\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_io_uring_setup(0x24fa, &(0x7f00000001c0)={0x0, 0x0, 0x10100}, &(0x7f0000000500)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x3f00, 0x0, 0x0)

9.298999081s ago: executing program 3 (id=871):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
poll(&(0x7f00000000c0), 0x0, 0xf45)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000240), 0x4)

9.282946002s ago: executing program 2 (id=872):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6}]}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x44, &(0x7f0000000000)={0x0, 0x0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000001800010000000000000000000a00000000000000000000000c001600080001000800000008"], 0x38}}, 0x0)
syz_usb_connect(0x1, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000009a65d0860040800dec30102030109021b050000000000090400000178eaf50009058402"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)={0x32, 0x2, '\x00', [@padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x8}, @enc_lim={0x4, 0x1, 0x2}]}, 0x20)
getsockopt$netlink(r1, 0x10e, 0x6, &(0x7f0000000400)=""/84, &(0x7f0000000100)=0xfffffffffffffd3b)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="200fd2", @ANYRES8=0x0, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$snapshot(0xffffff9c, &(0x7f00000001c0), 0x90e0b30419671612, 0x0)

9.195344096s ago: executing program 4 (id=873):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0xf5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000180)='skb_copy_datagram_iovec\x00', r4}, 0x10)
sendmsg$unix(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)="0f83", 0x2}], 0x1}, 0x20000001)
recvmsg$unix(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)

9.131014086s ago: executing program 0 (id=874):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x54, 0x75, 0x4e, 0x8, 0x5ac, 0x5b13, 0x9239, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xfd, 0x1}}]}}]}}, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0xfdfd, 0x35315258, 0xf00, 0x870, 0x0, @stepwise})

9.130746166s ago: executing program 1 (id=875):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa)
sendmsg$nl_route_sched(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x9}, 0x1, r2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) (fail_nth: 4)

8.718963035s ago: executing program 1 (id=876):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000444ff8), 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@private, 0x0, 0x32}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x7}}, 0xe8)
sendmmsg(r6, &(0x7f0000000480), 0x2e9, 0x0)
bind$inet6(r6, &(0x7f0000000100)={0xa, 0xe22, 0x0, @empty}, 0x1b)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)

6.584172697s ago: executing program 1 (id=877):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000740)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
syz_open_dev$sg(0x0, 0x7fffffffffffffff, 0x8800)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
r4 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r4, 0x29, 0xd0, &(0x7f0000000240), 0x4)
r5 = syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r5, 0x2275, 0x0)
ioctl$SG_BLKSECTGET(r5, 0x1267, &(0x7f0000000100))
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x3, 0x1})
ioctl$SG_GET_TIMEOUT(r3, 0x2202, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000000))
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000380)={0x100, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
r8 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x0)
ioctl$SG_BLKSECTGET(r8, 0x1267, &(0x7f00000001c0))

6.536055421s ago: executing program 3 (id=878):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), 0xffffffffffffffff)
prlimit64(0x0, 0xd, &(0x7f0000000440)={0x800000000005, 0x8000000000202003}, 0x0) (async)
prlimit64(0x0, 0xd, &(0x7f0000000440)={0x800000000005, 0x8000000000202003}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000940)={0x356, 0x21, 0x5f0, 0x7a0, 0x0, 0x10000000, 0x0, 0x0, {}, {}, {0x0, 0x4000}, {0x0, 0x6, 0x1}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0xc}) (async)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000940)={0x356, 0x21, 0x5f0, 0x7a0, 0x0, 0x10000000, 0x0, 0x0, {}, {}, {0x0, 0x4000}, {0x0, 0x6, 0x1}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0xc})
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x100000000000009)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
r6 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r6, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20005810)
sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @dev}, 0x10, 0x0}, 0x30044041)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[], 0x14}}, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[], 0x14}}, 0x0)
r7 = socket(0x11, 0xa, 0x0)
write$vga_arbiter(r1, &(0x7f00000003c0)=@other={'unlock', ' ', 'io+mem'}, 0xe)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000040)=0xa0, 0x4) (async)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000040)=0xa0, 0x4)

6.169069363s ago: executing program 4 (id=879):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000180)={0x0, 0x0, 0x100000}, 0x20)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000008080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x160)

5.291145459s ago: executing program 1 (id=880):
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000))
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r7 = dup(r4)
ioctl$NBD_SET_SOCK(r6, 0xab00, r7)
ioctl$NBD_SET_SOCK(r6, 0xab00, 0xffffffffffffffff)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)

5.178920578s ago: executing program 2 (id=881):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x1011, r3, 0x0)
r4 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS64(r4, 0xc0385720, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r5, 0x5412, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x5, 0x80040)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000180)=0xa)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000300)=0x3f)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000003000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000001140000001100010000000000000000000000000a5c257119fd1220ba82ae0adc4264f22416a39a9ecebdfd60d31e0dca2b4f32b0e9c5387502fbc1dad926247db3d7fa1f16527784b90389c5aa87b4acde18c53fb803f8ed76f3b1eaaa45fb0448c2ffac5f347b5fd5e5872d0191aa40d0fbea829ebe684e2b626992"], 0x64}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'erspan0\x00'})

5.17109373s ago: executing program 4 (id=882):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r1, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)

3.861730505s ago: executing program 3 (id=883):
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x13, 0x7c5, 0x1, 0x2, 0xd59f80, 0x4, 0x5, 0xb, 0x8, 0x5, 0x722, 0x200, 0x7, 0x8, 0x2b, 0x27, {0xffff945a, 0x1}, 0x3, 0xf1}})
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, 0x0, &(0x7f00000005c0))
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r6 = dup(r5)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000000020042, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000240)={0x5})
r8 = dup(r7)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9beb010018000000000000001c0000001c00000004000000000000000000009302000000b36e000000000000000f02000000ddc600000000"], 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
sendfile(r8, r6, 0x0, 0x89ffc)
r9 = socket$inet_sctp(0x2, 0x0, 0x84)
r10 = add_key$user(&(0x7f0000000040), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000700)="df24ead320b4dae0859dec60eb0dcc2dc884fd6c88cfeb62ae4c2f2c8581d69df21eb01bc69da23bd57868b2a256c16da38c11e08c3c29dda7a9a5a5d8a838d233b2b0456e3f234c4631071ea196a961cbd82f7162017b5c3e0f63d49402245fc809837fef7fcd4e0851cbfb4290a0be7c129e787de71ab075f86581f2ed4b795935cd7b8f55f97707b07a902f1739a9d197fbedd3aefd0fbcfce7a2a6a7c93cdeecc7e484b2ee736a9cb30ab98920bede4f7a77cc6e9f6e929f0ef50fcd36a8816d54413b", 0xc5, 0xfffffffffffffffe)
r11 = add_key$user(&(0x7f00000004c0), &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000200)="cc", 0x1, 0xffffffffffffffff)
r12 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000500)="da1103b23d6e9ec7b0960f8a45520fdee8bbafd038af5357cc2bf5969a77a332ef6c7c1a675389b16063696dee3af27a8f971dbce5b93d02d840ee08d2d124e67fa17642c4d99d45aa878237a1663a31f7ef396e4b22348c06000000ac87d8f9f5d19ceb0609e3b019c0a4814a268de5def201eb268f1dfb204aa37d70e75db23f9449afe074d5c17bd43d8450cefcb35bdabe30f169ea854c0d09bad3caab3dadbbcc04d1f6e2403c2ca21f837f62901da7a98ab45d458273ad1b8e46d5b95f20a7fe6f22a6a6bee5edd88147fba2164e2860f100104d923664f113e5ff8e258bda92eb9ea08b80e4f858457c81d574359e96b6c45d6a313e209a153878fcaabd", 0x101, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000400)={r11, r10, r12}, 0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={'wp384\x00'}})
sendmmsg$inet_sctp(r9, &(0x7f00000005c0)=[{&(0x7f0000000000)=@in={0x2, 0x0, @dev}, 0xffffffffffffff75, &(0x7f0000000080)=[{&(0x7f0000000100)='\a', 0x1}], 0x1}], 0x1, 0x0)
add_key$keyring(0x0, &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)

3.437829226s ago: executing program 2 (id=884):
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x408, 0x103)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x50565559}})
socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPVS_CMD_FLUSH(r2, 0x0, 0x24008000)

2.691210387s ago: executing program 0 (id=885):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
chdir(&(0x7f0000000040)='./file0\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="140000000400000008000000a40000000000000044e095c72fac36a3f7e0ec84f52b3e5963c7d994cdd08a786b55f8b69809065530e26440d42b06985df4341fbc180000000000000064b3f9d2dcd6b4f8248a2f08d959750b18f025f59730265db4b7605b29d2ebffe8510645959504d1e63c19e2f5e3a3a4ab411745179f7ad0ce0000000000000064d3bc8a803abcba32bc8fc175c02710e3bd1a2c19f51e353bbd90cb066314c0fc886814d6807e75acb3546a2806628c11da4ddbcd97841dea041f0994173cf506f3cb7074c2fb8cc8ffc8f584f6932554f9769d058a7201dc8af4c7a54c6564913735e1f5a6768a0cf2543eb11121e258f19db8bdc1313df4e15d933f6da0acfe47176d7eeb00f847cc65a3401b720101ba0954e54035297f86bba7b6426ebfd307e3902573711fcfb79f18beaf9a2b654cf52ff9a58545eb5c564f9b06482e0dc1e45dd4d45531c5f1706436ea3dcfe8070e8c9dc1a0e2824a080b00618d51790e0c4a2ef68831d36be9a5348e6a30963dcc8a7715c05cc6e79af7d6d6b9724d950efe33cb5ab3c6bc9c2e3ab37964a5523e091df718e59ffcf4e8c55c2e15aa5a901247eacd55f0cd30a48569dbc2cc7951d463e14f079361c422586e75474d3b17d3f0b4fb70048ef7621155284a8782ae633d29fbad0a76361469883dbd3577fa338c07a0b5000000000000000000000a52444780e1295c162a566ebb0728e0a34bea214bec8fd32739d2a4d3585e9d1187365e4218be5461ef24f75f7567807fe223e2857c57427f9e9e3a74351d3a3ca53fb2242b4adfe61e85a5b018037c10892692b05f71776d287689cb3365b4840677", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="e29adfe46fe43ca8"], 0x48)
ioctl$TIOCSTI(0xffffffffffffffff, 0x541b, &(0x7f0000000280)=0xf9)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xffffff19)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a3100000000080002400000000120000000000a03000000000000000000070000000900010073797a310000000028000000000a030000000000000000000200000008000240000000000900010073797a3100e90000140000001100010000000000000000000000000a85ee017ddcd22ee2df60c7fedf13a032d70eb1d8fb0098b88b30e199562b4b467fc3403f2f438c106e06fe9e284008bc32e22b4f9db50d024257e6b62af719c216f457635114f866511d1d21de2fca236c6c4ab217cfe223f87c324941d8e3d09fee122b26e76423b9f3265ad9541bdd0b8bd57720378d7824d88f3bf232f74f7731869d456499ea8ce565"], 0x98}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r1, &(0x7f0000000280), 0x0}, 0x20)
r3 = dup2(r0, r0)
setrlimit(0x2, &(0x7f00000000c0)={0x0, 0x8})
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000000)={0x7, 0x1, 0x0, "adbdeec74e8e4aea6adda300"})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r5 = syz_io_uring_setup(0x24f9, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, &(0x7f0000002b80), 0x41000004, 0x0)
write$UHID_CREATE2(r8, &(0x7f00000001c0)=ANY=[@ANYBLOB='\"'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x13, r8, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r5, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000080)={0x1, &(0x7f0000000580)=[{0x5}]})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x13)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$VFAT_IOCTL_READDIR_SHORT(r1, 0x82307202, &(0x7f0000000480)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

2.690759778s ago: executing program 1 (id=886):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = gettid()
r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r2, &(0x7f0000000080), 0x10)
listen(r2, 0x0)
accept4$llc(r2, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0xc, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000001340)=""/102378, 0x7706c522012798af)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa10000000000000701000000feffffbfa40000000000000704000000feffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000c5000000950000194651301fa0791cb1b070b1240000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'sit0\x00', &(0x7f00000003c0)={'gretap0\x00', <r5=>0x0, 0x20, 0x20, 0x0, 0x5, {{0xd, 0x4, 0x1, 0x30, 0x34, 0x65, 0x0, 0x9, 0x2f, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp={0x44, 0x14, 0x56, 0x0, 0x3, [0x2400, 0x8, 0x80, 0x81]}, @timestamp={0x44, 0xc, 0x6d, 0x0, 0x9, [0xffff, 0x200]}]}}}}})
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x80)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1c000000c0e43866023d7db7eef43e6e50d69f7a9901", @ANYRES32=r0, @ANYBLOB="0100"/20, @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="01000000040000000400"/20, @ANYRES32=r7, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x5, '\x00', r5, r7, 0x1, 0x2, 0x5, 0x0, @void, @value, @void, @value}, 0x50)

1.660739267s ago: executing program 3 (id=887):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r1, &(0x7f0000000fc0)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x31}, 0x80, &(0x7f0000001000)=[{&(0x7f0000001040)="b8b2cc1e00c1dba49dbb66ca3a66bb0280000788fb", 0x15}], 0x1}, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r3, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000000), r2)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00')
r5 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x106}}, 0x20)
sendmsg$SEG6_CMD_DUMPHMAC(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r3, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0x9}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x60000000}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r7, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), r6)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r9, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
set_mempolicy(0x3, 0x0, 0x7)
mlockall(0x7)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)

855.05275ms ago: executing program 2 (id=888):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
poll(&(0x7f00000000c0), 0x0, 0xf45)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000240), 0x4)

0s ago: executing program 0 (id=889):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r1, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x0)
utime(&(0x7f0000000200)='./file0\x00', 0x0)
umount2(0x0, 0x2)
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, &(0x7f0000000080))

kernel console output (not intermixed with test programs):

netlink: 4 bytes leftover after parsing attributes in process `syz.0.530'.
[  661.412430][ T8977] FAULT_INJECTION: forcing a failure.
[  661.412430][ T8977] name failslab, interval 1, probability 0, space 0, times 0
[  661.445396][   T29] audit: type=1400 audit(1728295489.704:471): avc:  denied  { write } for  pid=8976 comm="syz.2.533" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  661.498063][ T8977] CPU: 1 UID: 0 PID: 8977 Comm: syz.2.533 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  661.509360][ T8977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  661.519471][ T8977] Call Trace:
[  661.522774][ T8977]  <TASK>
[  661.525727][ T8977]  dump_stack_lvl+0x16c/0x1f0
[  661.530456][ T8977]  should_fail_ex+0x497/0x5b0
[  661.535190][ T8977]  ? fs_reclaim_acquire+0xae/0x160
[  661.540343][ T8977]  should_failslab+0xc2/0x120
[  661.545078][ T8977]  kmem_cache_alloc_node_noprof+0x71/0x310
[  661.550992][ T8977]  ? __alloc_skb+0x2b1/0x380
[  661.555646][ T8977]  __alloc_skb+0x2b1/0x380
[  661.560107][ T8977]  ? __pfx___alloc_skb+0x10/0x10
[  661.565096][ T8977]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  661.571129][ T8977]  netlink_alloc_large_skb+0x69/0x130
[  661.576541][ T8977]  netlink_sendmsg+0x689/0xd70
[  661.581390][ T8977]  ? __pfx_netlink_sendmsg+0x10/0x10
[  661.586751][ T8977]  sock_write_iter+0x4fe/0x5b0
[  661.591553][ T8977]  ? __pfx_sock_write_iter+0x10/0x10
[  661.596887][ T8977]  ? bpf_lsm_file_permission+0x9/0x10
[  661.602294][ T8977]  ? security_file_permission+0x71/0x210
[  661.607970][ T8977]  vfs_write+0x6b5/0x1140
[  661.612530][ T8977]  ? __pfx_sock_write_iter+0x10/0x10
[  661.617879][ T8977]  ? trace_lock_acquire+0x14a/0x1d0
[  661.623131][ T8977]  ? __pfx_vfs_write+0x10/0x10
[  661.627972][ T8977]  ? __fget_files+0x40/0x3f0
[  661.632622][ T8977]  ksys_write+0x1fa/0x260
[  661.637001][ T8977]  ? __pfx_ksys_write+0x10/0x10
[  661.641908][ T8977]  do_syscall_64+0xcd/0x250
[  661.646471][ T8977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.652402][ T8977] RIP: 0033:0x7ff3d037dff9
[  661.656844][ T8977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.676587][ T8977] RSP: 002b:00007ff3d10f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  661.685087][ T8977] RAX: ffffffffffffffda RBX: 00007ff3d0535f80 RCX: 00007ff3d037dff9
[  661.693135][ T8977] RDX: 0000000000000024 RSI: 0000000020000600 RDI: 0000000000000007
[  661.701160][ T8977] RBP: 00007ff3d10f3090 R08: 0000000000000000 R09: 0000000000000000
[  661.709164][ T8977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  661.717166][ T8977] R13: 0000000000000000 R14: 00007ff3d0535f80 R15: 00007ffec852e888
[  661.725190][ T8977]  </TASK>
[  661.784849][ T5289] usb 1-1: USB disconnect, device number 16
[  664.030340][ T9001] FAULT_INJECTION: forcing a failure.
[  664.030340][ T9001] name failslab, interval 1, probability 0, space 0, times 0
[  664.043700][ T9001] CPU: 1 UID: 0 PID: 9001 Comm: syz.4.537 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  664.054347][ T9001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  664.064455][ T9001] Call Trace:
[  664.067772][ T9001]  <TASK>
[  664.070831][ T9001]  dump_stack_lvl+0x16c/0x1f0
[  664.075580][ T9001]  should_fail_ex+0x497/0x5b0
[  664.080325][ T9001]  ? fs_reclaim_acquire+0xae/0x160
[  664.085492][ T9001]  should_failslab+0xc2/0x120
[  664.090259][ T9001]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  664.095691][ T9001]  ? vm_area_dup+0x53/0x2f0
[  664.100258][ T9001]  vm_area_dup+0x53/0x2f0
[  664.104745][ T9001]  __split_vma+0x181/0x1160
[  664.109322][ T9001]  ? __pfx___split_vma+0x10/0x10
[  664.114339][ T9001]  vms_gather_munmap_vmas+0x38f/0x1750
[  664.120064][ T9001]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  664.126024][ T9001]  ? mas_walk+0x6a6/0x910
[  664.130429][ T9001]  mmap_region+0x376/0x2a60
[  664.135001][ T9001]  ? __pfx_mmap_region+0x10/0x10
[  664.140107][ T9001]  ? bpf_lsm_mmap_addr+0x9/0x10
[  664.145006][ T9001]  ? security_mmap_addr+0x6c/0x1e0
[  664.150166][ T9001]  ? __get_unmapped_area+0x26b/0x3a0
[  664.155512][ T9001]  do_mmap+0xc00/0xfc0
[  664.159651][ T9001]  vm_mmap_pgoff+0x1ba/0x360
[  664.164311][ T9001]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  664.169497][ T9001]  ? __fget_files+0x244/0x3f0
[  664.174337][ T9001]  ksys_mmap_pgoff+0x32c/0x5c0
[  664.179161][ T9001]  __x64_sys_mmap+0x125/0x190
[  664.183902][ T9001]  do_syscall_64+0xcd/0x250
[  664.188491][ T9001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.194464][ T9001] RIP: 0033:0x7f71c1f7dff9
[  664.199027][ T9001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  664.218798][ T9001] RSP: 002b:00007f71c2de8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  664.227277][ T9001] RAX: ffffffffffffffda RBX: 00007f71c2136130 RCX: 00007f71c1f7dff9
[  664.235296][ T9001] RDX: 0000000000000003 RSI: 0000000000003000 RDI: 0000000020ffc000
[  664.243317][ T9001] RBP: 00007f71c2de8090 R08: 0000000000000006 R09: 0000000000000000
[  664.251334][ T9001] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[  664.259438][ T9001] R13: 0000000000000000 R14: 00007f71c2136130 R15: 00007ffee413bff8
[  664.267510][ T9001]  </TASK>
[  665.123365][   T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.145177][ T5306] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  665.165231][ T5277] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  665.205918][   T29] audit: type=1400 audit(1728295493.504:472): avc:  denied  { read } for  pid=8999 comm="syz.2.539" path="socket:[35234]" dev="sockfs" ino=35234 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  665.328023][ T5277] usb 5-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[  665.341935][ T5277] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.373211][ T5277] usb 5-1: config 0 descriptor??
[  665.387525][ T5306] usb 4-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[  665.399422][   T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.411466][ T5306] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.415988][ T5277] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input17
[  665.423101][ T5306] usb 4-1: config 0 descriptor??
[  665.468194][ T5306] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input18
[  665.607085][   T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.691238][ T9008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.720737][ T9004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.824409][ T9004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.834203][ T9008] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.990933][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  666.008152][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  666.181177][   T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.237280][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  666.300124][ T5274] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  666.313631][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  666.334657][ T5235] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  666.348573][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  666.363260][ T9020] ax25_connect(): syz.2.546 uses autobind, please contact jreuter@yaina.de
[  666.363315][   T29] audit: type=1400 audit(1728295494.654:473): avc:  denied  { connect } for  pid=9017 comm="syz.2.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  666.397409][ T5306] usb 4-1: USB disconnect, device number 16
[  666.521217][ T5274] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  666.550638][ T5274] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  666.563155][ T5274] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  666.573573][ T5274] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  666.587089][ T5274] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  666.596831][ T5274] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.641147][   T52] bridge_slave_1: left allmulticast mode
[  666.648137][ T5274] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  666.654658][   T52] bridge_slave_1: left promiscuous mode
[  666.662170][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.677262][ T5274] usb 2-1: invalid MIDI out EP 0
[  666.684352][   T52] bridge_slave_0: left allmulticast mode
[  666.745969][   T52] bridge_slave_0: left promiscuous mode
[  666.772446][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  666.834911][ T5274] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  666.887340][ T5274] usb 2-1: USB disconnect, device number 19
[  667.223948][   T29] audit: type=1400 audit(1728295495.514:474): avc:  denied  { ioctl } for  pid=9022 comm="syz.2.548" path="socket:[36054]" dev="sockfs" ino=36054 ioctlcmd=0x8b26 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  668.183170][   T51] usb 5-1: USB disconnect, device number 26
[  668.517727][ T5242] Bluetooth: hci2: command tx timeout
[  668.585514][   T29] audit: type=1326 audit(1728295496.874:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9033 comm="syz.4.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71c1f7dff9 code=0x7ffc0000
[  668.610023][   T29] audit: type=1326 audit(1728295496.874:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9033 comm="syz.4.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f71c1f7dff9 code=0x7ffc0000
[  668.633792][   T29] audit: type=1326 audit(1728295496.874:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9033 comm="syz.4.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71c1f7dff9 code=0x7ffc0000
[  668.657505][   T29] audit: type=1326 audit(1728295496.874:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9033 comm="syz.4.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f71c1f7dff9 code=0x7ffc0000
[  668.682189][   T29] audit: type=1326 audit(1728295496.874:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9033 comm="syz.4.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71c1f7dff9 code=0x7ffc0000
[  668.706229][   T29] audit: type=1326 audit(1728295496.874:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9033 comm="syz.4.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f71c1f7dff9 code=0x7ffc0000
[  668.755198][   T29] audit: type=1326 audit(1728295497.044:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9033 comm="syz.4.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71c1f7dff9 code=0x7fc00000
[  668.795162][   T29] audit: type=1326 audit(1728295497.044:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9033 comm="syz.4.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f71c1f7dff9 code=0x7fc00000
[  668.840733][ T9035] fuse: Bad value for 'fd'
[  668.909168][ T9035] netlink: 'syz.4.551': attribute type 1 has an invalid length.
[  668.921547][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  668.935547][ T9035] netlink: 'syz.4.551': attribute type 2 has an invalid length.
[  668.947146][ T9035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.551'.
[  668.958457][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  668.968113][   T29] audit: type=1400 audit(1728295497.264:483): avc:  denied  { bind } for  pid=9033 comm="syz.4.551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  669.002502][   T52] bond0 (unregistering): Released all slaves
[  669.762789][ T9014] chnl_net:caif_netlink_parms(): no params data found
[  670.611303][ T5242] Bluetooth: hci2: command tx timeout
[  672.314859][ T9014] bridge0: port 1(bridge_slave_0) entered blocking state
[  672.358477][ T9014] bridge0: port 1(bridge_slave_0) entered disabled state
[  672.389286][ T9014] bridge_slave_0: entered allmulticast mode
[  672.420955][ T9014] bridge_slave_0: entered promiscuous mode
[  672.484248][ T9014] bridge0: port 2(bridge_slave_1) entered blocking state
[  672.536715][ T9014] bridge0: port 2(bridge_slave_1) entered disabled state
[  672.698711][ T5242] Bluetooth: hci2: command tx timeout
[  672.718311][ T9014] bridge_slave_1: entered allmulticast mode
[  673.732577][   T51] IPVS: starting estimator thread 0...
[  673.777872][ T9014] bridge_slave_1: entered promiscuous mode
[  673.825959][ T9089] IPVS: using max 13 ests per chain, 31200 per kthread
[  674.045309][   T52] hsr_slave_0: left promiscuous mode
[  674.198825][   T52] hsr_slave_1: left promiscuous mode
[  674.211765][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  674.222219][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  674.230408][ T5306] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  674.252175][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  674.263148][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  674.297754][   T52] veth1_macvtap: left promiscuous mode
[  674.303387][   T52] veth0_macvtap: left promiscuous mode
[  674.319391][   T52] veth1_vlan: left promiscuous mode
[  674.324935][   T52] veth0_vlan: left promiscuous mode
[  674.355185][ T5275] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  674.401843][ T5306] usb 2-1: Using ep0 maxpacket: 16
[  674.415366][   T51] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  674.430279][ T5306] usb 2-1: config 0 has an invalid interface number: 244 but max is 1
[  674.440044][ T5306] usb 2-1: config 0 has an invalid interface number: 229 but max is 1
[  674.465330][ T5306] usb 2-1: config 0 has no interface number 0
[  674.471658][ T5306] usb 2-1: config 0 has no interface number 1
[  674.487598][ T5306] usb 2-1: config 0 interface 244 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  674.504639][ T5306] usb 2-1: config 0 interface 229 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  674.525539][ T5275] usb 5-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[  674.545331][ T5275] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.559996][ T5306] usb 2-1: New USB device found, idVendor=0fe9, idProduct=db00, bcdDevice=4e.08
[  674.571827][ T5275] usb 5-1: config 0 descriptor??
[  674.595469][ T5306] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.604962][ T5275] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input19
[  674.615773][ T5306] usb 2-1: Product: syz
[  674.620009][ T5306] usb 2-1: Manufacturer: syz
[  674.636383][ T5306] usb 2-1: SerialNumber: syz
[  674.642832][   T51] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  674.663525][   T51] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  674.675734][   T51] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  674.687067][   T51] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  674.701264][   T51] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  674.711317][   T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.755612][ T5242] Bluetooth: hci2: command tx timeout
[  674.764674][   T51] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  674.774060][ T5306] usb 2-1: config 0 descriptor??
[  674.780865][   T51] usb 4-1: invalid MIDI out EP 0
[  674.811666][ T5306] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in cold state, will try to load a firmware
[  674.833474][ T9093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  674.905937][ T9093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  674.923550][ T5306] usb 2-1: Direct firmware load for dvb-usb-bluebird-01.fw failed with error -2
[  674.964195][ T5306] usb 2-1: Falling back to sysfs fallback for: dvb-usb-bluebird-01.fw
[  675.093145][   T51] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  675.136101][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  675.136123][   T29] audit: type=1804 audit(1728295503.434:486): pid=9102 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.561" name="/newroot/14/bus/bus" dev="overlay" ino=98 res=1 errno=0
[  675.170242][   T51] usb 4-1: USB disconnect, device number 17
[  675.180082][ T9102] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  675.811389][   T52] team0 (unregistering): Port device team_slave_1 removed
[  675.903950][   T52] team0 (unregistering): Port device team_slave_0 removed
[  676.165207][   T29] audit: type=1400 audit(1728295504.414:487): avc:  denied  { unmount } for  pid=8587 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  677.143187][ T5275] usb 5-1: USB disconnect, device number 27
[  677.587625][ T9119] blktrace: Concurrent blktraces are not allowed on sg0
[  678.497942][ T9124] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.567'.
[  678.815444][ T5277] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  679.149861][ T5277] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  679.189452][ T5277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  679.225935][ T5277] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  679.259138][ T5277] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  679.341556][ T5277] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  679.372051][ T5277] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.420678][ T5277] usb 3-1: Product: syz
[  679.425007][ T5277] usb 3-1: Manufacturer: syz
[  679.429908][ T5277] usb 3-1: SerialNumber: syz
[  679.446596][ T5277] usb 3-1: config 0 descriptor??
[  679.463880][ T5277] redrat3 3-1:0.0: Couldn't find all endpoints
[  679.831009][ T9014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  679.921432][ T9123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.567'.
[  680.064091][ T9014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  680.174451][ T9014] team0: Port device team_slave_0 added
[  680.245338][ T5277] usb 3-1: USB disconnect, device number 17
[  680.266805][ T9014] team0: Port device team_slave_1 added
[  680.427640][ T9014] batman_adv: batadv0: Adding interface: batadv_slave_0
[  680.434683][ T9014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  680.525334][ T9014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  680.566851][ T9014] batman_adv: batadv0: Adding interface: batadv_slave_1
[  680.584285][ T9014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  680.610350][    C0] vkms_vblank_simulate: vblank timer overrun
[  680.627880][ T9014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  681.405905][ T9014] hsr_slave_0: entered promiscuous mode
[  681.566476][ T9014] hsr_slave_1: entered promiscuous mode
[  681.584565][ T9014] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  681.613495][ T9014] Cannot create hsr debugfs directory
[  682.150264][   T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.451616][   T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.679415][   T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.843558][   T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  684.482001][ T5235] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  684.490672][   T52] bridge_slave_1: left allmulticast mode
[  684.496553][   T52] bridge_slave_1: left promiscuous mode
[  684.502314][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  684.516055][ T5235] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  684.589632][ T5235] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  684.698167][ T5235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  684.713482][   T52] bridge_slave_0: left allmulticast mode
[  684.720463][   T52] bridge_slave_0: left promiscuous mode
[  684.726386][ T5235] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  684.735424][ T5235] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  684.745748][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  687.105274][ T5242] Bluetooth: hci3: command tx timeout
[  687.949561][ T9226] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  688.452630][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  688.491381][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  688.521964][   T52] bond0 (unregistering): Released all slaves
[  689.205434][ T5242] Bluetooth: hci3: command tx timeout
[  691.455619][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  691.464700][ T5242] Bluetooth: hci3: command tx timeout
[  692.015741][   T29] audit: type=1400 audit(1728295518.905:488): avc:  denied  { accept } for  pid=9246 comm="syz.1.586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  692.744474][ T9014] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  692.772930][ T9014] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  692.794855][ T9014] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  692.818753][ T9014] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  693.122828][ T9276] block nbd3: shutting down sockets
[  693.130899][ T4611] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  693.143731][ T4611] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  693.154034][ T4611] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  693.186010][ T4611] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  693.197815][ T4611] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  693.205458][ T4611] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  694.004947][   T52] hsr_slave_0: left promiscuous mode
[  694.021722][   T52] hsr_slave_1: left promiscuous mode
[  694.035301][ T5242] Bluetooth: hci3: command tx timeout
[  694.040782][ T5242] Bluetooth: hci0: command 0x0406 tx timeout
[  694.295456][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  694.309561][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  694.343627][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  694.365958][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  694.451162][   T52] veth1_macvtap: left promiscuous mode
[  694.470461][   T52] veth0_macvtap: left promiscuous mode
[  694.495299][   T52] veth1_vlan: left promiscuous mode
[  694.504277][   T52] veth0_vlan: left promiscuous mode
[  695.237918][ T4611] Bluetooth: hci5: command tx timeout
[  696.586726][ T9296] block nbd3: shutting down sockets
[  696.799221][   T52] team0 (unregistering): Port device team_slave_1 removed
[  697.091328][   T52] team0 (unregistering): Port device team_slave_0 removed
[  697.325406][ T4611] Bluetooth: hci5: command tx timeout
[  697.682009][ T9304] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.594'.
[  697.995443][ T5276] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  698.117421][ T9014] 8021q: adding VLAN 0 to HW filter on device bond0
[  698.172908][ T9177] chnl_net:caif_netlink_parms(): no params data found
[  698.331110][ T5276] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  698.345947][ T5276] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  698.514557][ T5276] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  698.695995][ T5276] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  698.961712][ T5276] usb 4-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  699.005641][ T9014] 8021q: adding VLAN 0 to HW filter on device team0
[  699.038762][ T5276] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.084817][ T5276] usb 4-1: Product: syz
[  699.094593][ T5276] usb 4-1: Manufacturer: syz
[  699.099566][ T5276] usb 4-1: SerialNumber: syz
[  699.132726][ T5276] usb 4-1: config 0 descriptor??
[  699.147883][ T5276] redrat3 4-1:0.0: Couldn't find all endpoints
[  699.395940][ T4611] Bluetooth: hci5: command tx timeout
[  699.406268][ T6695] bridge0: port 1(bridge_slave_0) entered blocking state
[  699.413497][ T6695] bridge0: port 1(bridge_slave_0) entered forwarding state
[  699.457156][ T6695] bridge0: port 2(bridge_slave_1) entered blocking state
[  699.464388][ T6695] bridge0: port 2(bridge_slave_1) entered forwarding state
[  699.522315][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.594'.
[  699.712410][ T9333] blktrace: Concurrent blktraces are not allowed on sg0
[  700.285001][ T5289] usb 4-1: USB disconnect, device number 18
[  700.343553][ T9177] bridge0: port 1(bridge_slave_0) entered blocking state
[  700.358681][ T9177] bridge0: port 1(bridge_slave_0) entered disabled state
[  700.376254][ T9177] bridge_slave_0: entered allmulticast mode
[  700.384000][ T9177] bridge_slave_0: entered promiscuous mode
[  700.406400][ T9177] bridge0: port 2(bridge_slave_1) entered blocking state
[  700.413754][ T9177] bridge0: port 2(bridge_slave_1) entered disabled state
[  700.428044][ T9177] bridge_slave_1: entered allmulticast mode
[  700.436276][ T9177] bridge_slave_1: entered promiscuous mode
[  700.486754][   T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.137698][   T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.353254][ T9177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  701.495481][ T5242] Bluetooth: hci5: command tx timeout
[  701.502075][ T9014] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  701.554669][ T9279] chnl_net:caif_netlink_parms(): no params data found
[  701.618717][   T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.651637][ T9177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  701.827615][   T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  701.901284][ T9177] team0: Port device team_slave_0 added
[  701.971951][ T9177] team0: Port device team_slave_1 added
[  702.265898][ T9177] batman_adv: batadv0: Adding interface: batadv_slave_0
[  702.285538][ T9177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  702.311594][    C1] vkms_vblank_simulate: vblank timer overrun
[  702.338979][ T9177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  702.379773][ T9177] batman_adv: batadv0: Adding interface: batadv_slave_1
[  702.405380][ T9177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  702.431339][    C1] vkms_vblank_simulate: vblank timer overrun
[  702.534518][ T9177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  702.604244][ T9279] bridge0: port 1(bridge_slave_0) entered blocking state
[  702.645283][ T9279] bridge0: port 1(bridge_slave_0) entered disabled state
[  702.652599][ T9279] bridge_slave_0: entered allmulticast mode
[  702.696726][ T9279] bridge_slave_0: entered promiscuous mode
[  702.863053][ T9279] bridge0: port 2(bridge_slave_1) entered blocking state
[  702.880343][ T9279] bridge0: port 2(bridge_slave_1) entered disabled state
[  702.888218][ T9279] bridge_slave_1: entered allmulticast mode
[  702.896672][ T9279] bridge_slave_1: entered promiscuous mode
[  702.943368][ T4611] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  702.960919][ T4611] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  702.973001][ T4611] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  702.995366][ T4611] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  703.006613][ T4611] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  703.014411][ T4611] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  703.099589][   T52] bridge_slave_1: left allmulticast mode
[  703.114542][   T52] bridge_slave_1: left promiscuous mode
[  703.122414][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.142529][   T52] bridge_slave_0: left allmulticast mode
[  703.151997][   T52] bridge_slave_0: left promiscuous mode
[  703.164991][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.863676][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  703.877608][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  703.896663][   T52] bond0 (unregistering): Released all slaves
[  704.627991][ T9279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  704.691805][ T9177] hsr_slave_0: entered promiscuous mode
[  704.727734][ T9177] hsr_slave_1: entered promiscuous mode
[  704.737100][ T9177] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  704.744720][ T9177] Cannot create hsr debugfs directory
[  704.826112][ T9014] 8021q: adding VLAN 0 to HW filter on device batadv0
[  704.902967][ T9279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  705.079435][ T4611] Bluetooth: hci0: command tx timeout
[  705.751902][ T9279] team0: Port device team_slave_0 added
[  706.040404][ T9279] team0: Port device team_slave_1 added
[  706.120496][   T52] hsr_slave_0: left promiscuous mode
[  706.137869][   T52] hsr_slave_1: left promiscuous mode
[  706.164391][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  706.182665][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  706.198028][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  706.206092][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  706.242258][   T52] veth1_macvtap: left promiscuous mode
[  706.258723][   T52] veth0_macvtap: left promiscuous mode
[  706.264414][   T52] veth1_vlan: left promiscuous mode
[  706.275661][   T29] audit: type=1400 audit(1728295534.576:489): avc:  denied  { write } for  pid=9392 comm="syz.1.604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  706.275767][   T52] veth0_vlan: left promiscuous mode
[  707.250768][ T4611] Bluetooth: hci0: command tx timeout
[  708.390243][   T52] team0 (unregistering): Port device team_slave_1 removed
[  708.436835][   T52] team0 (unregistering): Port device team_slave_0 removed
[  708.933961][ T9279] batman_adv: batadv0: Adding interface: batadv_slave_0
[  708.943591][ T9279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  708.970232][ T9279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  709.126696][ T9279] batman_adv: batadv0: Adding interface: batadv_slave_1
[  709.133733][ T9279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  709.160130][ T9279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  709.189738][ T9014] veth0_vlan: entered promiscuous mode
[  709.204054][ T9014] veth1_vlan: entered promiscuous mode
[  709.315227][ T4611] Bluetooth: hci0: command tx timeout
[  709.383465][ T9279] hsr_slave_0: entered promiscuous mode
[  709.390193][ T9279] hsr_slave_1: entered promiscuous mode
[  709.397950][ T9279] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  709.406039][ T9279] Cannot create hsr debugfs directory
[  709.431992][ T9411] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.606'.
[  709.794218][   T29] audit: type=1400 audit(1728295538.086:490): avc:  denied  { module_request } for  pid=9375 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  709.851156][ T9014] veth0_macvtap: entered promiscuous mode
[  709.894264][ T9375] chnl_net:caif_netlink_parms(): no params data found
[  709.946827][ T9014] veth1_macvtap: entered promiscuous mode
[  710.038010][ T9014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  710.049888][ T9014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  710.060401][ T9014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  710.071056][ T9014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  710.082819][ T9014] batman_adv: batadv0: Interface activated: batadv_slave_0
[  710.187521][   T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  710.236593][ T9014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  710.254478][ T9014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  710.264443][ T9014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  710.277197][ T9014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  710.289733][ T9014] batman_adv: batadv0: Interface activated: batadv_slave_1
[  710.297881][ T9177] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  710.353575][ T9014] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  710.362742][ T9014] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  710.379434][ T9014] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  710.388627][ T9014] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  710.400900][ T9177] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  710.412511][ T9177] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  710.444283][   T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  710.503284][ T9177] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  710.537841][ T9375] bridge0: port 1(bridge_slave_0) entered blocking state
[  710.546166][ T9375] bridge0: port 1(bridge_slave_0) entered disabled state
[  710.553424][ T9375] bridge_slave_0: entered allmulticast mode
[  710.561639][ T9375] bridge_slave_0: entered promiscuous mode
[  710.587732][   T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  710.624087][ T9375] bridge0: port 2(bridge_slave_1) entered blocking state
[  710.633995][ T9375] bridge0: port 2(bridge_slave_1) entered disabled state
[  710.645390][ T9375] bridge_slave_1: entered allmulticast mode
[  710.652294][ T9375] bridge_slave_1: entered promiscuous mode
[  710.692191][   T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  710.781451][ T9375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.793524][ T9375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  710.857185][ T9375] team0: Port device team_slave_0 added
[  710.879432][ T9375] team0: Port device team_slave_1 added
[  710.938543][ T9375] batman_adv: batadv0: Adding interface: batadv_slave_0
[  710.956621][ T9375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  710.983870][ T9375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  710.997766][ T9375] batman_adv: batadv0: Adding interface: batadv_slave_1
[  711.005883][ T9375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  711.032982][ T9375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  711.107401][ T6695] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  711.118566][ T6695] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  711.236656][   T52] bridge_slave_1: left allmulticast mode
[  711.242409][   T52] bridge_slave_1: left promiscuous mode
[  711.249596][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  711.261489][   T52] bridge_slave_0: left allmulticast mode
[  711.268118][   T52] bridge_slave_0: left promiscuous mode
[  711.273931][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  711.405292][ T4611] Bluetooth: hci0: command tx timeout
[  711.736555][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  711.749634][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  711.761920][   T52] bond0 (unregistering): Released all slaves
[  711.794435][ T6695] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  711.804927][ T6695] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  711.862009][ T9375] hsr_slave_0: entered promiscuous mode
[  711.879632][ T9375] hsr_slave_1: entered promiscuous mode
[  711.886431][ T9375] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  711.894087][ T9375] Cannot create hsr debugfs directory
[  711.961436][ T9279] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  712.005651][ T9279] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  712.042000][ T9279] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  712.117898][ T9279] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  712.282130][   T52] hsr_slave_0: left promiscuous mode
[  712.319295][   T52] hsr_slave_1: left promiscuous mode
[  712.330059][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  712.360407][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[  712.376479][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  712.384007][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[  712.425835][   T52] veth1_macvtap: left promiscuous mode
[  712.431453][   T52] veth0_macvtap: left promiscuous mode
[  712.438479][   T52] veth1_vlan: left promiscuous mode
[  712.443883][   T52] veth0_vlan: left promiscuous mode
[  713.985379][   T51] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  714.177836][   T51] usb 1-1: device descriptor read/64, error -71
[  714.445712][   T51] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  714.607731][   T51] usb 1-1: device descriptor read/64, error -71
[  714.752792][   T51] usb usb1-port1: attempt power cycle
[  714.847981][   T52] team0 (unregistering): Port device team_slave_1 removed
[  715.830075][   T52] team0 (unregistering): Port device team_slave_0 removed
[  716.184380][   T51] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  716.395413][   T51] usb 1-1: device not accepting address 19, error -71
[  717.114156][ T9177] 8021q: adding VLAN 0 to HW filter on device bond0
[  717.804858][ T9177] 8021q: adding VLAN 0 to HW filter on device team0
[  718.272978][   T80] bridge0: port 1(bridge_slave_0) entered blocking state
[  718.280208][   T80] bridge0: port 1(bridge_slave_0) entered forwarding state
[  718.290355][   T80] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.297552][   T80] bridge0: port 2(bridge_slave_1) entered forwarding state
[  718.441940][ T9177] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  718.465690][ T9177] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  718.668722][ T9279] 8021q: adding VLAN 0 to HW filter on device bond0
[  719.571903][ T9279] 8021q: adding VLAN 0 to HW filter on device team0
[  719.628954][ T5490] bridge0: port 1(bridge_slave_0) entered blocking state
[  719.636157][ T5490] bridge0: port 1(bridge_slave_0) entered forwarding state
[  719.739567][ T5490] bridge0: port 2(bridge_slave_1) entered blocking state
[  719.746793][ T5490] bridge0: port 2(bridge_slave_1) entered forwarding state
[  719.990191][ T9375] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  720.029829][ T9279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  720.052839][ T9375] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  720.103589][ T9375] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  720.192218][ T9375] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  720.334080][ T9177] 8021q: adding VLAN 0 to HW filter on device batadv0
[  720.641830][ T9279] 8021q: adding VLAN 0 to HW filter on device batadv0
[  720.961066][ T9177] veth0_vlan: entered promiscuous mode
[  721.011946][ T9375] 8021q: adding VLAN 0 to HW filter on device bond0
[  721.030259][ T9177] veth1_vlan: entered promiscuous mode
[  721.110870][ T9375] 8021q: adding VLAN 0 to HW filter on device team0
[  721.178236][ T5490] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.185401][ T5490] bridge0: port 1(bridge_slave_0) entered forwarding state
[  721.243520][ T9177] veth0_macvtap: entered promiscuous mode
[  721.316424][ T5490] bridge0: port 2(bridge_slave_1) entered blocking state
[  721.323597][ T5490] bridge0: port 2(bridge_slave_1) entered forwarding state
[  721.382388][ T9177] veth1_macvtap: entered promiscuous mode
[  721.606781][ T9177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  721.649889][ T9177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  721.697145][ T9177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  721.708470][ T9177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  721.729850][ T9177] batman_adv: batadv0: Interface activated: batadv_slave_0
[  721.759643][ T9518] PKCS8: Unsupported PKCS#8 version
[  721.863955][ T9526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.622'.
[  722.624224][ T9177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  722.667092][ T9177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  722.712807][ T9177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  722.767280][ T9177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  722.780004][ T9518] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  722.790169][ T9177] batman_adv: batadv0: Interface activated: batadv_slave_1
[  722.907938][ T9528] syz.1.621: attempt to access beyond end of device
[  722.907938][ T9528] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0
[  722.912714][ T9177] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  722.943178][ T9528] SQUASHFS error: Failed to read block 0x0: -5
[  722.950358][ T9528] unable to read squashfs_super_block
[  723.025137][ T9177] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  723.050907][ T9177] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  723.085634][ T9177] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  723.282191][ T9279] veth0_vlan: entered promiscuous mode
[  723.322304][ T9279] veth1_vlan: entered promiscuous mode
[  723.389091][   T29] audit: type=1400 audit(1728295551.676:491): avc:  denied  { write } for  pid=9543 comm="syz.0.624" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  723.513779][   T29] audit: type=1400 audit(1728295551.676:492): avc:  denied  { open } for  pid=9543 comm="syz.0.624" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  723.590212][   T29] audit: type=1400 audit(1728295551.806:493): avc:  denied  { read } for  pid=9543 comm="syz.0.624" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  723.623161][ T9279] veth0_macvtap: entered promiscuous mode
[  723.654910][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  723.672337][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  723.712251][ T9279] veth1_macvtap: entered promiscuous mode
[  723.818470][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  723.837460][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  723.839294][ T9375] 8021q: adding VLAN 0 to HW filter on device batadv0
[  723.927503][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  723.951636][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  723.970608][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  723.983871][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.001690][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  724.023463][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.052870][ T9279] batman_adv: batadv0: Interface activated: batadv_slave_0
[  724.104117][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  724.134751][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.146857][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  724.163785][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.176366][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  724.192962][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  724.219449][ T9279] batman_adv: batadv0: Interface activated: batadv_slave_1
[  724.362151][ T9279] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  724.407935][ T9279] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  724.448431][ T9279] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  724.462608][ T9563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  724.465132][ T9279] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  724.496446][ T9563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  724.696779][ T5274] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  724.779566][ T9375] veth0_vlan: entered promiscuous mode
[  724.865626][ T5274] usb 1-1: device descriptor read/64, error -71
[  724.973538][ T9375] veth1_vlan: entered promiscuous mode
[  725.098875][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  725.127671][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  725.230442][ T9375] veth0_macvtap: entered promiscuous mode
[  725.271450][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  725.285968][ T9375] veth1_macvtap: entered promiscuous mode
[  725.305704][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  725.426657][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  725.484207][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  725.515180][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  725.535136][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  725.555387][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  725.601946][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  725.625375][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  725.653508][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  725.704607][ T9375] batman_adv: batadv0: Interface activated: batadv_slave_0
[  725.905654][ T9581] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  725.945507][   T29] audit: type=1804 audit(1728295554.196:494): pid=9581 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.576" name="/newroot/0/bus/bus" dev="overlay" ino=25 res=1 errno=0
[  725.986638][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.008585][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.033735][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.102264][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.167034][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.413382][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.490495][ T9375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.576395][ T9375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.630461][ T9375] batman_adv: batadv0: Interface activated: batadv_slave_1
[  726.673346][ T9375] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  726.688791][ T9375] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  726.700969][ T9375] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  726.720218][ T9375] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  726.732292][ T9592] FAULT_INJECTION: forcing a failure.
[  726.732292][ T9592] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  726.761172][ T9592] CPU: 0 UID: 0 PID: 9592 Comm: syz.0.628 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  726.775472][ T9592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  726.788894][ T9592] Call Trace:
[  726.794176][ T9592]  <TASK>
[  726.797880][ T9592]  dump_stack_lvl+0x16c/0x1f0
[  726.805919][ T9592]  should_fail_ex+0x497/0x5b0
[  726.810863][ T9592]  _copy_from_user+0x30/0xf0
[  726.815769][ T9592]  wext_handle_ioctl+0xc5/0x2c0
[  726.820703][ T9592]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  726.826362][ T9592]  ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460
[  726.833236][ T9592]  ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460
[  726.839849][ T9592]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  726.846884][ T9592]  sock_ioctl+0x3a6/0x6c0
[  726.851489][ T9592]  ? __pfx_sock_ioctl+0x10/0x10
[  726.857649][ T9592]  ? selinux_file_ioctl+0x180/0x270
[  726.863360][ T9592]  ? selinux_file_ioctl+0xb4/0x270
[  726.869256][ T9592]  ? __pfx_sock_ioctl+0x10/0x10
[  726.874374][ T9592]  __x64_sys_ioctl+0x18f/0x220
[  726.881191][ T9592]  do_syscall_64+0xcd/0x250
[  726.886443][ T9592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.894341][ T9592] RIP: 0033:0x7fe0e657dff9
[  726.900724][ T9592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  726.921282][ T9592] RSP: 002b:00007fe0e7323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  726.929813][ T9592] RAX: ffffffffffffffda RBX: 00007fe0e6735f80 RCX: 00007fe0e657dff9
[  726.937834][ T9592] RDX: 0000000020000000 RSI: 0000000000008b04 RDI: 0000000000000004
[  726.946066][ T9592] RBP: 00007fe0e7323090 R08: 0000000000000000 R09: 0000000000000000
[  726.956182][ T9592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  726.966465][ T9592] R13: 0000000000000000 R14: 00007fe0e6735f80 R15: 00007fffb8e28ba8
[  726.976418][ T9592]  </TASK>
[  727.361316][ T9597] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.629'.
[  727.415650][ T9599] netlink: 4 bytes leftover after parsing attributes in process `syz.4.630'.
[  727.542056][ T6697] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  727.557957][ T6697] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  728.130998][ T5289] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  728.266621][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  728.306538][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  728.371509][   T29] audit: type=1400 audit(1728295556.666:495): avc:  denied  { connect } for  pid=9601 comm="syz.4.631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  728.416397][ T5289] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  728.435568][ T5289] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  728.475245][ T5289] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  728.498158][ T5289] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  728.536539][ T9607] netlink: 'syz.4.631': attribute type 4 has an invalid length.
[  728.549231][ T5289] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  728.562137][ T5289] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.580843][ T5289] usb 1-1: Product: syz
[  728.620010][ T9604] netlink: 'syz.4.631': attribute type 4 has an invalid length.
[  728.639924][ T5289] usb 1-1: Manufacturer: syz
[  728.644798][ T5289] usb 1-1: SerialNumber: syz
[  728.681552][ T5289] usb 1-1: config 0 descriptor??
[  728.704937][ T5289] redrat3 1-1:0.0: Couldn't find all endpoints
[  728.932237][ T9594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.629'.
[  729.964025][ T5274] usb 1-1: USB disconnect, device number 23
[  730.352039][ T9633] loop4: detected capacity change from 0 to 7
[  730.369064][ T9633] buffer_io_error: 18 callbacks suppressed
[  730.369090][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.390358][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.400419][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.421082][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.443067][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.455212][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.474407][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.483825][ T9633] ldm_validate_partition_table(): Disk read failed.
[  730.501171][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.510272][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.518687][ T9633] Buffer I/O error on dev loop4, logical block 0, async page read
[  730.529351][ T9633] Dev loop4: unable to read RDB block 0
[  730.537875][ T9633]  loop4: unable to read partition table
[  730.544198][ T9633] loop4: partition table beyond EOD, truncated
[  730.557413][ T9633] loop_reread_partitions: partition scan of loop4 (�被x������ڬ��dƤ����ݡ�����
[  730.557413][ T9633] 
) failed (rc=-5)
[  730.625908][ T5277] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  731.672923][ T5277] usb 3-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a
[  731.695520][ T5277] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.718336][ T5277] usb 3-1: config 0 descriptor??
[  731.740980][ T5277] usb-storage 3-1:0.0: USB Mass Storage device detected
[  732.483382][ T5277] usb 3-1: USB disconnect, device number 18
[  733.866247][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  735.319813][ T5289] IPVS: starting estimator thread 0...
[  735.764530][ T9678] IPVS: using max 13 ests per chain, 31200 per kthread
[  735.780163][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  735.870816][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  735.906693][ T5242] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  735.928767][ T5242] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  735.938362][ T5242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  735.947235][ T5242] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  735.958999][ T5242] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  735.966615][ T5242] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  736.086286][ T5289] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  736.436359][ T9694] block nbd4: shutting down sockets
[  736.563304][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  736.623299][ T9682] chnl_net:caif_netlink_parms(): no params data found
[  736.626012][ T5289] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  736.639820][ T5289] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.647974][ T5289] usb 3-1: Product: syz
[  736.652191][ T5289] usb 3-1: Manufacturer: syz
[  736.657546][ T5289] usb 3-1: SerialNumber: syz
[  736.668935][ T5289] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  736.723715][   T51] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  736.873169][ T9682] bridge0: port 1(bridge_slave_0) entered blocking state
[  736.881285][ T9682] bridge0: port 1(bridge_slave_0) entered disabled state
[  736.889007][ T9682] bridge_slave_0: entered allmulticast mode
[  736.897135][ T9682] bridge_slave_0: entered promiscuous mode
[  736.909672][ T9682] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.917302][ T9682] bridge0: port 2(bridge_slave_1) entered disabled state
[  736.949697][ T9682] bridge_slave_1: entered allmulticast mode
[  736.957541][ T9682] bridge_slave_1: entered promiscuous mode
[  737.099964][ T9682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  737.990287][ T9682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  738.054559][   T51] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  738.062354][   T51] ath9k_htc: Failed to initialize the device
[  738.079366][ T5242] Bluetooth: hci1: command tx timeout
[  738.114988][   T35] bridge_slave_1: left allmulticast mode
[  738.121665][   T35] bridge_slave_1: left promiscuous mode
[  738.127891][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  738.218020][   T35] bridge_slave_0: left allmulticast mode
[  738.225457][   T35] bridge_slave_0: left promiscuous mode
[  738.251769][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  738.424184][ T5306] dvb-usb: did not find the firmware file 'dvb-usb-bluebird-01.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  738.453361][ T5306] dvb_usb_cxusb 2-1:0.244: probe with driver dvb_usb_cxusb failed with error -22
[  738.471371][   T51] usb 3-1: ath9k_htc: USB layer deinitialized
[  738.485619][ T5306] usbhid 2-1:0.244: couldn't find an input interrupt endpoint
[  738.498473][ T5306] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in cold state, will try to load a firmware
[  738.510691][ T5306] usb 2-1: Direct firmware load for dvb-usb-bluebird-01.fw failed with error -2
[  738.521182][ T5306] usb 2-1: Falling back to sysfs fallback for: dvb-usb-bluebird-01.fw
[  739.582158][ T5275] usb 3-1: USB disconnect, device number 19
[  740.115249][ T5235] Bluetooth: hci4: command 0x0406 tx timeout
[  740.122875][ T4611] Bluetooth: hci1: command tx timeout
[  740.782183][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  740.813409][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  740.860999][   T35] bond0 (unregistering): Released all slaves
[  740.985965][ T9682] team0: Port device team_slave_0 added
[  741.405764][ T9682] team0: Port device team_slave_1 added
[  742.208985][ T4611] Bluetooth: hci1: command tx timeout
[  742.383463][ T9682] batman_adv: batadv0: Adding interface: batadv_slave_0
[  742.390684][ T9682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  742.421074][ T9682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  742.440777][ T9682] batman_adv: batadv0: Adding interface: batadv_slave_1
[  742.447890][ T9682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  742.474174][ T9682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  742.709329][ T9682] hsr_slave_0: entered promiscuous mode
[  742.739565][ T9682] hsr_slave_1: entered promiscuous mode
[  742.835551][ T5277] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  742.867789][ T9682] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  743.424976][ T9682] Cannot create hsr debugfs directory
[  743.425815][   T29] audit: type=1326 audit(1728295571.724:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  743.477823][ T5277] usb 5-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[  743.487327][ T5277] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  743.504363][ T5277] usb 5-1: config 0 descriptor??
[  743.555663][ T5277] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input20
[  743.575770][   T29] audit: type=1326 audit(1728295571.734:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  743.654015][   T29] audit: type=1326 audit(1728295571.734:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  743.675240][    T8] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  743.765180][   T29] audit: type=1326 audit(1728295571.734:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  743.790265][ T9738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  743.832047][ T9738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  743.843051][    T8] usb 4-1: Using ep0 maxpacket: 8
[  743.855545][   T29] audit: type=1326 audit(1728295571.734:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  743.911740][    T8] usb 4-1: no configurations
[  743.932131][    T8] usb 4-1: can't read configurations, error -22
[  744.013198][   T29] audit: type=1326 audit(1728295571.734:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  744.248661][   T29] audit: type=1326 audit(1728295571.734:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  744.563050][    T8] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  744.899515][   T29] audit: type=1326 audit(1728295571.734:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  745.160879][   T29] audit: type=1326 audit(1728295571.734:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  745.270562][   T29] audit: type=1326 audit(1728295571.734:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9747 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3e437dff9 code=0x7ffc0000
[  745.307660][ T4611] Bluetooth: hci1: command tx timeout
[  745.473826][   T35] hsr_slave_0: left promiscuous mode
[  745.514141][   T35] hsr_slave_1: left promiscuous mode
[  745.528741][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  745.541995][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  745.554921][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  745.578071][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  745.645502][    T8] usb 4-1: Using ep0 maxpacket: 8
[  745.656965][    T8] usb 4-1: no configurations
[  745.656988][   T35] veth1_macvtap: left promiscuous mode
[  745.661704][    T8] usb 4-1: can't read configurations, error -22
[  745.674320][    T8] usb usb4-port1: attempt power cycle
[  745.676381][   T35] veth0_macvtap: left promiscuous mode
[  745.696860][   T35] veth1_vlan: left promiscuous mode
[  745.702390][   T35] veth0_vlan: left promiscuous mode
[  746.502471][ T5289] usb 5-1: USB disconnect, device number 28
[  747.943190][   T35] team0 (unregistering): Port device team_slave_1 removed
[  748.014765][   T35] team0 (unregistering): Port device team_slave_0 removed
[  749.584311][ T9768] netlink: 24 bytes leftover after parsing attributes in process `syz.1.675'.
[  751.809579][   T29] kauditd_printk_skb: 30 callbacks suppressed
[  751.809602][   T29] audit: type=1400 audit(1728295580.104:536): avc:  denied  { append } for  pid=9833 comm="syz.3.690" name="userio" dev="devtmpfs" ino=829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  751.948278][ T9682] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  751.990725][ T9682] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  752.038140][ T9682] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  752.171043][ T9682] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  752.345202][ T5277] psmouse serio2: Failed to reset mouse on : -5
[  752.501285][ T9682] 8021q: adding VLAN 0 to HW filter on device bond0
[  752.530821][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  752.614421][ T9682] 8021q: adding VLAN 0 to HW filter on device team0
[  752.743774][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  752.750951][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  753.119031][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  753.126289][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  754.406543][ T9682] 8021q: adding VLAN 0 to HW filter on device batadv0
[  754.592129][ T9682] veth0_vlan: entered promiscuous mode
[  754.674563][ T9682] veth1_vlan: entered promiscuous mode
[  754.993221][ T9682] veth0_macvtap: entered promiscuous mode
[  755.396629][ T9682] veth1_macvtap: entered promiscuous mode
[  755.481240][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  755.493757][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.503716][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  755.514285][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.524279][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  755.535096][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.545448][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  755.556547][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.568161][ T9682] batman_adv: batadv0: Interface activated: batadv_slave_0
[  755.578399][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  755.595134][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.613633][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  755.624396][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.671329][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  755.682072][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.692102][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  755.702693][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  755.714404][ T9682] batman_adv: batadv0: Interface activated: batadv_slave_1
[  755.868032][ T9682] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  755.888050][ T9682] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  755.925662][ T9682] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  755.934444][ T9682] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  756.203414][ T5657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  756.207750][ T6697] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  756.232042][ T5657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  756.236242][ T6697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  756.448112][ T9900] syz.4.700: attempt to access beyond end of device
[  756.448112][ T9900] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0
[  756.461342][ T9900] XFS (nbd4): SB validate failed with error -5.
[  757.575416][ T5277] misc userio: Buffer overflowed, userio client isn't keeping up
[  758.779456][ T5277] input: PS/2 Generic Mouse as /devices/serio2/input/input21
[  758.826035][   T29] audit: type=1400 audit(1728295587.114:537): avc:  denied  { ioctl } for  pid=4659 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2720 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  759.213942][ T5277] psmouse serio2: Failed to enable mouse on 
[  760.525796][  T940] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  760.680065][ T9958] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.712'.
[  760.705149][  T940] usb 3-1: Using ep0 maxpacket: 32
[  760.721731][  T940] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  760.745158][  T940] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  760.775209][  T940] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  760.791555][  T940] usb 3-1: config 1 has no interface number 0
[  760.805605][  T940] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  760.839476][  T940] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  760.868126][  T940] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  760.889932][  T940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.982717][  T940] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  761.270893][ T7536] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  762.253648][ T9970] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  762.260691][ T9970] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  762.271090][ T9970] vhci_hcd vhci_hcd.0: Device attached
[  762.403920][ T9971] vhci_hcd: connection closed
[  762.410043][   T52] vhci_hcd: stop threads
[  762.459809][   T52] vhci_hcd: release socket
[  762.481289][   T52] vhci_hcd: disconnect device
[  762.495494][ T7536] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  762.509892][ T7536] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  762.534072][ T7536] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  762.575303][ T7536] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  762.652121][ T7536] usb 4-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  762.690657][ T7536] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.723854][ T7536] usb 4-1: Product: syz
[  762.734056][ T7536] usb 4-1: Manufacturer: syz
[  762.757661][ T7536] usb 4-1: SerialNumber: syz
[  762.777547][ T7536] usb 4-1: config 0 descriptor??
[  763.119888][ T7536] redrat3 4-1:0.0: Couldn't find all endpoints
[  763.146962][ T9958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.712'.
[  763.421321][  T940] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  763.752199][   T25] usb 4-1: USB disconnect, device number 22
[  764.440455][    T8] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  764.758162][ T7536] usb 3-1: USB disconnect, device number 20
[  764.793466][ T7536] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  767.219295][T10084] blktrace: Concurrent blktraces are not allowed on sg0
[  768.133572][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  768.395717][ T4674] udevd[4674]: worker [8054] /devices/platform/dummy_hcd.1/usb2/2-1 is taking a long time
[  768.491767][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  769.867677][ T5235] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  769.895229][ T5235] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  769.904931][ T5235] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  769.921052][ T5235] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  769.934445][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  769.948499][ T5235] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  769.961228][ T5235] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  770.079974][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  770.815548][   T12] bridge_slave_1: left allmulticast mode
[  770.821520][   T12] bridge_slave_1: left promiscuous mode
[  770.830969][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  770.872918][   T12] bridge_slave_0: left allmulticast mode
[  770.880233][   T12] bridge_slave_0: left promiscuous mode
[  770.890382][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  772.088410][ T5235] Bluetooth: hci0: command tx timeout
[  772.953477][T10148] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  774.165521][ T5235] Bluetooth: hci0: command tx timeout
[  774.447498][   T25] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  774.614446][   T29] audit: type=1400 audit(1728295602.824:538): avc:  denied  { write } for  pid=10159 comm="syz.2.739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  774.793941][   T25] usb 1-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a
[  774.898206][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.929417][   T25] usb 1-1: config 0 descriptor??
[  775.140246][   T25] usb-storage 1-1:0.0: USB Mass Storage device detected
[  775.238023][   T29] audit: type=1400 audit(1728295603.534:539): avc:  denied  { getopt } for  pid=10159 comm="syz.2.739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  775.295403][   T25] usb 1-1: USB disconnect, device number 24
[  775.331995][ T4611] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  775.349720][ T4611] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  775.359158][ T4611] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  775.376026][ T4611] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  775.384459][T10162] Falling back ldisc for ptm0.
[  775.399945][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  775.417574][ T4611] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  775.431903][ T4611] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  775.490430][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  775.503328][   T12] bond0 (unregistering): Released all slaves
[  776.295265][ T4611] Bluetooth: hci0: command tx timeout
[  776.410967][T10107] chnl_net:caif_netlink_parms(): no params data found
[  777.978445][ T4611] Bluetooth: hci2: command tx timeout
[  778.191050][T10107] bridge0: port 1(bridge_slave_0) entered blocking state
[  778.199100][T10107] bridge0: port 1(bridge_slave_0) entered disabled state
[  778.214967][T10107] bridge_slave_0: entered allmulticast mode
[  778.223534][T10107] bridge_slave_0: entered promiscuous mode
[  778.239549][T10107] bridge0: port 2(bridge_slave_1) entered blocking state
[  778.247920][T10107] bridge0: port 2(bridge_slave_1) entered disabled state
[  778.585247][T10107] bridge_slave_1: entered allmulticast mode
[  778.592765][T10107] bridge_slave_1: entered promiscuous mode
[  778.614212][ T4611] Bluetooth: hci0: command tx timeout
[  779.492596][T10200] netlink: 'syz.2.745': attribute type 4 has an invalid length.
[  779.583392][   T12] hsr_slave_0: left promiscuous mode
[  779.662861][   T12] hsr_slave_1: left promiscuous mode
[  779.683434][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  779.706485][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  779.731350][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  779.742590][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  779.804547][   T12] veth1_macvtap: left promiscuous mode
[  779.836647][   T12] veth0_macvtap: left promiscuous mode
[  779.842340][   T12] veth1_vlan: left promiscuous mode
[  779.858030][   T12] veth0_vlan: left promiscuous mode
[  780.054508][ T4611] Bluetooth: hci2: command tx timeout
[  780.344355][T10223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.749'.
[  781.392658][T10227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.750'.
[  782.155730][ T4611] Bluetooth: hci2: command tx timeout
[  782.188820][   T12] team0 (unregistering): Port device team_slave_1 removed
[  782.260702][   T12] team0 (unregistering): Port device team_slave_0 removed
[  783.039029][T10107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  783.087891][T10107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  784.190283][T10107] team0: Port device team_slave_0 added
[  784.196270][ T4611] Bluetooth: hci2: command tx timeout
[  784.249509][T10168] chnl_net:caif_netlink_parms(): no params data found
[  784.263476][T10107] team0: Port device team_slave_1 added
[  784.541847][T10107] batman_adv: batadv0: Adding interface: batadv_slave_0
[  784.605951][T10107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  784.750188][T10107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  784.885475][T10107] batman_adv: batadv0: Adding interface: batadv_slave_1
[  784.892476][T10107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  784.926317][ T5274] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  785.156225][T10107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  785.164431][ T5274] usb 3-1: Using ep0 maxpacket: 8
[  785.176096][ T5274] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  785.184456][ T5274] usb 3-1: config 179 has no interface number 0
[  785.232220][ T5274] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  785.275132][ T5274] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  785.294059][ T5274] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  785.305447][ T5274] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  785.320494][ T5274] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  785.329701][ T5274] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.380065][T10249] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  785.757163][T10107] hsr_slave_0: entered promiscuous mode
[  785.794134][T10107] hsr_slave_1: entered promiscuous mode
[  785.850720][T10107] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  785.880532][T10107] Cannot create hsr debugfs directory
[  785.907767][   T12] IPVS: stop unused estimator thread 0...
[  786.016750][ T5274] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input23
[  786.062223][T10168] bridge0: port 1(bridge_slave_0) entered blocking state
[  786.090888][T10168] bridge0: port 1(bridge_slave_0) entered disabled state
[  786.098863][ T5289] usb 3-1: USB disconnect, device number 21
[  786.098861][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  786.098922][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  786.131360][T10268] binder: 10267:10268 ioctl c0306201 20000080 returned -14
[  786.145726][T10168] bridge_slave_0: entered allmulticast mode
[  786.171058][ T5289] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  786.199845][T10168] bridge_slave_0: entered promiscuous mode
[  786.237439][T10168] bridge0: port 2(bridge_slave_1) entered blocking state
[  786.255273][T10168] bridge0: port 2(bridge_slave_1) entered disabled state
[  786.292492][T10168] bridge_slave_1: entered allmulticast mode
[  786.308416][T10168] bridge_slave_1: entered promiscuous mode
[  786.434741][T10168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  786.505578][T10168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  786.569449][T10168] team0: Port device team_slave_0 added
[  786.592079][T10168] team0: Port device team_slave_1 added
[  787.087251][   T29] audit: type=1400 audit(1728295615.374:540): avc:  denied  { module_load } for  pid=10274 comm="syz.2.758" path="/sys/power/sync_on_suspend" dev="sysfs" ino=1385 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  787.338551][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  787.470758][T10168] batman_adv: batadv0: Adding interface: batadv_slave_0
[  787.535131][T10168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  787.565215][T10168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  787.682813][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  787.722759][   T29] audit: type=1400 audit(1728295616.014:541): avc:  denied  { write } for  pid=10280 comm="syz.0.759" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  788.784242][T10168] batman_adv: batadv0: Adding interface: batadv_slave_1
[  788.792308][T10168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  789.096724][T10168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  789.213436][T10294] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  790.745733][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  791.569601][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  791.970798][T10312] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  792.155636][ T5278] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  792.240177][T10168] hsr_slave_0: entered promiscuous mode
[  792.261531][T10168] hsr_slave_1: entered promiscuous mode
[  792.283288][T10168] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  792.315214][T10168] Cannot create hsr debugfs directory
[  792.349803][ T5278] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  792.411612][ T5278] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  792.444035][ T5278] usb 1-1: Product: syz
[  792.464867][ T5278] usb 1-1: Manufacturer: syz
[  792.478130][ T5278] usb 1-1: SerialNumber: syz
[  792.501344][ T5278] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  792.546566][ T5275] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  793.643522][ T5275] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  793.956333][ T5275] ath9k_htc: Failed to initialize the device
[  794.070250][ T5275] usb 1-1: ath9k_htc: USB layer deinitialized
[  794.073597][   T12] bridge_slave_1: left allmulticast mode
[  794.124445][   T12] bridge_slave_1: left promiscuous mode
[  794.166531][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  794.182556][   T12] bridge_slave_0: left allmulticast mode
[  794.188824][   T12] bridge_slave_0: left promiscuous mode
[  794.194682][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  794.413809][   T29] audit: type=1400 audit(1728295622.704:542): avc:  denied  { create } for  pid=10327 comm="syz.1.768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  794.437424][   T29] audit: type=1400 audit(1728295622.704:543): avc:  denied  { write } for  pid=10327 comm="syz.1.768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  794.459724][   T29] audit: type=1400 audit(1728295622.704:544): avc:  denied  { nlmsg_read } for  pid=10327 comm="syz.1.768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  794.767569][ T5276] usb 1-1: USB disconnect, device number 25
[  794.969654][T10333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.769'.
[  796.121655][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  796.149910][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  796.166633][   T12] bond0 (unregistering): Released all slaves
[  796.182461][T10107] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  796.266474][T10107] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  796.443102][T10107] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  796.484045][T10107] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  797.102908][T10342] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  798.867356][ T5306] dvb-usb: did not find the firmware file 'dvb-usb-bluebird-01.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  799.218307][ T5306] dvb_usb_cxusb 2-1:0.229: probe with driver dvb_usb_cxusb failed with error -22
[  799.506823][ T5306] usb 2-1: USB disconnect, device number 20
[  799.560895][   T12] hsr_slave_0: left promiscuous mode
[  799.621419][   T12] hsr_slave_1: left promiscuous mode
[  799.791542][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  800.068668][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  801.175354][   T29] audit: type=1400 audit(1728295629.464:545): avc:  denied  { checkpoint_restore } for  pid=10349 comm="syz.0.774" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  801.199770][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  801.221513][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  801.282794][   T12] veth1_macvtap: left promiscuous mode
[  801.294386][   T12] veth0_macvtap: left promiscuous mode
[  801.306743][   T12] veth1_vlan: left promiscuous mode
[  801.312093][   T12] veth0_vlan: left promiscuous mode
[  801.418070][T10351] ufs: Invalid option: "����0�(�e�L��d9(@��
�8�L�)�uH\dKzLV��R<%�5r�ƌ�ze~I2~
[  801.418070][T10351] r0Rpy�h�:����Y��
[  801.418070][T10351] �O���\�z�Y" or missing value
[  801.439000][T10351] ufs: wrong mount options
[  801.882892][T10361] Bluetooth: MGMT ver 1.23
[  802.459468][   T29] audit: type=1400 audit(1728295630.454:546): avc:  denied  { read } for  pid=10362 comm="syz.0.777" name="nullb0" dev="devtmpfs" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  802.875145][   T29] audit: type=1400 audit(1728295630.454:547): avc:  denied  { open } for  pid=10362 comm="syz.0.777" path="/dev/nullb0" dev="devtmpfs" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  802.925095][   T29] audit: type=1400 audit(1728295630.464:548): avc:  denied  { write } for  pid=10362 comm="syz.0.777" name="nullb0" dev="devtmpfs" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  803.440778][   T29] audit: type=1400 audit(1728295631.734:549): avc:  denied  { ioctl } for  pid=10370 comm="syz.0.779" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  804.628212][   T12] team0 (unregistering): Port device team_slave_1 removed
[  804.740733][   T12] team0 (unregistering): Port device team_slave_0 removed
[  806.471751][T10386] netlink: 'syz.2.782': attribute type 3 has an invalid length.
[  806.515342][ T5274] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  806.648419][T10107] 8021q: adding VLAN 0 to HW filter on device bond0
[  806.665434][ T5274] usb 1-1: device descriptor read/64, error -71
[  806.806696][T10107] 8021q: adding VLAN 0 to HW filter on device team0
[  806.886304][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  806.893516][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  806.916514][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  806.923665][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  806.955943][ T5274] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  806.982200][T10168] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  807.047759][T10168] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  807.079808][T10168] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  807.115269][ T5274] usb 1-1: device descriptor read/64, error -71
[  807.166015][T10407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.785'.
[  808.064466][T10168] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  808.124526][ T5274] usb usb1-port1: attempt power cycle
[  808.525412][ T5274] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  808.548326][ T5274] usb 1-1: device descriptor read/8, error -71
[  808.606738][T10418] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  808.815355][ T5274] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  809.529459][ T5274] usb 1-1: device descriptor read/8, error -71
[  809.655956][ T5274] usb usb1-port1: unable to enumerate USB device
[  809.784652][T10168] 8021q: adding VLAN 0 to HW filter on device bond0
[  809.839552][T10168] 8021q: adding VLAN 0 to HW filter on device team0
[  809.920585][ T5490] bridge0: port 1(bridge_slave_0) entered blocking state
[  809.927806][ T5490] bridge0: port 1(bridge_slave_0) entered forwarding state
[  809.950943][   T29] audit: type=1400 audit(1728295638.244:550): avc:  denied  { create } for  pid=10427 comm="syz.0.788" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  810.009181][ T5490] bridge0: port 2(bridge_slave_1) entered blocking state
[  810.016369][ T5490] bridge0: port 2(bridge_slave_1) entered forwarding state
[  810.074214][   T29] audit: type=1400 audit(1728295638.244:551): avc:  denied  { write } for  pid=10427 comm="syz.0.788" name="file0" dev="tmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  810.179875][T10168] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  810.368101][T10168] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  810.840633][   T29] audit: type=1400 audit(1728295638.244:552): avc:  denied  { open } for  pid=10427 comm="syz.0.788" path="/28/file0" dev="tmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  811.165589][ T4611] Bluetooth: hci3: command 0x0406 tx timeout
[  811.222115][   T29] audit: type=1400 audit(1728295638.274:553): avc:  denied  { ioctl } for  pid=10427 comm="syz.0.788" path="/28/file0" dev="tmpfs" ino=162 ioctlcmd=0x70ca scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  811.247210][   T29] audit: type=1400 audit(1728295638.284:554): avc:  denied  { append } for  pid=10427 comm="syz.0.788" name="file0" dev="tmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  811.271331][   T29] audit: type=1400 audit(1728295638.434:555): avc:  denied  { unlink } for  pid=9682 comm="syz-executor" name="file0" dev="tmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  811.400065][T10107] 8021q: adding VLAN 0 to HW filter on device batadv0
[  812.240516][T10107] veth0_vlan: entered promiscuous mode
[  812.324239][T10107] veth1_vlan: entered promiscuous mode
[  812.547159][T10107] veth0_macvtap: entered promiscuous mode
[  812.622923][T10107] veth1_macvtap: entered promiscuous mode
[  812.701298][T10107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  812.722743][T10107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  812.739027][T10107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  812.756643][T10107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  812.781734][T10107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  812.797605][T10107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  812.813716][T10107] batman_adv: batadv0: Interface activated: batadv_slave_0
[  812.823926][T10168] 8021q: adding VLAN 0 to HW filter on device batadv0
[  812.836734][T10107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  812.850259][T10107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  812.872685][T10107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  812.910960][T10107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  812.937915][T10107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  812.964169][T10107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  813.021841][T10107] batman_adv: batadv0: Interface activated: batadv_slave_1
[  813.050005][T10107] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  813.070218][T10107] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  813.099437][T10107] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  813.122989][T10466] binder: BINDER_SET_CONTEXT_MGR already set
[  813.155308][T10107] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  813.164532][T10466] binder: 10458:10466 ioctl 4018620d 200001c0 returned -16
[  813.582901][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  813.850615][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  814.079084][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  814.688340][T10482] block nbd1: shutting down sockets
[  814.811188][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  814.857618][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  814.959629][T10168] veth0_vlan: entered promiscuous mode
[  815.027794][T10168] veth1_vlan: entered promiscuous mode
[  816.084502][   T29] audit: type=1400 audit(1728295644.374:556): avc:  denied  { bind } for  pid=10489 comm="syz.0.795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  816.126132][T10496] netlink: 16 bytes leftover after parsing attributes in process `syz.0.795'.
[  816.170866][T10168] veth0_macvtap: entered promiscuous mode
[  816.212991][T10168] veth1_macvtap: entered promiscuous mode
[  816.290399][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  816.345127][   T29] audit: type=1400 audit(1728295644.584:557): avc:  denied  { getopt } for  pid=10489 comm="syz.0.795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  816.376839][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  816.438968][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  816.483967][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  816.494868][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  816.505896][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  816.516757][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  816.527509][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  816.540234][T10168] batman_adv: batadv0: Interface activated: batadv_slave_0
[  816.595889][ T5275] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  816.660713][T10512] xt_CT: You must specify a L4 protocol and not use inversions on it
[  816.691052][T10512] binder: 10503:10512 ioctl 4018620d 0 returned -22
[  816.782837][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  816.963436][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  816.980909][ T5275] usb 2-1: device descriptor read/64, error -71
[  817.237235][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  817.265089][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.515108][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  817.527146][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.537085][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  817.548086][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  817.792907][T10168] batman_adv: batadv0: Interface activated: batadv_slave_1
[  817.881054][T10168] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  817.892625][T10168] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  817.932922][T10168] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  817.968061][T10168] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  818.249219][ T5275] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  818.595108][ T5275] usb 2-1: device descriptor read/64, error -71
[  818.708098][ T5275] usb usb2-port1: attempt power cycle
[  819.330879][ T6693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  819.339257][ T5275] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  819.399161][ T6693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  819.535400][ T7537] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  819.543301][ T7537] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  819.645213][ T5275] usb 2-1: device not accepting address 23, error -71
[  820.887707][  T940] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  821.062083][T10560] FAULT_INJECTION: forcing a failure.
[  821.062083][T10560] name failslab, interval 1, probability 0, space 0, times 0
[  821.102054][T10560] CPU: 1 UID: 0 PID: 10560 Comm: syz.1.807 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  821.112823][T10560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  821.122923][T10560] Call Trace:
[  821.126232][T10560]  <TASK>
[  821.129211][T10560]  dump_stack_lvl+0x16c/0x1f0
[  821.133980][T10560]  should_fail_ex+0x497/0x5b0
[  821.138735][T10560]  ? fs_reclaim_acquire+0xae/0x160
[  821.143904][T10560]  should_failslab+0xc2/0x120
[  821.148617][T10560]  __kmalloc_noprof+0xcb/0x400
[  821.153414][T10560]  ? trace_kmalloc+0x2d/0xe0
[  821.158035][T10560]  ? trace_lock_acquire+0x14a/0x1d0
[  821.163285][T10560]  tomoyo_realpath_from_path+0xb9/0x720
[  821.168857][T10560]  ? tomoyo_fill_path_info+0x233/0x420
[  821.174348][T10560]  tomoyo_mount_acl+0x1af/0x880
[  821.179250][T10560]  ? hlock_class+0x4e/0x130
[  821.183824][T10560]  ? __lock_acquire+0x163e/0x3ce0
[  821.188895][T10560]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  821.194317][T10560]  ? __pfx___lock_acquire+0x10/0x10
[  821.199634][T10560]  ? stack_trace_save+0x95/0xd0
[  821.204516][T10560]  ? __pfx_lock_release+0x10/0x10
[  821.209585][T10560]  ? trace_lock_acquire+0x14a/0x1d0
[  821.214822][T10560]  ? tomoyo_mount_permission+0x146/0x410
[  821.220513][T10560]  ? lock_acquire+0x2f/0xb0
[  821.225062][T10560]  ? tomoyo_mount_permission+0x146/0x410
[  821.230731][T10560]  tomoyo_mount_permission+0x16b/0x410
[  821.236223][T10560]  ? tomoyo_mount_permission+0x146/0x410
[  821.241906][T10560]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  821.248040][T10560]  ? get_current_fs_domain+0x188/0x1f0
[  821.253529][T10560]  security_sb_mount+0x9b/0x260
[  821.258417][T10560]  path_mount+0x129/0x1f20
[  821.262868][T10560]  ? kmem_cache_free+0x152/0x4b0
[  821.267863][T10560]  ? __pfx_path_mount+0x10/0x10
[  821.272779][T10560]  ? putname+0x12e/0x170
[  821.277050][T10560]  __x64_sys_mount+0x294/0x320
[  821.281848][T10560]  ? __pfx___x64_sys_mount+0x10/0x10
[  821.287185][T10560]  do_syscall_64+0xcd/0x250
[  821.291747][T10560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.297671][T10560] RIP: 0033:0x7fa272f7dff9
[  821.302106][T10560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  821.321769][T10560] RSP: 002b:00007fa273d29038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  821.330220][T10560] RAX: ffffffffffffffda RBX: 00007fa273135f80 RCX: 00007fa272f7dff9
[  821.338208][T10560] RDX: 00000000200001c0 RSI: 0000000020000100 RDI: 00000000200000c0
[  821.346199][T10560] RBP: 00007fa273d29090 R08: 0000000000000000 R09: 0000000000000000
[  821.354210][T10560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  821.362207][T10560] R13: 0000000000000000 R14: 00007fa273135f80 R15: 00007fff21a3a888
[  821.370218][T10560]  </TASK>
[  821.647415][T10560] ERROR: Out of memory at tomoyo_realpath_from_path.
[  822.528699][  T940] usb 1-1: Using ep0 maxpacket: 8
[  822.598233][  T940] usb 1-1: device descriptor read/all, error -71
[  822.969676][T10580] sp0: Synchronizing with TNC
[  823.867138][   T29] audit: type=1400 audit(1728295652.154:558): avc:  denied  { read } for  pid=10578 comm="syz.1.812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  824.055159][ T5276] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  824.117075][   T29] audit: type=1400 audit(1728295652.404:559): avc:  denied  { remount } for  pid=10593 comm="syz.4.816" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  824.236017][ T5276] usb 4-1: device descriptor read/64, error -71
[  824.672798][T10607] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  825.565091][ T5276] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  826.533230][ T5276] usb 4-1: device descriptor read/64, error -71
[  827.546964][ T5276] usb usb4-port1: attempt power cycle
[  828.894522][ T5277] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  829.325142][ T5277] usb 3-1: Using ep0 maxpacket: 16
[  829.332559][ T5277] usb 3-1: device descriptor read/all, error -71
[  830.203371][T10664] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  830.939807][T10668] blktrace: Concurrent blktraces are not allowed on sg0
[  832.315331][   T29] audit: type=1400 audit(1728295660.204:560): avc:  denied  { ioctl } for  pid=10672 comm="syz.2.834" path="socket:[45493]" dev="sockfs" ino=45493 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  832.340134][    C0] vkms_vblank_simulate: vblank timer overrun
[  833.215406][T10694] netlink: 8 bytes leftover after parsing attributes in process `syz.2.839'.
[  833.947156][T10709] FAULT_INJECTION: forcing a failure.
[  833.947156][T10709] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  833.985247][T10709] CPU: 1 UID: 0 PID: 10709 Comm: syz.4.841 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  833.996104][T10709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  834.006221][T10709] Call Trace:
[  834.009543][T10709]  <TASK>
[  834.012523][T10709]  dump_stack_lvl+0x16c/0x1f0
[  834.017272][T10709]  should_fail_ex+0x497/0x5b0
[  834.022021][T10709]  _copy_from_user+0x30/0xf0
[  834.026649][T10709]  kstrtouint_from_user+0xd7/0x1c0
[  834.031889][T10709]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  834.037673][T10709]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  834.043359][T10709]  proc_fail_nth_write+0x84/0x250
[  834.048428][T10709]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  834.054125][T10709]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  834.059796][T10709]  vfs_write+0x28e/0x1140
[  834.064175][T10709]  ? __fget_files+0x23a/0x3f0
[  834.068891][T10709]  ? fdget_pos+0x24c/0x360
[  834.073353][T10709]  ? __pfx_lock_release+0x10/0x10
[  834.078408][T10709]  ? trace_lock_acquire+0x14a/0x1d0
[  834.083642][T10709]  ? __pfx_vfs_write+0x10/0x10
[  834.088470][T10709]  ? __pfx___mutex_lock+0x10/0x10
[  834.093552][T10709]  ? __fget_files+0x244/0x3f0
[  834.098381][T10709]  ksys_write+0x12f/0x260
[  834.102786][T10709]  ? __pfx_ksys_write+0x10/0x10
[  834.107699][T10709]  do_syscall_64+0xcd/0x250
[  834.112245][T10709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.118173][T10709] RIP: 0033:0x7f5bb4b7cadf
[  834.122613][T10709] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  834.142261][T10709] RSP: 002b:00007f5bb5992030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  834.150708][T10709] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5bb4b7cadf
[  834.158703][T10709] RDX: 0000000000000001 RSI: 00007f5bb59920a0 RDI: 0000000000000004
[  834.166721][T10709] RBP: 00007f5bb5992090 R08: 0000000000000000 R09: 0000000000000000
[  834.174722][T10709] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  834.182743][T10709] R13: 0000000000000000 R14: 00007f5bb4d36058 R15: 00007ffcfd37d598
[  834.190772][T10709]  </TASK>
[  835.897882][   T29] audit: type=1400 audit(1728295664.194:561): avc:  denied  { connect } for  pid=10728 comm="syz.4.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  835.919614][   T29] audit: type=1400 audit(1728295664.194:562): avc:  denied  { setopt } for  pid=10728 comm="syz.4.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  836.016533][T10733] FAULT_INJECTION: forcing a failure.
[  836.016533][T10733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  836.106983][T10733] CPU: 1 UID: 0 PID: 10733 Comm: syz.2.850 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  836.117764][T10733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  836.127880][T10733] Call Trace:
[  836.131203][T10733]  <TASK>
[  836.134182][T10733]  dump_stack_lvl+0x16c/0x1f0
[  836.138946][T10733]  should_fail_ex+0x497/0x5b0
[  836.143727][T10733]  _copy_from_user+0x30/0xf0
[  836.148393][T10733]  __sys_bpf+0x21c/0x49a0
[  836.152788][T10733]  ? ksys_write+0x21e/0x260
[  836.157355][T10733]  ? reacquire_held_locks+0x440/0x4c0
[  836.162775][T10733]  ? __pfx___sys_bpf+0x10/0x10
[  836.167585][T10733]  ? vfs_write+0x14d/0x1140
[  836.172152][T10733]  ? __mutex_unlock_slowpath+0x164/0x650
[  836.177849][T10733]  ? fput+0x30/0x390
[  836.181780][T10733]  ? ksys_write+0x1ad/0x260
[  836.186332][T10733]  ? __pfx_ksys_write+0x10/0x10
[  836.191233][T10733]  __x64_sys_bpf+0x78/0xc0
[  836.195698][T10733]  ? lockdep_hardirqs_on+0x7c/0x110
[  836.200937][T10733]  do_syscall_64+0xcd/0x250
[  836.205488][T10733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  836.211435][T10733] RIP: 0033:0x7f459bd7dff9
[  836.215894][T10733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  836.235732][T10733] RSP: 002b:00007f459cb5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  836.244230][T10733] RAX: ffffffffffffffda RBX: 00007f459bf35f80 RCX: 00007f459bd7dff9
[  836.252258][T10733] RDX: 0000000000000010 RSI: 0000000020000a80 RDI: 000000000000000a
[  836.260376][T10733] RBP: 00007f459cb5d090 R08: 0000000000000000 R09: 0000000000000000
[  836.268471][T10733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  836.276503][T10733] R13: 0000000000000000 R14: 00007f459bf35f80 R15: 00007ffc880478c8
[  836.284525][T10733]  </TASK>
[  837.147209][   T29] audit: type=1326 audit(1728295665.434:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.457974][   T29] audit: type=1326 audit(1728295665.464:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.816566][   T29] audit: type=1326 audit(1728295665.464:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.845111][   T29] audit: type=1326 audit(1728295665.464:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.868948][   T29] audit: type=1326 audit(1728295665.464:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.893128][   T29] audit: type=1326 audit(1728295665.464:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.917226][   T29] audit: type=1326 audit(1728295665.464:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.943501][   T29] audit: type=1326 audit(1728295665.464:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.968859][   T29] audit: type=1326 audit(1728295665.464:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  837.992668][   T29] audit: type=1326 audit(1728295665.464:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa272f7dff9 code=0x7ffc0000
[  838.445718][ T5235] Bluetooth: hci4: unexpected event for opcode 0x0c1c
[  839.515166][ T5278] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  841.806323][T10783] block nbd2: shutting down sockets
[  841.905088][ T5278] usb 2-1: Using ep0 maxpacket: 8
[  841.936454][T10792] block nbd0: shutting down sockets
[  843.776629][ T5278] usb 2-1: device descriptor read/all, error -71
[  843.900234][T10810] FAULT_INJECTION: forcing a failure.
[  843.900234][T10810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  843.926916][T10810] CPU: 1 UID: 0 PID: 10810 Comm: syz.1.875 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  843.937682][T10810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  843.947798][T10810] Call Trace:
[  843.951107][T10810]  <TASK>
[  843.954070][T10810]  dump_stack_lvl+0x16c/0x1f0
[  843.958778][T10810]  should_fail_ex+0x497/0x5b0
[  843.963507][T10810]  _copy_from_iter+0x2a1/0x1540
[  843.968437][T10810]  ? __pfx__copy_from_iter+0x10/0x10
[  843.973745][T10810]  ? __virt_addr_valid+0x1a4/0x590
[  843.978887][T10810]  ? __virt_addr_valid+0x5e/0x590
[  843.983949][T10810]  ? __phys_addr_symbol+0x30/0x80
[  843.989056][T10810]  ? __check_object_size+0x488/0x710
[  843.994415][T10810]  netlink_sendmsg+0x813/0xd70
[  843.999248][T10810]  ? __pfx_netlink_sendmsg+0x10/0x10
[  844.004615][T10810]  ? __import_iovec+0x1fd/0x6e0
[  844.009497][T10810]  ____sys_sendmsg+0xaaf/0xc90
[  844.014293][T10810]  ? copy_msghdr_from_user+0x10b/0x160
[  844.019816][T10810]  ? __pfx_____sys_sendmsg+0x10/0x10
[  844.025137][T10810]  ? __pfx___lock_acquire+0x10/0x10
[  844.030371][T10810]  ___sys_sendmsg+0x135/0x1e0
[  844.035100][T10810]  ? __pfx____sys_sendmsg+0x10/0x10
[  844.040390][T10810]  ? lock_acquire+0x2f/0xb0
[  844.044947][T10810]  ? __fget_files+0x40/0x3f0
[  844.049619][T10810]  ? fdget+0x176/0x210
[  844.053740][T10810]  __sys_sendmsg+0x117/0x1f0
[  844.058467][T10810]  ? __pfx___sys_sendmsg+0x10/0x10
[  844.063630][T10810]  ? __fget_files+0x244/0x3f0
[  844.068364][T10810]  do_syscall_64+0xcd/0x250
[  844.072903][T10810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.078914][T10810] RIP: 0033:0x7fa272f7dff9
[  844.083395][T10810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  844.103048][T10810] RSP: 002b:00007fa273d29038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  844.111498][T10810] RAX: ffffffffffffffda RBX: 00007fa273135f80 RCX: 00007fa272f7dff9
[  844.119508][T10810] RDX: 0000000000000000 RSI: 0000000020006280 RDI: 0000000000000003
[  844.127515][T10810] RBP: 00007fa273d29090 R08: 0000000000000000 R09: 0000000000000000
[  844.135524][T10810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  844.143540][T10810] R13: 0000000000000000 R14: 00007fa273135f80 R15: 00007fff21a3a888
[  844.151562][T10810]  </TASK>
[  844.216335][ T5277] usb 3-1: new low-speed USB device number 24 using dummy_hcd
[  844.295207][ T5274] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  846.374857][ T5274] usb 1-1: Using ep0 maxpacket: 8
[  846.406227][ T5277] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  846.414700][ T5277] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  846.435434][ T5274] usb 1-1: New USB device found, idVendor=05ac, idProduct=5b13, bcdDevice=92.39
[  846.444524][ T5274] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.462863][ T5274] usb 1-1: Product: syz
[  846.469067][ T5274] usb 1-1: Manufacturer: syz
[  846.473739][ T5277] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  846.489762][ T5274] usb 1-1: SerialNumber: syz
[  846.497200][ T5274] usb 1-1: config 0 descriptor??
[  846.505112][ T5277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  846.524733][ T5274] ipheth 1-1:0.0: Unable to find alternate settings interface
[  846.535501][ T5277] usb 3-1: string descriptor 0 read error: -22
[  846.541811][ T5277] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  846.564961][ T5277] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.805985][ T5277] usb 3-1: config 0 descriptor??
[  846.821845][T10807] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  846.841504][   T29] audit: type=1400 audit(1728295675.134:573): avc:  denied  { read } for  pid=10824 comm="syz.3.878" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  846.938260][T10829] blktrace: Concurrent blktraces are not allowed on sg0
[  847.661849][T10813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  847.712169][   T29] audit: type=1400 audit(1728295675.934:574): avc:  denied  { open } for  pid=10824 comm="syz.3.878" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  847.741740][ T5277] usb 3-1: can't set config #0, error -71
[  847.759160][T10813] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  847.795338][ T5277] usb 3-1: USB disconnect, device number 24
[  847.801383][   T29] audit: type=1400 audit(1728295675.934:575): avc:  denied  { open } for  pid=10824 comm="syz.3.878" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  847.883045][  T940] usb 1-1: USB disconnect, device number 32
[  848.101492][   T29] audit: type=1400 audit(1728295675.934:576): avc:  denied  { ioctl } for  pid=10824 comm="syz.3.878" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  849.641610][T10845] block nbd1: shutting down sockets
[  851.360652][   T29] audit: type=1326 audit(1728295679.654:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  851.383973][    C0] vkms_vblank_simulate: vblank timer overrun
[  851.755449][   T29] audit: type=1326 audit(1728295679.654:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  851.977914][   T29] audit: type=1326 audit(1728295679.694:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.001812][   T29] audit: type=1326 audit(1728295679.694:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.015270][T10856] mmap: syz.0.885 (10856): VmData 37597184 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  852.026010][   T29] audit: type=1326 audit(1728295679.694:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.061793][   T29] audit: type=1326 audit(1728295679.694:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.085488][   T29] audit: type=1326 audit(1728295679.694:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.109478][   T29] audit: type=1326 audit(1728295679.694:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.133598][   T29] audit: type=1326 audit(1728295679.694:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.157279][   T29] audit: type=1326 audit(1728295679.694:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.181457][   T29] audit: type=1326 audit(1728295679.694:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  852.205332][   T29] audit: type=1326 audit(1728295679.694:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10856 comm="syz.0.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cab77dff9 code=0x7ffc0000
[  853.227872][T10866] ceph: No mds server is up or the cluster is laggy
[  853.547094][ T5277] libceph: connect (1)[c::]:6789 error -101
[  854.009962][ T5277] libceph: mon0 (1)[c::]:6789 connect error
[  855.070719][    C0] ------------[ cut here ]------------
[  855.076835][    C0] refcount_t: underflow; use-after-free.
[  855.094618][    C0] WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
[  855.105862][    C0] Modules linked in:
[  855.111355][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  855.130980][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  855.159238][    C0] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  855.168102][    C0] Code: ff 89 de e8 d8 15 fe fc 84 db 0f 85 66 ff ff ff e8 eb 13 fe fc c6 05 22 8c b8 0b 01 90 48 c7 c7 c0 4d d1 8b e8 97 02 bf fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 c8 13 fe fc 0f b6 1d fd 8b b8 0b 31
[  855.189910][    C0] RSP: 0000:ffffc90000007c38 EFLAGS: 00010286
[  855.197120][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814e71a9
[  855.213783][    C0] RDX: ffffffff8de957c0 RSI: ffffffff814e71b6 RDI: 0000000000000001
[  855.222523][    C0] RBP: ffff888063aa9020 R08: 0000000000000001 R09: 0000000000000000
[  855.235057][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888063aa9020
[  855.245043][    C0] R13: 0000000000000001 R14: 0000000000000102 R15: 000000000003dbcc
[  855.265025][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  855.281123][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  855.298143][    C0] CR2: 0000001b2c1eeff8 CR3: 0000000057de0000 CR4: 00000000003526f0
[  855.313671][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  855.325036][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  855.350790][    C0] Call Trace:
[  855.355032][    C0]  <IRQ>
[  855.365078][    C0]  ? __warn+0xea/0x3d0
[  855.382486][    C0]  ? refcount_warn_saturate+0x14a/0x210
[  855.395040][    C0]  ? report_bug+0x3c0/0x580
[  855.416091][    C0]  ? handle_bug+0x54/0xa0
[  855.444422][    C0]  ? exc_invalid_op+0x17/0x50
[  855.461061][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[  855.474234][    C0]  ? __warn_printk+0x199/0x350
[  855.485007][    C0]  ? __warn_printk+0x1a6/0x350
[  855.491032][    C0]  ? refcount_warn_saturate+0x14a/0x210
[  855.498168][    C0]  ? refcount_warn_saturate+0x149/0x210
[  855.505076][    C0]  sctp_transport_put+0x12a/0x170
[  855.524254][    C0]  call_timer_fn+0x1a0/0x610
[  855.531892][    C0]  ? __pfx_sctp_generate_heartbeat_event+0x10/0x10
[  855.545034][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  855.550342][    C0]  ? __pfx_sctp_generate_heartbeat_event+0x10/0x10
[  855.556973][    C0]  __run_timers+0x6e8/0x930
[  855.561574][    C0]  ? __pfx___run_timers+0x10/0x10
[  855.566717][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  855.572418][    C0]  ? rcu_is_watching+0x12/0xc0
[  855.577316][    C0]  ? lock_acquire+0x2f/0xb0
[  855.581886][    C0]  ? run_timer_base+0x109/0x190
[  855.586857][    C0]  run_timer_base+0x111/0x190
[  855.591615][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  855.596936][    C0]  run_timer_softirq+0x1a/0x40
[  855.601782][    C0]  handle_softirqs+0x213/0x8f0
[  855.606654][    C0]  ? trace_csd_function_exit+0x173/0x1f0
[  855.612359][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  855.617757][    C0]  irq_exit_rcu+0xbb/0x120
[  855.622245][    C0]  sysvec_call_function_single+0xa4/0xc0
[  855.627974][    C0]  </IRQ>
[  855.630944][    C0]  <TASK>
[  855.633917][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[  855.640097][    C0] RIP: 0010:sched_core_balance+0x9f/0xc40
[  855.646000][    C0] Code: 40 83 1b 8e e8 32 48 0c 00 e8 dd 52 c3 09 5e 85 c0 0f 85 74 08 00 00 4c 89 e7 e8 6c 52 fe ff e8 67 be 36 00 fb 48 63 44 24 0c <48> c7 c3 80 ee 03 00 48 83 f8 07 48 89 44 24 10 0f 87 27 0b 00 00
[  855.665803][    C0] RSP: 0000:ffffffff8de07b98 EFLAGS: 00000206
[  855.671946][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff20bde99
[  855.680005][    C0] RDX: 0000000000000000 RSI: ffffffff8b6cd040 RDI: ffffffff8bd1a0c0
[  855.688150][    C0] RBP: ffffffff8de07e08 R08: 0000000000000001 R09: 0000000000000001
[  855.696223][    C0] R10: ffffffff905f370f R11: 0000000000000000 R12: ffff8880b863ee80
[  855.704254][    C0] R13: ffff8880b86288f0 R14: ffffffff815e6df0 R15: ffff8880b863ee80
[  855.712336][    C0]  ? __pfx_sched_core_balance+0x10/0x10
[  855.718002][    C0]  ? sched_core_balance+0x99/0xc40
[  855.723187][    C0]  ? __pfx_lock_unpin_lock+0x10/0x10
[  855.728571][    C0]  ? arch_scale_cpu_capacity+0x15/0xb0
[  855.734157][    C0]  ? __pfx_sched_core_balance+0x10/0x10
[  855.739807][    C0]  __schedule+0x3b2a/0x5750
[  855.744379][    C0]  ? lockdep_hardirqs_on+0x61/0x110
[  855.749697][    C0]  ? __pfx___schedule+0x10/0x10
[  855.754624][    C0]  ? cpuidle_enter_state+0x297/0x4f0
[  855.760028][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  855.765318][    C0]  ? ns_to_ktime+0x9/0x20
[  855.769748][    C0]  schedule_idle+0x5c/0x90
[  855.774228][    C0]  do_idle+0x287/0x3f0
[  855.778404][    C0]  ? __pfx_do_idle+0x10/0x10
[  855.783078][    C0]  cpu_startup_entry+0x4f/0x60
[  855.787943][    C0]  rest_init+0x16b/0x2b0
[  855.792264][    C0]  ? acpi_subsystem_init+0x133/0x180
[  855.797689][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  855.803328][    C0]  start_kernel+0x3e4/0x4d0
[  855.807929][    C0]  x86_64_start_reservations+0x18/0x30
[  855.813748][    C0]  x86_64_start_kernel+0xb2/0xc0
[  855.833992][    C0]  common_startup_64+0x13e/0x148
[  855.839443][    C0]  </TASK>
[  855.855013][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  855.862325][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc1-syzkaller-00381-g2a130b7e1fcd #0
[  855.872688][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  855.882791][    C0] Call Trace:
[  855.886108][    C0]  <IRQ>
[  855.888990][    C0]  dump_stack_lvl+0x3d/0x1f0
[  855.893662][    C0]  panic+0x71d/0x800
[  855.897652][    C0]  ? __pfx_panic+0x10/0x10
[  855.902150][    C0]  ? show_trace_log_lvl+0x29d/0x3d0
[  855.907425][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  855.912616][    C0]  ? refcount_warn_saturate+0x14a/0x210
[  855.918226][    C0]  check_panic_on_warn+0xab/0xb0
[  855.923238][    C0]  __warn+0xf6/0x3d0
[  855.927200][    C0]  ? refcount_warn_saturate+0x14a/0x210
[  855.932803][    C0]  report_bug+0x3c0/0x580
[  855.937218][    C0]  handle_bug+0x54/0xa0
[  855.941451][    C0]  exc_invalid_op+0x17/0x50
[  855.946033][    C0]  asm_exc_invalid_op+0x1a/0x20
[  855.950944][    C0] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  855.957154][    C0] Code: ff 89 de e8 d8 15 fe fc 84 db 0f 85 66 ff ff ff e8 eb 13 fe fc c6 05 22 8c b8 0b 01 90 48 c7 c7 c0 4d d1 8b e8 97 02 bf fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 c8 13 fe fc 0f b6 1d fd 8b b8 0b 31
[  855.976922][    C0] RSP: 0000:ffffc90000007c38 EFLAGS: 00010286
[  855.983045][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814e71a9
[  855.991057][    C0] RDX: ffffffff8de957c0 RSI: ffffffff814e71b6 RDI: 0000000000000001
[  855.999089][    C0] RBP: ffff888063aa9020 R08: 0000000000000001 R09: 0000000000000000
[  856.007105][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888063aa9020
[  856.015113][    C0] R13: 0000000000000001 R14: 0000000000000102 R15: 000000000003dbcc
[  856.023139][    C0]  ? __warn_printk+0x199/0x350
[  856.027978][    C0]  ? __warn_printk+0x1a6/0x350
[  856.032813][    C0]  ? refcount_warn_saturate+0x149/0x210
[  856.038410][    C0]  sctp_transport_put+0x12a/0x170
[  856.043500][    C0]  call_timer_fn+0x1a0/0x610
[  856.048148][    C0]  ? __pfx_sctp_generate_heartbeat_event+0x10/0x10
[  856.054706][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  856.059894][    C0]  ? __pfx_sctp_generate_heartbeat_event+0x10/0x10
[  856.066447][    C0]  __run_timers+0x6e8/0x930
[  856.071012][    C0]  ? __pfx___run_timers+0x10/0x10
[  856.076149][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  856.081831][    C0]  ? rcu_is_watching+0x12/0xc0
[  856.086662][    C0]  ? lock_acquire+0x2f/0xb0
[  856.091220][    C0]  ? run_timer_base+0x109/0x190
[  856.096136][    C0]  run_timer_base+0x111/0x190
[  856.100881][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  856.106151][    C0]  run_timer_softirq+0x1a/0x40
[  856.110977][    C0]  handle_softirqs+0x213/0x8f0
[  856.115801][    C0]  ? trace_csd_function_exit+0x173/0x1f0
[  856.121488][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  856.126854][    C0]  irq_exit_rcu+0xbb/0x120
[  856.131342][    C0]  sysvec_call_function_single+0xa4/0xc0
[  856.137052][    C0]  </IRQ>
[  856.140030][    C0]  <TASK>
[  856.143172][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[  856.149219][    C0] RIP: 0010:sched_core_balance+0x9f/0xc40
[  856.155081][    C0] Code: 40 83 1b 8e e8 32 48 0c 00 e8 dd 52 c3 09 5e 85 c0 0f 85 74 08 00 00 4c 89 e7 e8 6c 52 fe ff e8 67 be 36 00 fb 48 63 44 24 0c <48> c7 c3 80 ee 03 00 48 83 f8 07 48 89 44 24 10 0f 87 27 0b 00 00
[  856.174772][    C0] RSP: 0000:ffffffff8de07b98 EFLAGS: 00000206
[  856.180917][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff20bde99
[  856.188943][    C0] RDX: 0000000000000000 RSI: ffffffff8b6cd040 RDI: ffffffff8bd1a0c0
[  856.196981][    C0] RBP: ffffffff8de07e08 R08: 0000000000000001 R09: 0000000000000001
[  856.205216][    C0] R10: ffffffff905f370f R11: 0000000000000000 R12: ffff8880b863ee80
[  856.213241][    C0] R13: ffff8880b86288f0 R14: ffffffff815e6df0 R15: ffff8880b863ee80
[  856.221275][    C0]  ? __pfx_sched_core_balance+0x10/0x10
[  856.226946][    C0]  ? sched_core_balance+0x99/0xc40
[  856.232121][    C0]  ? __pfx_lock_unpin_lock+0x10/0x10
[  856.237509][    C0]  ? arch_scale_cpu_capacity+0x15/0xb0
[  856.243058][    C0]  ? __pfx_sched_core_balance+0x10/0x10
[  856.248680][    C0]  __schedule+0x3b2a/0x5750
[  856.253252][    C0]  ? lockdep_hardirqs_on+0x61/0x110
[  856.258543][    C0]  ? __pfx___schedule+0x10/0x10
[  856.263475][    C0]  ? cpuidle_enter_state+0x297/0x4f0
[  856.268837][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  856.274094][    C0]  ? ns_to_ktime+0x9/0x20
[  856.278499][    C0]  schedule_idle+0x5c/0x90
[  856.282982][    C0]  do_idle+0x287/0x3f0
[  856.287147][    C0]  ? __pfx_do_idle+0x10/0x10
[  856.291844][    C0]  cpu_startup_entry+0x4f/0x60
[  856.296705][    C0]  rest_init+0x16b/0x2b0
[  856.301056][    C0]  ? acpi_subsystem_init+0x133/0x180
[  856.306422][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  856.312080][    C0]  start_kernel+0x3e4/0x4d0
[  856.316657][    C0]  x86_64_start_reservations+0x18/0x30
[  856.322184][    C0]  x86_64_start_kernel+0xb2/0xc0
[  856.327189][    C0]  common_startup_64+0x13e/0x148
[  856.332218][    C0]  </TASK>
[  856.335685][    C0] Kernel Offset: disabled
[  856.340096][    C0] Rebooting in 86400 seconds..